Users & Permissions

Currently, we are only allowed just two main user roles—Admin and User. In our business model, we have sales reps who manage sensitive, high-net-worth clients. Some workw exclusively with these clients, and we need to ensure that only he and the admins can view and manage those particular contacts. On the other hand, we also have a broader group of salespeople who handle general incoming leads. These leads go into a user we created called "house account" and then i have an automation that assigns new contacts to that user. In that same automation, i add all the sales staff as contact followers so they can still be assigned tasks and see acitivy. While this workaround helps us, it also leads to intermittent issues and additional complexity. For instance, we recently had a scenario where a contact assigned to the house account had a task created that was assigned to a sales person (different user), but due to permission limitations, when the salesperson with the assigned task viewed his tasks screen from the contacts module, the associated contact field wasn’t visible to that rep. So there was no actionable way to conduct that task. Somehow that was eventually resolved on its own. Currently, contact followers cant see "house account" conversations, which created a big problem with one of our clients. It highlighted how fragile these workarounds can be. In other words, we’re relying on automations to manage workflows that would be much simpler if we had more nuanced user role permissions built into the platform. We are also sensitive to protecting a certain salesperson's contacts and have had staff in the past reassign contact ownership to themselves. Assigning the sales staff as followers allows them to see the contact, but not change the ownership, which currently works as a solution, but it is creating all the problems that i mentioned above. We believe that adding more granular permission controls, or allowing subaccounts to create their own user roles with more options for permissions with contact would benefit many businesses like ours. It would reduce the need for these complex workarounds and ensure a smoother experience.

Currently, when a user is assigned to multiple sub-accounts in GoHighLevel, they must share the exact same permission set and access level across all of them. This limitation makes it difficult to manage users who need different roles or visibility scopes per sub-account — for example, an admin role in one client account, but only a restricted “view-only” role in another. Proposed Improvement: Enable administrators to assign unique permission levels per sub-account for the same user. Each sub-account should have its own role and permissions configuration, independent from the global user profile. Why this matters: Agencies with multiple clients or brands often have the same team members working across several accounts, but in different capacities. It would improve security, flexibility, and operational efficiency by removing the need to create duplicate users with different email addresses. Aligns with enterprise-level user management standards (similar to role-based access control per workspace). Example Use Case: A marketing manager could have full access to automation and pipelines in one client sub-account, but only reporting and conversation view access in another — all under the same login.

I would like to request an enhancement to restricts users to be able to see the previous conversations with the contacts from other users as well as the notes of other users, tasks of other users and anything related to other users. Please vote this.

I came across this issue as I have a user that already exists in my system through someone else's sub-account and now they want their own account but they purchased a plan that gives them fewer permissions but I can't remove features from their profile without it affecting the other subaccount they are in. This is definitely a limitation for my (and probably other's) use cases.

Right now it’s really difficult when we add a user because they get two links want to login and want to create their password and they always get confused. What we wanna do as first link they get to create their account first last name, phone number password and then login and then they can get a link to login and things like that

Create option in Agency company settings for agency admins/owners to turn on or off that is: "Allow all users to toggle light / dark mode individually." That way, this option is off by default, giving all GHL agencies time to write code for whichever mode they've not got code for. Turn current Custom CSS box in Agency company settings into "Custom CSS for light mode" ... and then "add Custom CSS for dark mode" right below it. Provide light/dark mode toggle for all users under "My Profile" or in upper right hand corner, similar to the light/dark mode toggle used in Community feature. Only make available if option in point #1 (above) is turned on by agency admin/owner.

Organize the user permissions button settings so that they clearly defined in hierarchal order. If there is a parent-child relationship for permissions, it should be noted. Also, add a tooltip for permissions so that we know clearly what the user will have access to.

Whilst the recent enforcement of 2FA (via email) is a welcome addition to the security of High-Level, email based 2FA is unfortunately one of the least secure 2FA methods. So, please add more 2FA options. Including at a minimum TOTP codes (a global standard) that people can use through whatever TOTP App they use. (E.g. Authy, Duo, Google Authenticator, Microsoft Authenticator etc). And at the same time, please: Allow an agency to select what 2FA options they will allow to be used across their clients. Allow Admins of a sub-account to also have this level of functionality to select what 2FA options users in their Sub-Account can use IF the Agency gives it to them.

Customized User Role Names/Types such as By Departments. Managers, Employees, Sales, Mataince, etc. GHl as they are an all in one platform and can help businesses grow.

I got to know about GHL CRM as we implemented that in my company. I loved it so much that I signed up for the agency account and have my MCTB site up already. However, as I learnt more about how the agency and subaccount relationship works and the user permissions are setup, I am really questioning whether to continue offering this service to other clients. I've noticed the agency owners by default are privy to their subaccounts complete data set, i.e. their customers, addresses, costs, etc. In other words, if I run an operational business alongside my GHL agency and I attract one of my competitors to signup with my agency (unbeknownst to them that I own the other business as well), I can run away with their entire client set and start poaching. Or, if one of your subaccounts is a medical clinic or in a highly sensitive sector, this is quite a serious breach! The decision to turn off the user permissions are left to the good graces and judgment (or ethics) of the agency owner. Personally, I find this awfully troubling & deeply concerning, especially in today's heightened privacy and data security environment. This has huge data security, privacy breach, ethical issues legal risk written all over it. Unless the client specifically grant’s you access to their data, you MUST NOT have auto access to their lifeline! I like GHL and want them to be a huge success. But this issue is more than just me or you. It’s the overall principle that we need to work out for the betterment of GHL, ours, and most importantly Clients. I have raised this issue with multiple different people from GHL, but seems like they aren't too bothered with that. here's a link to my FB post about the same: https://www.facebook.com/groups/594608437665362/user/1471297944