Users & Permissions

📌 Roles & Permissions Changing Automatically With New Features (Creating a Management Nightmare)
I need to raise this as a critical issue rather than just an idea: It seems that whenever new features are introduced (or existing ones are enhanced), permissions are automatically being enabled across existing roles without the account owner being notified or given the choice. For example: We carefully roll out features like the AI Agent for clients, with strict role-based access in place. Later, we discover that team members or third-party users (who should have minimal permissions) suddenly have full access to make changes—simply because a new update gave them that ability by default. 📌 This has resulted in clients’ set-up work being disrupted multiple times a week. This kind of behind-the-scenes change creates: 📌 Operational risk (users unintentionally breaking workflows) 📌 Security concerns (granting privileges that were never intended) 📌 A heavy management burden (we have to manually re-check permissions daily to ensure nothing broke). Request: Please, moving forward, do not auto-enable new permissions across existing roles. Instead: 📌 Default new permissions to “off” unless explicitly granted by the account admin 📌 Provide clear release notes or alerts so account owners can decide how and when to adjust access Our customers are understandably upset when their workflows get disrupted, and it places avoidable strain on agencies and business owners trying to manage users responsibly. This feels like a bug in role/permission handling rather than a feature request. Thank you for taking this seriously and helping us protect both our clients and your platform’s stability.
0
Granular, Role-Based Permissions Needed for Notes Section
Description: Currently, managing permissions for the Notes section (on contacts, opportunities, etc.) lacks the necessary granularity for effective team management and data protection. To better manage diverse teams and safeguard important information, we require finer, role-based controls over what users can do with notes. --- Problem & Use Case: Different user roles within our business require different levels of access to notes. For example: We need the ability to assign Create Only permissions to certain roles (like VAs or entry-level staff) so they can add new information without the risk of accidentally editing or deleting crucial historical notes logged by senior staff or other team members. Other team members might need the ability to Create/Edit notes to update information as situations evolve, but should still be restricted from deleting notes entirely to maintain record integrity. Full Create/Edit/Delete permissions should be reservable for administrators or specific trusted roles. Without these distinct levels, we either grant too much access (risking accidental data loss or unauthorized modification) or restrict users too much, hindering productivity. This also makes it harder to maintain data integrity and accurate historical records. --- Proposed Solution: Please implement the following distinct permission levels that administrators can assign to users specifically for the Notes section: Create Only : User can add new notes but cannot modify or delete any existing notes. Create/Edit : User can add new notes and edit existing notes, but cannot delete notes. Create/Edit/Delete : User has full control – allowing adding, editing, and deleting of notes they have access to view. --- Benefits: ✅ Improve security and data integrity by limiting modification/deletion rights. ✅ Prevent accidental loss of important client history or internal communication. ✅ Empower administrators to configure user access precisely according to job responsibilities and trust levels. ✅ Enable more secure, effective, and clearly defined team collaboration within HighLevel. Implementing these granular permissions would be a valuable improvement for managing teams and protecting data within the platform.
7
Load More