Users & Permissions

New Custom Agency Role: "Support Specialist" with Agency Tab Toggles & HIPAA Safeguards
Short Summary: We need a customizable "Support Specialist" agency role that grants global access to all sub-accounts by default, but allows admins to selectively enable or disable specific Agency-level tabs per user. This role must also include strict account exclusions or warning popups for sensitive/PHI data, backed by a comprehensive QA change log. The Problem: As agencies scale, we hire support employees who need to "stay in their lane." Currently, GHL's permission structure fails us in two major ways: Data Exposure: To allow a support agent to see the global list of sub-accounts and jump in to help clients, we have to give them Agency-level access. However, this exposes highly sensitive agency-level information (billing, agency revenue, internal settings, marketplace purchases). Support employees should never see how the agency itself operates financially. "All-or-Nothing" Permissions: We cannot customize what an agent can see at the Agency level. We can't let them look at the Sub-Accounts tab while completely hiding the Billing or Marketplace tabs. Proposed Solution: Absolute Agency Isolation (By Default) The Support Specialist role must be completely blind to sensitive Agency-level data by default. They should not see Agency Billing, Agency Settings, Team Management, SaaS Configurator, or Marketplace, keeping their primary focus strictly on navigating and accessing sub-accounts. Granular, Per-User Agency Tab Toggles Within the Team Management settings, Admins should be able to toggle specific Agency-level tabs on or off per support user. For example, an admin can enable the "Sub-Accounts" tab so the agent can see the global list and jump into any account to solve a ticket, while keeping "Billing" and "SaaS Configurator" completely hidden. Selective Account Exclusions & HIPAA Safeguards To protect client privacy, admins need a way to manage access to sensitive accounts. We propose two options: Exclusion Toggle: A simple checklist to "Exclude Access" to specific sub-accounts from that agent's global list. HIPAA/PHI Gate: A mandatory confirmation pop-up that appears when an agent attempts to enter a designated sensitive account (e.g., "Warning: This is a HIPAA-compliant account containing PHI. Do you have authorization to enter?"), which is then tracked. Robust QA Audit Logs A dedicated agency-level change log tracking actions taken specifically by these support users. To protect the business and maintain Quality Assurance, admins must be able to see: Who made the change, when, in which sub-account, and what exact setting/workflow was modified. Why This Benefits the GHL Community: Internal Security: Prevents employee data-theft, accidental deletion of critical agency assets, and exposure of confidential agency financials. Operational Flexibility: Allows agency owners to safely hire support teams to manage high-volume ticketing across all accounts without giving away the keys to the kingdom. Compliance: Gives agencies the precise control and audit trails required to sign enterprise clients and maintain strict HIPAA compliance.
0
·
New Feature
Roles and Permissions for Pipelines and more
I am currently using automations to manage opportunity visibility by dynamically adding and removing staff as "opportunity followers" based on the project stage. This is necessary to ensure each department only accesses relevant information. However, this workflow is fragile; it often fails to process correctly or conflicts when a contact has multiple active opportunities (addressed separately in https://ideas.gohighlevel.com/opportunities/p/make-opportunities-make-sense-again ), requiring constant manual intervention to correct access. I propose two feature enhancements to resolve this: Staff Roles/Groups: Introduce the ability to create custom staff roles (e.g., "Sales Team," "Office Support"). These groups should be selectable in automations (e.g., "Assign group as opportunity followers") to eliminate the need to manage individual users one by one. EDIT: Adding onto this first one, having the ability to have default permissions for these roles so when a employee is given one they assume the permission group tied to it (given that custom changes are not already made to the individual). A very basic version of this is already in place with the "User" vs "Admin" account type. Permission-Based Pipeline: Implement pipeline settings that allow pipelines, pipeline stages, lists, etc. to be restricted to defined roles or groups. Instead of relying on automations to add/remove followers, access to an opportunity would be automatically governed by the stage it currently occupies. For example, a "Sales Team" role could be granted exclusive view access to specific pipeline stages, ensuring that visibility is automatically updated as the opportunity moves throughout. These features would drastically simplify opportunity management, reduce the reliance on complex, error-prone automations, and provide a more secure, granular way to manage team access across the platform. Let me know your thoughts on this everyone! Thanks!
0
·
New Feature
Load More