Boards

Ad Reporting and Attribution

APIs

App Marketplace

Ad Manager

Automations

AI Employee

Voice AI

Conversation AI

Content AI

Blog

Bulk Actions

Calendar

Call Tracking

Client Portal

Communities

Company Object

Conversations

Certificates

Contacts

Custom Objects

CRM

Dashboard

Documents & Contracts

Domains

E-commerce Stores

Email Builder

Eliza

FB/ IG Messenger

Forms

Funnels

Google My Business

HL Affiliate Portal

Integrations

Invoicing

Phone System

LC Email System

Courses

Mobile App

Media Library

Agency Onboarding

Opportunities & Pipelines

Payments

Prospecting Tool

Reporting

Reputation Management

SaaS Mode

Smartlists

Snapshots

Social Planner

Sub-account Affiliate Manager

Surveys

Tasks

Template Library

Users & Permissions

Website

Widgets

Wordpress

Listings

Chat Widget

Language - Internationalization

Payment Links

QR Codes

Quizzes

Reviews AI

POS and Mobile Payments

Reselling

Location Launchpad

HIPAA Compliance

Premium Support

Go Kollab

SEO

Marketplace new app request

RCS Messaging

Ask AI

Highlevel MCP

External Tracking

AI Knowledge Base

Agent Studio

Brand Board

Countdown Timer

Users & Permissions

Agency account should NOT have full data access to sub-accounts unless authorized

I am having issues selling sub-accounts because I have full access to the confidential data within sub-accounts. How can I turn that off? I should not be able to see the contact data from the sub-accounts unless authorized. I'm a realtor and I'm trying to sell my program but other realtors don't want to sign up because I get access to their entire database. And I should not have access to this. That is a massive breach of confidentiality.

📌 Roles & Permissions Changing Automatically With New Features (Creating a Management Nightmare)

I need to raise this as a critical issue rather than just an idea: It seems that whenever new features are introduced (or existing ones are enhanced), permissions are automatically being enabled across existing roles without the account owner being notified or given the choice. For example: We carefully roll out features like the AI Agent for clients, with strict role-based access in place. Later, we discover that team members or third-party users (who should have minimal permissions) suddenly have full access to make changes—simply because a new update gave them that ability by default. 📌 This has resulted in clients’ set-up work being disrupted multiple times a week. This kind of behind-the-scenes change creates: 📌 Operational risk (users unintentionally breaking workflows) 📌 Security concerns (granting privileges that were never intended) 📌 A heavy management burden (we have to manually re-check permissions daily to ensure nothing broke). Request: Please, moving forward, do not auto-enable new permissions across existing roles. Instead: 📌 Default new permissions to “off” unless explicitly granted by the account admin 📌 Provide clear release notes or alerts so account owners can decide how and when to adjust access Our customers are understandably upset when their workflows get disrupted, and it places avoidable strain on agencies and business owners trying to manage users responsibly. This feels like a bug in role/permission handling rather than a feature request. Thank you for taking this seriously and helping us protect both our clients and your platform’s stability.

"Manage Smart Lists" In "Contacts" Menu Disappears When User Permissions > "Settings" Toggle is Off.

Desired Result / Issue Resolution: "Manage Smart Lists" should not be affected at all by the "Settings" toggle under User Permissions. Instead, it should be affected by the "Contacts" toggle in User Permissions. -------------------- Issue Description: Currently, when the "Settings" toggle is turned [OFF] in a User's Permissions, the "Manage Smart Lists" sub-page in the "Contacts" dashboard disappears. This prevents the User from being able to edit, share, or delete their own "Smart List" / "Saved Filters" in the "Contacts" dashboard view. The issue is compounded because a "Smart List", once created, is not accessible to anyone but the User who created it. Not even Account or Agency Admins can access a User's "Smart List" / "Saved Filter" by default. Should the User want to delete their own "Smart Lists", in this scenario, they would be prevented from doing so - unless the User Permission for "Settings" was turned [ON] (which is NOT acceptable due to what the actual Settings menu includes by default, and a "User" should not have access to). STEPS TO REPLICATE ISSUE: Create new Team Member of type: "User". Open an incognito browser tab and log into the SaaS with the User account's credentials. In a different browser tab where you are logged in as an Admin or Agency Admin, turn [OFF] the User Permission "Settings" toggle for the 'test User' you logged in with in Step 2. Save the changes to the User. Switch to the incognito tab from Step 2 where you are logged in as the "User". Refresh the page. Navigate to Contacts in the left menu. Notice you do not have the "Manage Smart Lists" tab/page/section. Now create a new "Smart List" / "Saved Filter". Make sure that shows up next to where the "All" button is at the top of your Contact List. Notice you have no way to delete this newly-created "Smart List". In the other browser tab where you are logged in as an Admin / Agency Admin, go to the "Contacts" area. Notice that the "Smart List" you created in Step 4 is not shown. (It is only shown to the "User" that created it.) This means you cannot delete or manage that User's "Smart List". (Apparently, "Smart Lists" are only seen by the User/Admin who created it. That is, until they share it with others in the same Location / Sub-account by going into the "Manage Smart Lists" area and clicking the "Share" icon & choosing some options.) Security Risk: Most Admins want to manage their Users' access to potentially confidential and/or sensitive information & controls within the HighLevel Location / Sub-account. Should a User need help removing / deleting any "Smart List" from their account, an Admin would need to turn [ON] the "Settings" toggle in "User Permissions". This would expose the confidential and/or sensitive information & controls within the HighLevel Location / Sub-account while allowing the User to also gain access to the necessary "Manage Smart Lists" area found in "Contacts" giving the User the ability to delete (or manage) whatever "Smart Lists" they wanted to.

Admin Permission & Only Assigned Data Configuration

Gives Lead Data permission to all users. Please review this subaccount ID: niBIyiaZh7FKNOHTTvMB I had to put them back to "User." We need to fix this ASAP for our client.

Improve the sending of the email for new user being added into subaccount

When an admin user is being added into a subaccount he receives the email that a new user has been added into subacc. https://i.imgur.com/GoemqCs.png It should be improved and exclude the user himself receiving this email. You can send it to other admin users in that subacc (if they exist) but not to the just being added admin user

🚨CRITICAL: Privacy breach in "Roles & Permissions"

Despite turning all permissions off, users are able to access other user's information, including booking appointments on other user's calendars and blocking off their times when calendar permission is enabled. Furthermore, user has access to dialer pad at the top right which can result in misuse and abuse, depending on user's role. There are other bugs as well such as UI bugs. I've attached screenshots. Please fix these privacy bugs at your earliest convenience.

Agency users should be allowed to see only assigned data to some sub-accounts and all data to others

ACCESS DATA FOR AGENCY USERS - HELP!!! I've added a team member to my agency. He is a sales of my agency (THAT REQUIRES ONLY ASSIGNED DATA) but also need to give him access to all the customers with whom he has the commercial relationship to keep in touch, upsell ecc. The problem is that in my agency subaccount he needs to have access only to assigned data while in the customers subaccount access to all data but if i set "only assigned data" he has that option to all assigned subaccounts. I tried to change permission from inside a specific sub account from "only assigned data" to "all data" but the setting changed globally for this user that has now access to all the datas o my agency subaccount.

New user verification email that actually works

When a new user is added to a sub-acount, the email that they get is system generated with the subject line of: "Activate Your Account | < location.name >". The email has their email address (username) and a button to login. From here, the first experience a user gets with the platform falls apart... Generally speaking, no-one is going to input a password when creating a new user. So, the new user can't log in. Even if they did add a password for the new user, they now have to go the extra steps to get that password to the user. So, as it stands, one of the following has to occur AFTER creating a new user: the user has to use the 'forgot your password' feature. the account admin (or an agency admin) has to go into the system and send the new user a password reset email. ... either way, these options are ridiculous and really leave a bad experience for new users. A newly created user should have an auto-generated verification token and the system generated email should include that in the initial login url. Once the token is used (i.e., first page visit) it is no longer valid. But the presence of that token routes the user to a 'create a password' page... Honestly, this is web app 101 stuff nowadays.

Major Bug in User Permissions

“Communities” and “Client Portal” are new features, but they aren’t listed under MyStaff>Team Management>User Permissions so they can not be hidden and thus are accessible by all users. Cross ref: Bug in SaaS Configurator

Automatically delete users when their associated subaccount is deleted

→