HubSpot Ideas

maris7

Restrict access to File Manager

Hi,

The File area should give the ability to restrict access to folders based on Users&Team,

so that the sales team do not messes with marketing files, and some content can be restricted based on users or team

ex: area for investors -> files should not be viewable by any sales trainee working in HubSpot

thanks

 

HubSpot-Updates
Status aktualisiert zu: Delivered
January 10, 2023 01:39 PM

January 10, 2023 01:39 PM

Hi everyone,

 

I am glad to announce that ability to limit team's access to the Files tool folders has been released. If you have questions, please let me know. Keep on reading for the official announcement:

 

What is it?

Working with a large team in HubSpot just got easier. Admins can now manage which teams should have access to which folders and sub-folders on their portal.

 

Why does it matter?

For admins, this update will enable you to restrict which folders other users in your account can see and edit, giving you more control over which teams have access to certain information. This will be especially helpful for companies that have several branches, where only certain branches should have access to particular folders.

 

How does it work?

All folders have their access set to "visible to all" by default and account admins can use this feature only to further restrict access.

 

To manage access to folders in the Files tools, as an admin:

  • Navigate to the Files tool (Marketing > Files & Templates > Files).
  • In folder settings, click "manage access."
  • Add the teams that should be able to view the folder and its sub-folders.
  • If further restrictions are needed at the subfolder level, go to the subfolder settings and "manage access"
    • Note: Only teams with access to the root folder can be partitioned to see the sub-folder.

For more information please check our knowledge base.

June 14, 2022 02:29 PM

hey @M4tr1xN30 ,

 

Initially partitioning will be at the folder and sub-folder levels, and only for teams. This means that individual files/individual users are not options yet to be partitioned. This will affect all Files currently visible in your Files tool - any files that do not live there are not under this feature! Once the beta is done and we are in GA I will update here with more info. Feel free to DM me as well!

 

Cam

Status aktualisiert zu: In Beta
May 31, 2022 10:49 AM

This feature is now in private beta - if you'd like to be part of it please reach out to me! 

Status aktualisiert zu: In Planning
August 10, 2021 01:45 PM

Hi everyone,

 

We are currently working to introduce folder-level partitioning for teams soon. 

 

Sincerely,
Cam

Status aktualisiert zu: In Planning
May 20, 2020 11:50 AM

Hi everyone,

 

Thank you for submitting your ideas on this community thread. I am updating the status of this idea to "In Planning".

 

We will continue to share updates on this topic on this thread.

 

Sincerely,

Kie

Status aktualisiert zu: Being Reviewed
March 25, 2020 06:35 AM

49 Kommentare
SeektheKingdom1
Teilnehmer/-in

Yes I agree, this is a huge concern for us.  A basic user has access to delete our website files, this would cause so much damage.  They might simply be trying to eliminate files thinking they don't need them.  

 

Also, when they add files from a record, it adds to the main file database, which will clutter the files and give all users access to sensitive files.  We need to restrict total access to the file manager, but allow attachments to records that will not be hosted in the file manager.  Also, creating folders for attachments in each record would be extremely beneficial.  Thank you

 

Screenshot 2019-10-30 12.44.39.png

 

 

Shera2019
Teilnehmer/-in

Yes! I completely agree. I want to send personalized emails from different users with a PNG or JPEG of their signatures, but its very tricky because I don't want eveyrone utilizing our platform to have access to those signatures. Itt would be great to be able to seaparte them out by team.

NicuEnache
Mitglied

Totally agree! 

amousinho
Mitglied

Yes I agree. This is a security incident that HubSpot has, because the entry "Files" is available for all users and we've confidental information and sensite data there.

This must be solved as soon as possible!

amousinho
Mitglied

Hello,

I've found that all users in HubSpot have access to "Files", and we've there confidential information and sensitive data. This is a security incident and ubSpot doesn't have the permissions to restrict the access.

This is a situation that is urgent to solve! User Access Management is a principle that HubSpot should follow. Where is the privacy by design?

ctyriver
Mitwirkender/Mitwirkende

Please tell me this is not still true. Why would a user who has no Marketing access be given rights to delete website files?

 

HubSpot please say it isn't so. I am panicking right now.

Status aktualisiert zu: Being Reviewed
watanak
HubSpot-Produktteam
 
hellis
Teilnehmer/-in | Diamond Partner

I couldn't agree more! I don't necessarily want people on certain teams to have access to these files. Restricting FORM access would be nice as well! 

amberleemaya
Mitwirkender/Mitwirkende

I agree as well. This is very dangerous. Employees may not realize they are deleting something important.

peterq
Mitglied

This is absolutely critical from a security perspective.

 

Shocked that literally anyone in our HubSpot account can access all files.

jcbmartins
Mitglied

Hey guys,

 

EXTREME RISK AND SECURITY ISSUE, especially after the launch of the Hubspot CMS

 

I would like to reinforce the request for this resource, as it is extremely important.

 

A free user can delete all files and images from the Company's website.

 

Not to mention that it can also replace the image with another one with inappropriate content.

 

The laughter was already very high, after they launched the Hubspot CMS that enterprise companies use, made it even more complicated, since the company's entire website uses FILES to store institutional images.

 

Mixing users' files with files vital to the company is serious.

ctyriver
Mitwirkender/Mitwirkende

Any updates on this yet? I feel as though I can speak for everyone when I say thank you for listening to our concerns! Or at the very least, everyone on this string and everyone who didn't realize the file permissions issue exists in the first place — which I guarantee would be a huge number if you polled users.

petermcmath
Mitglied

Would be great to see this update made. 

 

@hubspot product team - is this on the roadmap?

Status aktualisiert zu: In Planning
watanak
HubSpot-Produktteam

Hi everyone,

 

Thank you for submitting your ideas on this community thread. I am updating the status of this idea to "In Planning".

 

We will continue to share updates on this topic on this thread.

 

Sincerely,

Kie

amberleemaya
Mitwirkender/Mitwirkende

Awesome @watanak !!! Thanks for the update!

darshakparmar
Teilnehmer/-in

@watanak, I am surprized that HubSpot needed someone to come up with an idea for this. This really is not a feature request. This is about averting a potential risk.

mulrich
Teilnehmer/-in

This is something that needs to be updated ASAP.

We need limited users to be able to see files based on their role.

Hawk-Steve
Stratege/Strategin

+1 here.

 

It's already in planning which is great, thought I'd just add my voice anyway 🙂

 

With the potential for any portal getting the CMS add-on/cms-hub. It becomes important to need to permission out the file manager.

 

  • Keep website critical files away from marketing, sales and other departments
  • Have a space for marketing content only
  • Have a space for sales, service and other departments to make use of for template building, document storage and more
MaximilianL
Mitglied

For us it´s totaly the same!

We need this feature asap so that our trainees and our sales partners which are not employed by us can work in Hubspot too.
Do you already know when you have got it fixed?

Thanks in advance and best regards.

mgihv
Teilnehmer/-in

This is massively important.  There's no way we want every single contributor / user seeing all files.  The lack of ability to set permissions around this is super dangerous/unhelpful.

Glad it's in planning.