Privilege tuning for regional departments in Bitrix24 CRM

We have been repeatedly asked, how to solve an access permissions and scope problem in CRM for several regional representative offices in one  Bitrix24 portal .

And at the same time the administration and accounting should be done by one of structural subdivisions of main office. Such organizational scheme suits for any net structures or franchise companies.

What does the problem consist of? It is required that every employee can see only its "own" Leads, Deals, Contacts and Companies in CRM. Additionally his manager has to see all elements by managers in regions, but not in other divisions. Top managers must have access to the regions. It is a conventional hierarchical access system.

Setting company structure

We suggest to create a department in our structure for every regional office.

Structure.png

Pluses of this approach:

  • Structure is vivid.
  • It is possible to create a separate own structure for every region. The structure will be shown in a separate window.
    Structure2.png

Minuses:

  • every employee of the company will be able to see every other employee in this company. There certainly will be mistakes while searching and assigning responsible persons. If a company has more than 1000 employees there will be full namesakes like "Ivan Petrov" or "Sergey Ivanov";
  • While enabling the option to address to all employees, there will be "information garbage" in the Activity Stream. That could happen when in Ekaterinburg everyone will discuss what kind of pizza to order for a lunch, while in Volgograd office the working day just began. We suggest to disable the option to address to all employees.
    Options1.png

Setting access permissions in CRM

In order to set access permissions in CRM let's clarify employee roles. As everybody knows,it is impossible to set employee groups in Cloud version of Bitrix24. There is nothing left just to be satisfied by given list.

For convenience we have shown possible tasks and problems solving by employees in CRM in the table below. Let's appoint Groups and Roles in CRM for them.

In real life organization In Bitrix24 terms Tasks Employee groups Role in CRM
Headquarters Top level department    
Special department for interactions with regional divisions in structure of headquarters. Department    
Employee of Special department
Employee Has access to all CRM entities.Has access to sales reports. Administrators or Specific Employees Administrator
Regional division. Department    
Head of regional division Department manager Has access to all CRM entities in its region. Don't have access to CRM entities in other regions. Management Manager
Department in structure of a regional division Department    
Head of department of a regional division Department manager Has access to all CRM entities of its department. Doesn't have access to entities in other regions and departments. Management Manager
Employee Employee Has access to CRM entities created by him/her. Has "read only" access to CRM entities for his/her region and department only. Employees Employee

Roles here should be tuned as follows:

Administrator role.

Administrator_role.png

Manager role.

Notice that:

  • "User can edit settings" should be deselected;
  • Access to export should be denied.

Director_role.png

Employee role:

Notice that:

  • an employee is allowed to read and add personal and department entities, but may edit only personal ones;
  • export must be forbidden;
  • “User can edit settings” checkbox must be unchecked.

Employee_role.png

In addition to these three roles you can create intermediate "Sales manager" and give him access to rule entities but not to export them.

What to do with the rest instruments in Bitrix24

We have tuned CRM.There are several other instruments in Bitrix 24, but much less flexible that those in CRM. We tried to write out known problems and methods to solve them. Not everything can be automated in frameworks of portal. Paper instructions will help us with this.

For convenience we have gathered a Question-Answer table. Dear readers, if you have any question we can examine or any additional information for our solutions, please send it to us using form in the end of the article. Thanks!

Tasks — Can we forbid any employee to put a task to any other employee
?
No. Any employee can put a task to any other employee. It should be regulated in offline.
Calendar — How to make Unified event calendar (like corporate holidays) with possibility to connect it to every employee's personal calendar. Create an individual calendar for Administrator or Director called "Company Events", add it to the Favorite calendar section for all employees. Employees have to add it to favorites by themselves. In this case an employee will be able to see Company Events calendar it his calendar section. 
Calendar.png
Drive — How to tune access so as employees can see folders only of their own department but not others in the Company Drive. Bind Drives to working groups of every department. Then this option will work as default.
For common needs of organization it is possible to tune Drive access for All users of the company. Practice shows that such resources usually turn to "file garbage cans".
Workgroups — Is it possible to restrict workgroups scope depending on departments. When creating a group add employees only of your department and forbid visibility and publicity for others.
workgroup1.png

Activity Stream — How to restrict message scope for your department. Forbid to address "All employees" and introduce penalties for Activity Stream spam.
CRM: How to provide access to all Deals for a manager who is responsible for sales in several regions. Place the employee to several departments holding SHIFT button.
same_employee.png
How to bind a Deal to several Contacts? Create an additional field of "Bind to CRM elements" type and activate "Multiple" and "Contact" checkboxes.
Field_settings.png