New Custom Agency Role: "Support Specialist" with Agency Tab Toggles & HIPAA Safeguards
S
Sabrina Alderman
Short Summary:
We need a customizable "Support Specialist" agency role that grants global access to all sub-accounts by default, but allows admins to selectively enable or disable specific Agency-level tabs per user. This role must also include strict account exclusions or warning popups for sensitive/PHI data, backed by a comprehensive QA change log.
The Problem:
As agencies scale, we hire support employees who need to "stay in their lane." Currently, GHL's permission structure fails us in two major ways:
Data Exposure: To allow a support agent to see the global list of sub-accounts and jump in to help clients, we have to give them Agency-level access. However, this exposes highly sensitive agency-level information (billing, agency revenue, internal settings, marketplace purchases). Support employees should never see how the agency itself operates financially.
"All-or-Nothing" Permissions: We cannot customize what an agent can see at the Agency level. We can't let them look at the Sub-Accounts tab while completely hiding the Billing or Marketplace tabs.
Proposed Solution:
- Absolute Agency Isolation (By Default)
The Support Specialist role must be completely blind to sensitive Agency-level data by default.
They should not see Agency Billing, Agency Settings, Team Management, SaaS Configurator, or Marketplace, keeping their primary focus strictly on navigating and accessing sub-accounts.
- Granular, Per-User Agency Tab Toggles
Within the Team Management settings, Admins should be able to toggle specific Agency-level tabs on or off per support user.
For example, an admin can enable the "Sub-Accounts" tab so the agent can see the global list and jump into any account to solve a ticket, while keeping "Billing" and "SaaS Configurator" completely hidden.
- Selective Account Exclusions & HIPAA Safeguards
To protect client privacy, admins need a way to manage access to sensitive accounts. We propose two options:
Exclusion Toggle: A simple checklist to "Exclude Access" to specific sub-accounts from that agent's global list.
HIPAA/PHI Gate: A mandatory confirmation pop-up that appears when an agent attempts to enter a designated sensitive account (e.g., "Warning: This is a HIPAA-compliant account containing PHI. Do you have authorization to enter?"), which is then tracked.
- Robust QA Audit Logs
A dedicated agency-level change log tracking actions taken specifically by these support users.
To protect the business and maintain Quality Assurance, admins must be able to see: Who made the change, when, in which sub-account, and what exact setting/workflow was modified.
Why This Benefits the GHL Community:
Internal Security: Prevents employee data-theft, accidental deletion of critical agency assets, and exposure of confidential agency financials.
Operational Flexibility: Allows agency owners to safely hire support teams to manage high-volume ticketing across all accounts without giving away the keys to the kingdom.
Compliance: Gives agencies the precise control and audit trails required to sign enterprise clients and maintain strict HIPAA compliance.
Log In