Elena Fedianova

Restricting access to fields and comments in Bitrix24 CRM : module for Bitrix24 on-premise


Mary, a sales representative leaves a comment on a deal card, after which she changes the deal stage.
In this new stage, Oliver, her colleague becomes the new responsible person. 

Oliver then edits Mary’s comments, but it appears as though Mary was the one who made the edit.

With standard Bitrix24 CRM functionality, this is allowed.
You can imagine the confusion and problems this can cause.
Our clients requested to change this functionality, so that no Bitrix24 user is allowed to edit another user's comment.

The second functionality they wanted is to separate user access to CRM fields - to grant certain users access to fields while other users are restricted. 

We implemented both solutions. 
This article is a description of how we achieved these customizations



Task 1. Prohibit Bitrix24 users from editing other users comments in the CRM

Editing other people's comments


What a restriction looks like for a Bitrix24 user


We developed a module to restrict Bitrix24 users from editing or deleting other users' comments.

The module compares the ID of the current Bitrix24 user with the ID of the user who left the comment. If the user IDs do not match, the "edit" and "delete" options are removed from the context menu. If the user tries to edit a comment without the context menu, a message "someone else's comment cannot be edited or deleted" appears.

As a result, each user can only edit their own comments. 

With this customization, employee work becomes more transparent. It also makes employees more cautious and responsible



Task 2. Separation of access permissions to CRM fields

The second task was to separate field access permissions. In the CRM,  All fields in contact and deal cards can be viewed and edited by all CRM users by default. We needed to separate access permissions and field visibility for different employee groups.

So, for example, 

An employee Mary should be able to view, fill in, and edit some fields on the CRM card but other users should not be able to. 
Another employee, Oliver should be able to view these fields, but not edit them.

Differentiating access permissions this way is not available by default in Bitrix24 CRM.



How we separated access permissions to fields in Bitrix24

The main task was to prohibit some users from changing certain field values. We implemented this functionality for Deals and Contacts in Bitrix24 CRM by separating access permissions between groups. The module allows the following:

  1. A user can change the values ​​of CRM fields if he is a member of a group that has access permissions to edit the values ​​of these fields.

  2. Any combination of Deals fields, Deal stages and pipelines in the CRM has its own set of user groups with access permissions for editing the fields.

  3. Each field of a Contact card has its own set of user groups that can write or edit the fields according to their access permissions.

  4. Custom fields in Deals and Contacts are supported in the same way as standard fields - writing, editing and viewing access permissions are granted depending on groups.

The module works as a filter for writing and editing field values. This means that the type of access permission a user has to any field is verified first before the operation. The user will only be able to continue the operation with those fields that he/she has access to.


With the access permissions module installed, Bitrix24 Deal and Contact fields are displayed in two forms: 

  1. as plain text - for users without access permissions for editing

  2. as an editable field - for users with editing access permissions

For example, if a user doesn't have access to change the Name field on a deal card, it will look like this:

Lack of ability to change



Access permissions for user groups can be set in Bitrix24 Admin Panel. The page looks like this:

Setting user rights through the administrative panel


When you click on the “+”, a standard window for selecting user groups to grant access appears.

Selecting user groups

The Bitrix24 administrator can select one or several user groups by clicking the "Select" button. These groups will be granted access to edit the current field.

 

Note:
These access restrictions do not apply to users who belong to Bitrix24 Administrators group.
Administrators have unrestricted access.




Managing field visibility in Bitrix24

The next step in the implementation of the module was the field visibility function. This function restricts members of certain groups from viewing certain fields in CRM deals and Contacts. 
Users who are a part of this group will be completely unaware of the existence of these fields, as they will not appear on their view of the CRM cards.

Access Permissions for viewing CRM fields is determined by the Bitrix24 Administrator.

  • Fields ​​are visible to a user only he is a member of a group that has viewing access.

  • Access permissions can be set for users/ user groups for any combination of CRM deal fields, stages, and pipelines.

  • Custom fields in deals and contacts are supported in the same way as standard fields.


With field viewing restriction, users can only see the values ​​of the fields available to the user groups they are a part of. Instead of the value of the fields, the user will see "Permission denied".



Note :
Restrictions do not apply to users in the Bitrix24 administrator group.



What problems does the separation of access in Bitrix24 solve?

With the help of our access permissions module, Bitrix24 administrators can differentiate permissions for writing, viewing, and editing CRM fields to different groups. 

The module settings page is available both on the Bitrix24 desktop and mobile versions.


The module also allows you to distribute responsibility for different stages of a deal between employees.

Separating access permissions for writing, editing and viewing CRM fields based on groups helps to:

  1. make the process of working on a deal transparent, 

  2. clearly distribute responsibilities between employees,

  3. prevent the dissemination of confidential information,

  4. technically distribute the filling of the fields between employees and focus the attention of employees on their tasks.


As a result, with our module, you can:

  1. flexibly configure employee access permissions,

  2. finely manage the work process - include and exclude the right people in the process / from the process at the right time.

Workflow management

If you like this solution and want to have something similar, fill out the form below - we will contact you.


Who is this CRM field access permissions solution for?

As already mentioned, the article describes some of the implemented project tasks. You can also check our implementation of electronic document approval.
These solutions can be used for a wide range of tasks and businesses.

Separation of access permissions for field viewing and updating according to groups, and restriction of comment editing is especially important for businesses with long cycles of work with clients: when several employees are involved in working with deals and Clients, and many business operations are performed.

The ability to ensure the confidentiality of the Transaction and the Client, to limit the information available to users, allows employees to treat all clients equally. The ability to view information out of curiosity disappears, employees concentrate better on tasks, their attitude towards the client is not determined by the information available to them - their judgments are unbiased. Having the right attitude towards clients is half of the success of a business.


INTERVOLGA is the best in Bitrix24 development -  implementation, customization and integration. We provide software solutions for  daunting business problems.

Leave us a message.
We look forward to partnering with you!
  • 12.04.2021