We have some third party partners who are working with us on redesigning our website and marketing emails.
I'm commonly asked to provde these third party parnters with Super Admin Access. However as a business we want to restrict access to the client information we hold in the CRM and restrict the ability to export information as an information security control.
Is this possible? Is there a template for settings that will allow my marketing partners to achieve everything they need to without providing super admin access?
I've tried looking at the information on profile settings but I have found trying to customise these confusing in the past. Any advice would be great.
Yes, it's fiddly to set up the right permissions but – in my opinion – it's worth the effort.
If you have Enterprise you can set up Permission Sets to make it easy to apply a set of permissions to new Users.
Have fun
Mike
Here to learn more about HubSpot and share my HubSpot Knowledge. I'm the founder of Webalite a HubSpot Partner Agency based in Wellington, New Zealand and the founder of Portal-iQ the world's first automated HubSpot Portal Audit that helps you work smarter with HubSpot.
As a rule of thumb, there shouldn't be more than a handful of super admins in your portal. It's very common for vendors or partners to ask for super admin access because:
a) it's easy and doesn't require further discussion about which permissions exactly are needed
b) as a vendor you'll have your foot in the door
However, at the same time it's risky. Super admins can within seconds export everything, delete everything, potentially lock you out, change system settings that have legal consequences (tracking, GDPR). This permission should only ever be given if you want a vendor or partner to fully manage your portal. If they're just planning on designing assets for you, design manager permissions are core to their role and their permissions should reflect that.
I'm sometimes being invited into portals that have 15 to 20 super admins and one of the first things I do is reduce that number to 2-5.
In other words, unless there is a very specific case, they shouldn't be super admins and it's worth customizing their role. If they realize their missing permissions, you can still adjust the role or do it for them.
Best regards!
Karsten Köhler HubSpot Freelancer | RevOps & CRM Consultant | Community Hall of Famer
I made a video of the Permission Set process just now that might help. If you don't have Enterprise, then I would still follow the same process, but you will just need to do it individually per person.
Also, here is access to our template for permissions that we use for clients who don't have permissions sets (make a copy) so they can keep track of permissions better for roles. We are always trying to update it but some newer permissions may be missing so please make a copy and fill in as needed.
I made a video of the Permission Set process just now that might help. If you don't have Enterprise, then I would still follow the same process, but you will just need to do it individually per person.
Also, here is access to our template for permissions that we use for clients who don't have permissions sets (make a copy) so they can keep track of permissions better for roles. We are always trying to update it but some newer permissions may be missing so please make a copy and fill in as needed.
As a rule of thumb, there shouldn't be more than a handful of super admins in your portal. It's very common for vendors or partners to ask for super admin access because:
a) it's easy and doesn't require further discussion about which permissions exactly are needed
b) as a vendor you'll have your foot in the door
However, at the same time it's risky. Super admins can within seconds export everything, delete everything, potentially lock you out, change system settings that have legal consequences (tracking, GDPR). This permission should only ever be given if you want a vendor or partner to fully manage your portal. If they're just planning on designing assets for you, design manager permissions are core to their role and their permissions should reflect that.
I'm sometimes being invited into portals that have 15 to 20 super admins and one of the first things I do is reduce that number to 2-5.
In other words, unless there is a very specific case, they shouldn't be super admins and it's worth customizing their role. If they realize their missing permissions, you can still adjust the role or do it for them.
Best regards!
Karsten Köhler HubSpot Freelancer | RevOps & CRM Consultant | Community Hall of Famer
Yes, it's fiddly to set up the right permissions but – in my opinion – it's worth the effort.
If you have Enterprise you can set up Permission Sets to make it easy to apply a set of permissions to new Users.
Have fun
Mike
Here to learn more about HubSpot and share my HubSpot Knowledge. I'm the founder of Webalite a HubSpot Partner Agency based in Wellington, New Zealand and the founder of Portal-iQ the world's first automated HubSpot Portal Audit that helps you work smarter with HubSpot.