HubSpot Ideas


Restrict access to File Manager


The File area should give the ability to restrict access to folders based on Users&Team,

so that the sales team do not messes with marketing files, and some content can be restricted based on users or team

ex: area for investors -> files should not be viewable by any sales trainee working in HubSpot



49 Replies

Yes I agree, this is a huge concern for us.  A basic user has access to delete our website files, this would cause so much damage.  They might simply be trying to eliminate files thinking they don't need them.  


Also, when they add files from a record, it adds to the main file database, which will clutter the files and give all users access to sensitive files.  We need to restrict total access to the file manager, but allow attachments to records that will not be hosted in the file manager.  Also, creating folders for attachments in each record would be extremely beneficial.  Thank you


Screenshot 2019-10-30 12.44.39.png




Yes! I completely agree. I want to send personalized emails from different users with a PNG or JPEG of their signatures, but its very tricky because I don't want eveyrone utilizing our platform to have access to those signatures. Itt would be great to be able to seaparte them out by team.


Totally agree! 


Yes I agree. This is a security incident that HubSpot has, because the entry "Files" is available for all users and we've confidental information and sensite data there.

This must be solved as soon as possible!



I've found that all users in HubSpot have access to "Files", and we've there confidential information and sensitive data. This is a security incident and ubSpot doesn't have the permissions to restrict the access.

This is a situation that is urgent to solve! User Access Management is a principle that HubSpot should follow. Where is the privacy by design?


Please tell me this is not still true. Why would a user who has no Marketing access be given rights to delete website files?


HubSpot please say it isn't so. I am panicking right now.

HubSpot Product Team
Participant | Diamond Partner

I couldn't agree more! I don't necessarily want people on certain teams to have access to these files. Restricting FORM access would be nice as well! 


I agree as well. This is very dangerous. Employees may not realize they are deleting something important.


This is absolutely critical from a security perspective.


Shocked that literally anyone in our HubSpot account can access all files.


Hey guys,


EXTREME RISK AND SECURITY ISSUE, especially after the launch of the Hubspot CMS


I would like to reinforce the request for this resource, as it is extremely important.


A free user can delete all files and images from the Company's website.


Not to mention that it can also replace the image with another one with inappropriate content.


The laughter was already very high, after they launched the Hubspot CMS that enterprise companies use, made it even more complicated, since the company's entire website uses FILES to store institutional images.


Mixing users' files with files vital to the company is serious.


Any updates on this yet? I feel as though I can speak for everyone when I say thank you for listening to our concerns! Or at the very least, everyone on this string and everyone who didn't realize the file permissions issue exists in the first place — which I guarantee would be a huge number if you polled users.


Would be great to see this update made. 


@hubspot product team - is this on the roadmap?

HubSpot Product Team

Hi everyone,


Thank you for submitting your ideas on this community thread. I am updating the status of this idea to "In Planning".


We will continue to share updates on this topic on this thread.





Awesome @watanak !!! Thanks for the update!


@watanak, I am surprized that HubSpot needed someone to come up with an idea for this. This really is not a feature request. This is about averting a potential risk.


This is something that needs to be updated ASAP.

We need limited users to be able to see files based on their role.

Top Contributor

+1 here.


It's already in planning which is great, thought I'd just add my voice anyway 🙂


With the potential for any portal getting the CMS add-on/cms-hub. It becomes important to need to permission out the file manager.


  • Keep website critical files away from marketing, sales and other departments
  • Have a space for marketing content only
  • Have a space for sales, service and other departments to make use of for template building, document storage and more

For us it´s totaly the same!

We need this feature asap so that our trainees and our sales partners which are not employed by us can work in Hubspot too.
Do you already know when you have got it fixed?

Thanks in advance and best regards.


This is massively important.  There's no way we want every single contributor / user seeing all files.  The lack of ability to set permissions around this is super dangerous/unhelpful.

Glad it's in planning.