The current export permission simply provide on/off functionality, you can either export everything or nothing.
It would be great to break this into more granular levels such as
- by object (including individual custom objects)
- by level i.e. can export all records / can export filtered records etc.
This would be a feature that many security teams would be pleased with, it allows us to restrict access in line with other business systems. Currently everything needs access to everything when most user just need reports or some need contacts etc.
Hoping this gets looked at!
Thanks
Weitere Ideen mit folgender Beschriftung anzeigen:
Currently, even if a user has export permissions switched off, as long as they are able to access the Reporting tool, they can create a dashboard with the information they need and include the data in an attachment. With the right software, even if the attachment is a PDF, they could easily convert that file into an Excel or other document for use outside of HubSpot.
Alongside being able to control Export permissions on a granular level, it may be beneficial to have the dashboard emailing permission split out so you can control who can do this and who can't.
I would be very keen to limit the ability to export everything and only set limited export permissions. For us we would want to allow certain users to export reports and view contacts but not have the ability to select the entire contact database and export.
For us we would want to allow certain users to export reports, forms and view contacts but not have the ability to select the entire contact database and export.
We would like our teams to be able to export their own contacts (or their teams), but not all contacts. Our teams are real estate agents and they have strict ownership of their own clients.
for me the Customer service team should not have access to export all contacts or companies , i only want them to be able to export information about tickets as thats all they want.
allowing full access to contacts and company export is a massive breach, what stops someone from dumping all contacts and then i have no idea what they are doing with that information. I'm very supprised this was not looked at during designing security and permissions
This is badly needed, the ability to export certain parts of the database would help a lot and limit the exporting of non-essential data. A lot of our team run reports and would need to export sometimes, but we are hesitant at times to enable this
we absolutely need this function as well. Some of our users need the permission to export on only one object, so I do not want them to be able to export all of our data, as this really is a high risk regarding our valuable customer data.
Lending our org's voice to this issue. Upvoted. Use case: would prefer sales reps, who want to import and export data so as to clean it in tools like Excel, only be allowed to export contacts assigned to them. Concerned about them accidentally, or maliciously, editing or overwritting others' data. And concerned about sales reps having data they shouldn't have if/when leaving the co. Export as currently implemented allows them to save a copy of everything.
I'd like to help bump this up the queue, or upvote! It's mad that the option is export everything or nothing, and to just add an approvals layer on top. We want the option for certain individuals to be able to export stuff they are an owner of, for example, or only to be able to export certain object types, or reports, lists etc. There are huge business risks when it comes to data auditing, compliance etc to just blanket give people the option to export the entire database so at my company we lock it all down and are then forced to take on the additional administrative burden within my team to get people what they neeed if/when relevant. Please consider this for an update in the future!
Thanks to everyone who has shared feedback on export permissions. Here’s where things stand and what we would love to get your thoughts on next.
1. What’s Already Supported Today Exporting already respects a user’s existing access to CRM data: Users can only export the records they can view. If a user can only see their own contacts, that’s all they can export. If they can see all tickets for their team, they can export only those tickets. In short: object access automatically controls what a user can export.
2. Do We Still Need Object-Level Export Permissions? Because exports already follow object visibility, we want to understand whether you still need additional controls like: “Allow exporting Contacts but not Tickets,” or “Allow exporting Deals but not Forms.” Given current behavior, a user with access to their own Contacts and all team Tickets can already export only those records.We’d love your input: Are there situations where the existing behavior is not enough? If so, please share examples.
3. Reporting vs. Object Export Permissions (Confirmed Need) We know users can still extract data through: Dashboard subscriptions Report exports Email attachments We agree these should be managed separately, and this will be a focus as we work toward more granular, flexible permissions overall.
Thank you again for the ongoing feedback — it directly shapes how we prioritize improvements.
Thank you for sharing this update. This topic is exactly what our organization has been struggling with, so I’d like to explain the challenges we face.
>> 2. Do We Still Need Object-Level Export Permissions?
From our perspective, “being able to view data” and “being allowed to export data” are fundamentally different. More importantly, our security and compliance teams treat them as completely separate levels of risk.
Here are the specific requirements we need to balance:
We want to restrict exports for Contacts
Contact records contain personally identifiable information such as names and email addresses. Allowing users to export this data to their local devices significantly increases the risk of data leakage.
Even if a user is allowed to view Contacts in the UI, exporting them externally should require a stricter level of approval.
We want to allow exports for Deals
Deal data often needs to be analyzed, calculated, matched, or shared using tools like Excel. While there are workarounds today, they require a lot of manual steps, and filtering conditions frequently change—so relying on current export‑adjacent features is not practical.
Unlike Contacts, our Deals do not contain sensitive personal information, so the risk profile is much lower.
Other context
We rarely—if ever—need to export Contacts at the individual contributor level, but Deal exports are required regularly across the organization. We receive many internal requests about this limitation, so having true object‑level export permissions would solve a real operational pain point. We would greatly appreciate your consideration of more granular export controls.
Thank you again for engaging the community and taking feedback seriously.
Sie müssen ein registrierter Benutzer sein, um hier einen Kommentar hinzuzufügen. Wenn Sie sich bereits registriert haben, melden Sie sich bitte an. Wenn Sie sich noch nicht registriert haben, führen Sie bitte eine Registrierung durch und melden Sie sich an.
