Elena Fedianova

Restricting access to fields and comments in Bitrix24 CRM : module for Bitrix24 on-premise

Task 1. Prohibition of editing other people's comments in CRMEditing other people's comments

What a restriction looks like for a Bitrix24 user

To solve this problem, we developed the Bitrix24 access permissions module. The module does not allow editing or deleting comments of other users. It compares the ID of the current user with the ID of the user who left the comment. If they do not match, the "edit" and "delete" options are removed from the context menu. When you try to edit a message without a context menu, a message appears that someone else's comment cannot be edited or deleted.

As a result, each user can only change their own comments. The work of employees becomes more transparent with this feature. This makes employees more cautious and responsible

Here’s a guide on how to use the access permissions module 

If you would like to customize (modify or add new functions) your boxed Bitrix24 solution, fill out the form below, and we will contact you.


Task 2. Separation of access rights to Deal and Contact fields in CRM

The second task was to separate field access rights. In the Deals and Contacts section,  fields are available by default for filling and editing by all CRM users. We needed to separate access rights and field visibility for different employee groups.
So, for example, Mary can view, fill, and edit some fields, but other users cannot. At the same time, Oliver can fill in, edit and view another set of fields, while the rest cannot. 

Allocating such accesses and restrictions are not available by default in Bitrix24.

How we separated field access permissions in Bitrix24

The main task was to prohibit some users from changing certain field values. We implemented this functionality for Deals and Contacts in Bitrix24 CRM, by separating access rights between groups. The module allows the following:

  • A user can change the values ​​of the fields if he is a member of a group that has the rights to edit the values ​​of these fields.

  • Any combination of Deals fields, Deal stages and directions in the CRM has its own set of user groups that can edit the fields.

  • Each field of a Contact has its own set of user groups that can fill in, or edit the fields according to their rights.

  • Custom fields in Deals and Contacts are supported in the same way as standard fields - Accesses to them can be restricted/granted depending on groups.

The module works as a filter for filling in and updating field values. This means that the field access rights for the user are verified before the operation. The user will only be able to continue the operation with those fields that he/she is allowed to change.

Note:
These restrictions do not apply to users of the Bitrix24 Administrators group as they have ALL accesses


As a result, Deal and Contact fields are displayed in two forms: 

  • plain text - without access for editing,

  • as a field - whose value can be filled in/ updated.

For example, if a user cannot change the Name field, the form will look like this:

Lack of ability to change

The same works for the Contact form.

You can set user rights in the Administrative Panel. The page looks like this:

Setting user rights through the administrative panel

When you click on the “+”, a standard window will appear for selecting user groups.

Selecting user groups

The administrator can select one or several user groups by clicking the "Select" button. These groups will be able to edit the current field.

 

Managing the visibility of fields in Bitrix24

The next step in the implementation of the module was the field visibility function. This function restricts members of the set groups from viewing certain information in deals and Contacts and thus, ensures their confidentiality. Access for field viewing is determined by the Administrator.

  • Field values ​​are visible to a user if he is a member of a group for which these fields are defined as visible.

  • Any combination of Deal fields, Deal stages, Deal directions can be assigned to user groups who have access to them.

  • Custom Deals and Contacts fields are supported in the same way as standard fields.


Note :
Restrictions do not apply to users included in the Bitrix24 administrator's group.


Thus, users can only see the values ​​of the fields available to one or more groups in which they are included. Instead of the value of the fields, the user will see "Permission denied".


What problems does the differentiation of access permissions in Bitrix24 solve?

With the help of our module, Bitrix24 administrators can differentiate permissions for viewing, filling in and editing Deals and CRM Contact fields for different groups both from the office on a computer or using the mobile version.

The module also allows you to distribute responsibility for different stages of the transaction between employees.

Separating the accesses for filling in and edit fields, and viewing fields based on groups helps:

  • make the process of working on a deal transparent, clearly distribute responsibilities between employees,

  • prevent the dissemination of confidential information,

  • technically distribute the filling of the fields between employees and focus the attention of employees on their tasks.

As a result, with our module, you can:

  • flexibly configure employee access rights,

  • finely manage the work process - include and exclude the right people in the process / from the process at the right time.

Workflow management

If you like this solution and want to have something similar, fill out the form below - we will contact you.


Who is this new INTERVOLGA solution for? 

As already mentioned, the article describes some of the implemented project tasks. You can also check our implementation of electronic document approval.
These solutions can be used for a wide range of tasks and businesses.

Separation of accesses for field viewing and updating according to groups, and restriction of comment editing is especially important for businesses with long cycles of work with clients: when several employees are involved in working with deals and Clients, and many business operations are performed.

The ability to ensure the confidentiality of the Transaction and the Client, to limit the information available to users, allows employees to treat all clients equally. The ability to view information out of curiosity disappears, employees concentrate better on tasks, their attitude towards the client is not determined by the information available to them - their judgments are unbiased. Having the right attitude towards clients is half of the success of a business.

INTERVOLGA is the best in Bitrix24 implementation, customization and integration. We provide software solutions for  daunting business problems.


Leave us a message.
We look forward to partnering with you!

  • 12.04.2021