HubSpot Ideas

maris7

Restrict access to File Manager

Hi,

The File area should give the ability to restrict access to folders based on Users&Team,

so that the sales team do not messes with marketing files, and some content can be restricted based on users or team

ex: area for investors -> files should not be viewable by any sales trainee working in HubSpot

thanks

 

49 Replies
Whooz
Member

Totally agree! Great that it's in planning. Any idea when can we expect a solution for this? we are looking for a new crm system and we did consider to use Hubspot CRM for this. But since this is one of the major risks ( sales colleagues interfering with marketing files and contact records) we are looking for an other solution. Would be great if this risks was taken out and we could use Hubspot CRM.

xx-OAIM
Member

Just wow. How is this not already a feature.

 

Also, FORMS! How are ALL Forms accessible to 100% of users, even with fully restricted permissions.

 

Whats the points of being able to assign Team permissions if not to restrict people access to only what they need?

 

How can you consider yourself compliant with various privacy laws when you effectively make it impossible to restricts staffs access to ONLY the information they need for their position and role?

 

We just signed onto a year Sales/Marketing Pro plan and I'm pretty horrified by this.

rwong
HubSpot Employee

Upvoting this on behalf of a customer. It's good that there's a permission for Files at the moment to restrict users from uploading new files, or editing/deleting current ones.

However, in bigger teams, it would greatly help to have a permission to restrict users from viewing these files altogether, if these users should be given the most basic access to the HubSpot tools they're using.

 

Even an option to limit file visibility by folders/files would be super useful!

amousinho
Member

Hello,

I know that HubSpot have lauched a new permission "Files", to limite the access to the documents.

"Files: toggle the switch to grant the user to add, edit, and delete files from the file manager. Users without this permission can still view files in the file manager."

 

However it's not enough!

 

You need to review this permission because the users can still "Download" the file in the file menu and "Export all Files (ZIP).

Please see below the images.

User_can_Download_FileUser_can_Download_File

User_can_Export_all_Files_ZIPUser_can_Export_all_Files_ZIP

 

Please review this permission as soon as possible!

 

Thanks,

 

cjmil
Participant

Even viewing files is a serious security issue, as the contents of the file may be sensitive. This needs to be addressed ASAP, and as a new Hubspot customer, I am shocked that the platform has been built this way. Can we have an update on this? Is there a timeline?

cjmil
Participant

Is there an update on when this issue will be resolved? It has been 'in planning' for nearly 8 months from what I can tell...

BDonnelly
Member

I have also been waiting on this feature. We have a solid Sales team that wants to use images in some of their outreach but we can't run the risk of important files being deleted or overwritten. Ideally we have a single folder that we can point specific Roles towards in the Permission settings. 

LindsayFerencz
Member

@hubspot product team can you update on the status of this feature in planning? Is it coming to Beta soon? Limiting access by role on the folder level is critically important.

CBN
Top Contributor

Serious security gap in access to documents, which should be controlled by role and team. This would never be running in our own SaaS application to more than two years after discovery.

 

Are you really serious about making something that matches our efforts?

GK2
Member

How is this not done yet? This is a huge security concern... 

CBN
Top Contributor

You really wonder ... this is a huge break of basic authorisation. As a SaaS software vendor mylself I would stop all other development until and related security issues were solves.

 

I am not in any way impressed by neither the user roles in HubSpot nor the focus (or more precisely lack of) on getting these and similar issues fixed.

 

Working on this for years now ... and not a single thing you can trust from HubSpot staff.

silveryf
HubSpot Employee

supporting this idea on behalf of a customer - we could now limit users' access to the Files tool but users with read-only access could still export files from the account. 

 

https://community.hubspot.com/t5/HubSpot-Ideas/Restrict-access-to-File-Manager/idc-p/381583/highligh...

CofJoburg
Member

Dear all

 

Whats the latest on this? Has this been fixed? 

 

I want restrictions per folder. Certain individuals should not see other folders which are not relevant to them.

 

Hubspot.JPG

FelipeFelix
Top Contributor

Please! We really need this in my Company!

My Compliance team needs access to some files attachments associated with Tickets that should be not visible to the rest of the company.

 

Best,

Felipe Felix

PaulClappers
Contributor

After 2 years of 'in planning' this really needs to be fixed ASAP! We were considering Enterprise, but then still every user has access to every file. This is a major security issue and is now really slowing us down.  

 

@watanak please fix this! 

JimMartin62
Member

Nice marketing but, HubSpot is nowhere near being a CMS that is viable to be used with any files we want to manage other than plain stuff that we might already have open to the people through methods such as CTAs, Buttons or Links to these files.

 

Have a look at this for the 10000 foot plan that is great in the boardroom, not so much in daily reality right now:

https://blog.hubspot.com/website/cms-crm-integration

 

Going beyond the security issue, most crosslinking in HubSpot is controlled such that you cannot delete things that other things rely on.  If I build a list using other lists, I am prevented from deleting lists that are being used.  If I link a web page to another web page, or a form is used in XX places, it is well well controlled to prevent me from deleting things that are in use.

 

Today I created a simple test page where I had a CTA, link and Button in a page plus an email all pointing to a PDF file.  I deleted the PDF file.  Everything broke.  Before you use files like PDF that are used by MANY people in their web pages since they open nicely into all modern browsers, make sure you understand and track who can do what with the PDFs and make sure that when you want to swap in a new version of the document, pick the document, use the "replace" option on the right side and do it that way.  If you load a new file up and want to point to it, you have to go back and manually update ALL the places that pointed to that PDF if you do no use the replace option.

 

HubSpot = Getting closer but not quite ready for prime time CMS

Jim

cacosta
HubSpot Product Team

Hi everyone,

 

We are currently working to introduce folder-level partitioning for teams soon. 

 

Sincerely,
Cam

arlogilbert
Contributor

@cacosta if there is a beta, please DM me. This has become a big problem for us.

WilliamX2021
Member

Still to this day, any user in your account can export all of your files PUBLIC OR PRIVATE, in 5 seconds. Great.

ThiagoF
Contributor

This is very disturbing. We have thousands of attachments in our customer service tickets, like contracts, personal information, billing information, that should not be visible to anyone else in our organization.

 

We've just discovered a few days ago that, literally, anyone can download ALL the files. Disturbing.

 

I have another topic where I discuss about the inability to restrict users from deleting activites.

 

At this point I really wonder if Hubspot care at all with the security of the stored information and documents.