New: Regulate user access to confidential data with field-level permissions

We’re excited to launch Field permissions, a feature that allows you to configure and regulate access to individual fields and keep business data secure. 

As a company grows, regulating access to business data is of utmost priority. Some data points like a customer’s banking details are confidential and it isn’t necessary for members across the team to have access to this information. With field permissions, you can now grant or revoke access to such critical fields, make them readable, editable, or hidden. 

How to configure field permissions

If you’re an admin or account admin, go to Admin Settings > Roles and click on an existing role to configure field-level permissions.

You can choose one of three levels of field access:

    • EDITABLE: When a field is made editable, a user gets complete access to the field. They can edit the field value and also use it as a filter across Freshsales.

    • READ-ONLY: When a field is set as read-only, users get limited access to the field. They can view the field value and also use it as a filter across Freshsales. However, they will not be able to make edits to the field value. 
    • HIDDEN: When a field is marked hidden, it is hidden from the users’ view and they will not find the field in Freshsales. Similarly, the user will not be able to use the field under filters.
      Learn more about field permissions here.

Here’s why you should give field permissions a go

1. Regulate access to individual fields

Your CRM is a repository of valuable customer and sales data. While module-level permissions enable you to configure access to entire sections of the CRM, you may not want to block access to an entire module for your sales folks.

For example, a Market Research Executive (MRE), may need access to the deals module but not require access to edit a particular deal field like ‘Discount percentage’ or a lead field like ‘Customer ID.’ In such a scenario, you can use field permissions to regulate access to individual fields inside a module and make the field ‘read-only.’

2. Prevent access to sensitive customer data

When your CRM is accessed by team members across hierarchies, it is crucial to set in place guardrails to restrict access to sensitive customer data and ensure that only intended users can find them.

For example, let us assume that one of your contact fields is the customer’s bank account details which should be accessed only by members from your finance team. You can hide this field for all the roles of your organization except for those in the finance team. This ensures that the exposure to the field is restricted to a limited set of eyeballs.

3. Maintain data sanity by limiting errors

You know what they say about too many cooks. When there’s a large number of users accessing the CRM, there’s always a chance for incorrect data to enter the CRM. With field permissions, this can be avoided. Configure access for those roles for whom ‘edit’ access is vital. For all other roles, the fields can be marked either ‘read-only’ or ‘hidden’.

For example, a field like Customer ID is unique, and therefore, should not be edited by anyone other than the admin. In such a scenario, the field can simply be made ‘read-only’ or ‘Hidden’ for all roles.

How do field permissions impact other Freshsales modules?

The field permissions configured for a role reflects across the accounts of users assigned to that role.

When the field is marked ‘read-only’, the field and its value will be visible to users. However, their ability to edit the field will be revoked and the edit icon will be disabled.

When the field is marked ‘hidden’, the access to the field is revoked entirely and the field is hidden to users. Users will also not be able to use the field in filters, workflows, sequences, or for generating reports. When a report is shared with users containing a hidden field, the report will not generate.


To understand this better, let us reconsider the previously discussed example–the role of ‘Market Research Executive.’

If a particular field, say ‘Customer ID’ under Leads has been hidden for this role, then, users assigned to that role will not find the field on their screen.

Here’s how the user’s access to the field will be regulated:

Landing Page:

For Users whom the field is marked ‘editable’, hovering on the field brings up the edit icon. This allows them to edit the field.

Editable landing page

For Users whom the field is marked ‘read-only’, the field value is still accessible. However, the edit icon is disabled and their ability to make changes to the field is restricted. 

Read-only-landing-page

In the case of users for whom the field is marked ‘Hidden’, the field is hidden from the user’s view and cannot be accessed on the landing page.

Hidden-landing-page

Here, you can observe how the Customer ID field is hidden for the role of Market Research Executive.

Similarly, the user cannot use the field in filters, workflows, sequences, or for generating reports.

Filters:

When a field is editable or read-only, the user will be able to use the field to filter out records.

Read-only filters

However, when the field is hidden for the role, it cannot be used in filters

Filters-Hidden

Workflows:

Similarly, for Workflows, when a field is marked editable/read-only, the user will be able to use the field as a part of the filter conditions. Users for whom the field is hidden, access to the field is restricted and the field cannot be used as a workflow trigger.

For an existing workflow, if the access to the field is revoked, the user will not be able to edit the workflow. The user can do one of two things– request the admin for access or disable the workflow.

Workflow-Hidden-field

Sequences: 

When it comes to Sales Sequences, users with editable and read-only access to a field can add the field as a part of their conditions. For users with hidden access to a field, however, the field cannot be used as a part of the conditions.

Furthermore, for an ongoing sequence, if the access is revoked, the user will not be able to edit the sequence. Instead, the user will be presented with an error message. However, the sequence will continue to run with the existing conditions.

Sales-Sequences-Hidden

Reports:

Generating reports

When creating Reports, users with editable and read-only access to a field can go ahead and add the field as a part of their conditions. For users with hidden access to a field, the field cannot be added as a part of the filter conditions.

Viewing reports

When viewing a shared report, the report will load for users with editable and read-only access.

However, if the field is marked Hidden for the role, the report will not load and the users will be presented with an error message.

Reports-Hidden-field


This shows how field permissions can secure data and restrict access to every user at a granular level. Go ahead, try out the feature, and keep your data secure.

Configure field permissions today

Field permissions are available only for Forest plan users. Read our support article on how to configure field permissions and learn better about the impact area in Freshsales.

If you’re new to Freshsales, sign up for a 21-day trial and start exploring field permissions.

Cover illustration by Ashna Liza Sunny