Users & Permissions

Currently, we are only allowed just two main user roles—Admin and User. In our business model, we have sales reps who manage sensitive, high-net-worth clients. Some workw exclusively with these clients, and we need to ensure that only he and the admins can view and manage those particular contacts. On the other hand, we also have a broader group of salespeople who handle general incoming leads. These leads go into a user we created called "house account" and then i have an automation that assigns new contacts to that user. In that same automation, i add all the sales staff as contact followers so they can still be assigned tasks and see acitivy. While this workaround helps us, it also leads to intermittent issues and additional complexity. For instance, we recently had a scenario where a contact assigned to the house account had a task created that was assigned to a sales person (different user), but due to permission limitations, when the salesperson with the assigned task viewed his tasks screen from the contacts module, the associated contact field wasn’t visible to that rep. So there was no actionable way to conduct that task. Somehow that was eventually resolved on its own. Currently, contact followers cant see "house account" conversations, which created a big problem with one of our clients. It highlighted how fragile these workarounds can be. In other words, we’re relying on automations to manage workflows that would be much simpler if we had more nuanced user role permissions built into the platform. We are also sensitive to protecting a certain salesperson's contacts and have had staff in the past reassign contact ownership to themselves. Assigning the sales staff as followers allows them to see the contact, but not change the ownership, which currently works as a solution, but it is creating all the problems that i mentioned above. We believe that adding more granular permission controls, or allowing subaccounts to create their own user roles with more options for permissions with contact would benefit many businesses like ours. It would reduce the need for these complex workarounds and ensure a smoother experience.

In order to maintain data quality it would be helpful to allow users to assign tags to contacts/opportunities but not actually be able to create new ones. At the moment I can either stop a user from assigning and creating a tag or just view tags. The issue is that with the current approach it reduces data quality as some users are creating new tags where its not needed, or creating miss-spelled tags or creating duplicate tags as they are using a different word for the same thing.

I would like to request an enhancement to restricts users to be able to see the previous conversations with the contacts from other users as well as the notes of other users, tasks of other users and anything related to other users. Please vote this.

At the moment, there is just Admin and User, most of our sub accounts what to create groups for specific departments and control it via department control, not just on a per user basis, its a nightmare with large organisations

When setting up the user we would like to see a 2nd field for email from. The current "user email" for login and where a user can receive notifications in there normal inbox would remain. The 2nd field where outbound emails from GHL will be sent. This will allow prospects to receive an email from LC/Mailgun that looks personalized and not a system looking email (on the behalf of).

Currently, the ability to secure objects or folders is limited to specific modules rather than being a standard for all objects across the platform. Have a single unified security architecture so I can secure folders or objects everywhere as desired based upon users/groups.

I came across this issue as I have a user that already exists in my system through someone else's sub-account and now they want their own account but they purchased a plan that gives them fewer permissions but I can't remove features from their profile without it affecting the other subaccount they are in. This is definitely a limitation for my (and probably other's) use cases.

need ability to set a default from email for user instead of the log-in email. my users like to use a person email for login, such as their gmail but we need the ability to set a default send from that reflects the company url for brand consistency and email deliverability.

I propose the development of an advanced access control feature within our "Conversations" tool that allows admins to customize and filter user permissions across a wide range of communication channels, including social media platforms (Instagram, Facebook, TikTok, LinkedIn, Pinterest), messaging services (SMS, WhatsApp), and business profiles (Google Business Profile). This feature will provide admins with granular control over who can view and manage communications on each platform, enhancing security, efficiency, and compliance. Key Benefits: Comprehensive Security and Compliance: By controlling access at a granular level, businesses can ensure that only authorized personnel handle sensitive communications, adhering to both internal security policies and external regulatory requirements. Customized User Access: Tailor access permissions according to team roles, responsibilities, or departmental needs. This allows for a flexible and secure delegation of tasks, ensuring that team members have the necessary tools to perform their duties efficiently without unnecessary access. Streamlined Operations: Reduce clutter and improve focus by ensuring that each team member accesses only the communication channels relevant to their work. This optimization prevents distractions and minimizes the risk of errors, fostering a more productive environment. Implementation Considerations: User Groups and Individual Settings: Enable permissions to be set for both individual user accounts and predefined groups, facilitating easier management at scale. Dynamic Access Control: Provide an intuitive interface in the admin dashboard for real-time updates to access permissions as team roles or responsibilities evolve. Audit Trails: Implement logging of all changes to access settings to provide clear accountability and historical access data, which can be crucial for compliance and monitoring. Technical Requirements: Scalable Permissions Architecture: Ensure the system can handle a potentially large number of rules and conditions without performance degradation. Integration with Existing Systems: The feature should seamlessly integrate with existing channel management and user authentication frameworks to leverage established workflows and security measures. I believe this enhanced access control feature is crucial for organizations that manage multiple channels of communication, providing them with the tools needed to maintain control over their digital interactions securely and efficiently.

Any user with access to Settings > My Profile can connect their personal Gmail or Outlook to the CRM through Email (2-way sync). There is no way for an admin or agency to restrict who can do this. This is a problem for teams that need to enforce how email flows through the CRM. EXAMPLES: Agencies managing client sub-accounts where personal inbox syncing is off-policy Teams that route all email through a shared or compliant sending setup Accounts with compliance or data-handling rules that do not allow personal inboxes connected to client data CURRENT WORKAROUND: Only workaround is hiding the card with custom CSS or JS, which does not actually disable the feature. It is cosmetic, breaks across updates, and does not survive the settings iframe. It is not a real control. REQUEST: Add a permission toggle that controls access to Email (2-way sync), similar to existing user permission settings.