Zoho CRM Admin Tip: Profiles and Roles
Do you have situations at your company where you want certain people to see other people's work and not see certain other people's work? For example, do you have a sales team and want salespeople in a region to see each other's work but not see the work of people in another region? Another example might be where certain advisors and their administrative staff see each other's work and not the work of other advisors and their respective administrative staff. There are often important reasons why not everyone should be able to see everyone's work in an organization.
Do you have situations at your company where you don't want everyone to be able to do the same things in the CRM. For example, are there modules that pertain to certain departments and not to others? Do you want to prevent certain staff from being able to delete things in CRM? Do you want everyone to be able to make batch updates or administer other user's settings? There are often important reasons why everyone should not be able to do everything possible in CRM.
Well, the way to manage what people can "see" and "do" in CRM is based on an important structure of the CRM. This structure is that every record in Zoho CRM has an Owner. There cannot be a record without an owner. Making use of the Owner structure of Zoho CRM, then you can define what owners can "see" what and what owners can "do" what.
What people can "see" in Zoho CRM is dictated by their Roles and what people can "do" in CRM is dictated by their Profile.
For this example, we'll take a Financial Planner's office with two Advisors, Advisor 1 and Advisor 2. Each have an administrative staff, Admin Staff 1 and Admin Staff 2, respectively. The organization requires that Advisor 1 and Admin Staff 1 see each other's work but not see Advisor 2 and Admin Staff 2's work. Each numbered Advisor and Staff see each other's work - so Advisor 1 and Admin Staff 1 see each other's work and Advisor 2 and Admin Staff 2 see each other's work.
To set this up in the Roles would be as follows. Go to the Setup, then Users and Control, then Security Control.
Next Select the Roles tab and set up your hierarchy of roles as you would want them setup at your organization. In this example, the roles are set up in the hierarchy described earlier on.
Data Sharing Settings
Next go to Data Sharing Settings. For the global settings, change from public for all modules to private. If you select public for your module sharing, then everyone will see everyone's work. This may be the requirement at your organization. If not, then set all the modules to private. In the next step, I'll show how to share records among certain people within the organization.
NOTE: whenever you change the settings, ensure to click the 'Compute All' button so that your changes go through. It can be frustrating to make changes and not see them and wonder if what you are doing it not working. It may be all solved by clicking the 'Compute All' button.
Scroll down to Sharing Rules. Create sharing rules to share data with the Roles you set up earlier. In this case you see that the Role of Advisor 1 shares data with the Roles of Admin Staff 1 and the Role of Advisor 2 shares data with the Role of Admin Staff 2.
You can also create Groups and share by Groups. When you create a new Sharing Rule, you have the option to share by Role (and Subordinates) or Groups.
To create a new Group go to the Setup, then Users and Control, then Users
Then select the tab for Groups.
When you create a new Group, you will see that the reason to use Groups is you have a lot more flexibility for permissions. You can create Groups down to the User level or granularity. Whereas with Sharing Rules, you can only create permissions down to the level of the group..
Next, I recommend to make your own profiles if you have a lot of customization to add. When you create a new profile, you can clone an existing profile like the Administrator or the Standard profiles. to set up Profiles, go to the Setup, the Users and Control, the Security Control.
The first tab is the Profiles tab. You will see below that there are two custom profiles, the Advisor profile is a clone of the Administrator profile and the Administrative Staff is a clone of the Standard Profile.
Open the Profile, and edit the settings of what the users assigned to this Profile can "do". In this example, Administrative staff cannot delete records in any of the modules. There are many setting in this page so scroll down and discover all the ways you can manage what your users can do in the CRM.
Assigning Profiles and Roles
Now that your Roles and Profiles are set up, its time to ensure that all users are assigned to their correct Roles and Profiles. To check this, go to Setup, then Users and Control, then Users.
The first tab that opens is the User tab where you'll see all your users. Edit a user by clicking the small pencil next to their name.
Ensure that the Role and Profile for the user is correctly assigned.