Managing User & Record Security in Zoho CRM

Jan 4, 2021 | General

Knowing the best way to configure Users within Zoho CRM can be daunting. Which of the many options provided will be best for your organization? Roles, Profiles, Tab Groups, Data Sharing, & Territory Management… so many choices!  Of course, it is important to ensure your employees have access to the data they need to perform their job functions but what about everything else? The first step is really understanding the difference between configuring a User Profile versus a User Role. Let’s dig in…




A User Profile dictates what a person can DO and what they cannot DO!  Permission settings inside of Profiles allow you to set access rights to modules and features. Out of the box, Zoho CRM provides two system-defined Profiles. One is the Administrator profile, which is set up to allow access to all modules and capabilities. When creating a new profile to customize for your organization, we recommend you clone an existing profile. The Administrator profile has all options turned on so if you will be granting liberal access to a new role, consider cloning this profile then go in and remove options. Alternately, if you are creating a profile with limited scope, clone the other system defined profile (Standard) and begin adding options. 

Profiles also allow you to set up access to entire modules (does Stan from shipping need access to the Invoices module?) as well as which actions the User can perform. For example, Beth from AR may be able to view and edit items within Sales Orders but she should not be able to delete records; and Beth should be able to send email from the CRM but her intern should not be allowed to do so. For that, she would need to see a manager. 

Now, User Roles are all about what a person can see or not see. These define the visibility of your data and Zoho CRM comes with two system-defined Roles – CEO and Manager. Surprisingly, the CEO role has little to do with your company’s org chart and hierarchy. It’s meant to provide access to all the records in the entire database without exception – a person with this role will be able to see EVERYTHING! Create multiple roles to control data access permissions and restrictions. 

Something important to note is how these data roles coincide with your company hierarchy. Managers can view and edit their subordinates’ records but cannot view each others’ data. If that option needs to be present, then investigate the “Share Data with Peers” option. 

“Share Data with Peers” is an option within the editing of roles. By enabling this option, users with the same role can share data. 

When deciding how to set up user groups using Roles and Profiles, note that when a Role and a Profile have conflicting settings, the Profile overwrites the Role. 

While Roles are hierarchy based, Zoho CRM provides an alternate option for companies that have a territory based structure. Territory Management provides another layer of record organization allowing companies to set how data is shared within a region. Now, these regions do not need to be geographical; they could be indicative of industry, product line or even verticals. There are many reasons to use Territory Management. If you think this might be a good fit for you, click here to learn more! 

Another way to determine module availability is to utilize Tab Groups. Different departments within your organization may use different modules. Tab groups allow you to organize which modules are available to these departments within your Zoho CRM. For example, your sales team may only need to access Leads, Contacts, Accounts, and Deals tabs.  You can set up Tab Groups by going to Setup > Customization > Modules and Fields > Tab Groups. Note that users must have permission to the module at the module level as well. If they are not set up with access at the module level, even if they have permission to the module within the tab group, they will not be able to see the module. 

So there you go, you are now prepared to start planning access and data rights within your organization’s Zoho CRM. If you have any questions or need some consulting on additional best practices and how to apply these to your specific needs, don’t hesitate to reach out! Our team is recognized by Zoho as one of the best in the business.

AspenTech CRM1-866-880-4228