Demyan Seleznev

Setting user rights in Bitrix24

This article was translated automatically. We are working over improving the translation.

Please send your questions about the article to

How do access rights work in Bitrix24 and why are they needed at all?

In a serious company, the division of access rights is an indispensable thing for moving from chaos and anarchy to order and organization. Access rights are needed so that all employees fulfill their specific duties, without being distracted by the tasks and duties of other employees.

Proper installation of access rights primarily affects the organization and discipline of employees, which contributes to an increase in overall efficiency and productivity. In addition, the differentiation of access rights increases the information security of your company.

To properly establish access rights, you must first understand them: what they can be applied to and what they are.

First we will take a section of the Group for consideration, they are also the Social Network Groups, they are also Projects

There are two types of groups: Public and Private. The difference between them is that users can join Public groups at will, and Private - only by direct invitation or after approval by the moderator. In addition, in the group itself, the Administrator has his own set of settings with which he can regulate the rights of moderators and regular users of the group.

Also groups are Visible and Invisible. Visible groups are displayed in the general list of groups and in the search, invisible ones are not displayed. All groups are visible to the resource manager.

How to open the access rights settings panel for a group:

What interesting things can be set up here:

Access rights inside CRM

The CRM module has a wide range of access rights settings. This is implemented using the so-called "Roles CRM". For each of the roles there is a list of entities and rights to them. And for each entity, you can configure the permissions for an action, for example, reading or editing. It is even possible to regulate access rights for each of the stages of a CRM Transaction or lead. Created "CRM Roles" can be tied to users, user groups, employees and departments.

Where to find permission settings for CRM:

CRM Transactions also have the ability to create additional transaction directions (called Pipelines in the west). This will be convenient for large companies that implement several business lines or have different types of transactions.

How to create an additional transaction direction:

When editing access rights for a CRM Role for each of the transaction directions, you can set your own access rights:

Consider a real example. The chief in charge of one direction should be temporarily assigned to control the directions of the transactions of another chief. For such cases, it is possible within the framework of a single CRM Role to grant this employee the right only to read and add for the direction that he oversees.

Create a CRM Role and set the necessary settings: for the desired direction of transactions in the columns "Reading" and "Adding" we will add the rights "All open":

After that, you need to add access rights for the user:

And then choose the appropriate CRM Role for it:

Since the employee temporarily performs duties, the position does not need to be changed.


In telephony, as well as in CRM, there are settings for roles. For each role, access to all entities associated with telephony is defined. The types of access rights that can be assigned to roles are not identical, but most of them are similar: for some entities there is only “no access” and “any”, for others there is a full setting of access “No access” - “Own” - “Own + his department "-" Any. " As in the CRM settings, you can assign roles to Users, User Groups, Employees and Departments, and Social Network Groups.

Consider such a case: in some companies there is a strict control over the process of communicating an employee with a client over the phone. To ensure control, employees are hired - the so-called “Verifiers”, whose task is to wiretap and analyze all conversations.

Open the list of Telephony Roles settings and add a new role:

Let's call our role "Verifier" and add the necessary access rights:

Add a user to the list of users with access rights:

Apply the created role to the user:

Business processes

For each individual business process being created, there are access rights settings. They can be applied to users, user groups (which are created and defined in the administrative panel), employees and departments, and social network groups (groups discussed earlier). After adding access rights, you need to select an access level. It can be from “completely absent” to “full access”. Access levels include Add and Read, and Add and Read in the administrative panel; Change with and without restrictions.

Separation of access rights is needed to systematize the workflow departments. For example, in order to keep records of the company's personnel, the personnel department should be granted access rights to Reading business processes of the “Vacation application” type, “Travel application” type.


Each folder or file has its own access settings. Initially, they are set up so that only the creator of the folder on his Disk has full access to the content. However, it is possible to give access to the desired folder or file, not only to users, but to groups of users and even entire departments. Access rights have the following order: read, edit, write, full access. Each subsequent right includes all previous rights, and full access also allows you to delete content.

How to get to the folder access settings menu on the Disk:

This menu looks like this:

We give the user rights to read the folder:

It should be noted that the folder to which the user has been granted access will not appear immediately on his Disk. For this to happen, the user must accept the invitation to connect the folder to his Disk. Despite the fact that the access rights were issued, the user still does not see the folder on his Disk:

Bitrix24 automatically sends an alert about access to the folder on the Disk. The user can refuse the invitation to connect the folder to his Disk.

The folder connection prompt is instantly displayed to the user.:

After the user has accepted the invitation, the folder will be visible on his Disk:

Open lines

The access rights settings of the Open lines are very similar to the Telephony settings. Here is where you can find them:

They look like:

Popular questions related to access rights and answers to them

Q: How to make a task created in a CRM Transaction available for viewing to those who are not directly involved in it? A: You can then use the Private group as a project to create a Task.

Do this:

Log in as a user who is a member of the specified group and see the list of tasks for this group:

However, the user is not a member of the task:

This also works with tasks that are attached to a CRM entity.

Q: What restrictions on access rights can be used to prohibit the editing of comments or, for example, activities in Buzz CRM? A: Unfortunately, there is no direct and simple solution to this issue in the cloud version of Bitrix24. But you can purchase a boxed version and contact us, we will definitely solve your problem.


We found out why access rights are needed and how they are implemented in Bitrix24. They learned how to set them up and even saw specific examples where they can not be avoided. But if you are too lazy to figure it out or if you don’t have time - order the setting of access rights from INTERVOLGARU, leaving the application in the form below.

This article was translated automatically. We are working over improving the translation.

Please send your questions about the article to

  • 20.05.2019