Restrict permissions for workflows (enrolling contacts in workflows)
Some people in our company create lists of contacts and then enroll them in workflows.
To allow that, we have to give them access to all workflows so they can edit them. This is a high-security risk of them being able to actually change workflows.
We need a more precise distinction here so that we can grant access only to those who should make changes to the current workflow.
Unfortunately, you cannot define this from the permission or user point of view. They can access and edit everything if you give them access to edit workflow. Unless, each workflow (assets in general in HubSpot), are assigned to a specific team. One way to address the above issue would be. 1. Defining a team of "super/automation users" within HubSpot. 2. Only assign a few users within HubSpot under that team, assuming you want to give them access to all workflow. 3. Assign all the workflows to that team.
Now only users under that team can access or edit the workflow. If you give access to the workflow to other users from the different teams, they would not be able to access the workflow that belongs to "super/automation users"
While this works if you want complete control via an all-or-nothing approach; we DO want team members to be able to build workflows but want to limit who can deploy them; or require review and approval (similar to what was implemented for content) before going live. Given the potential impact of a workflow (particularly a poorly constructed one) could have on the entire database, this seems as (if not more) important than content control in the backend.
Yes, we would love to be able to say 'lock down' a specific folder of workflows to 'view only' for all but Super admin users (ie, set permission/access levels for individuals to specific folders within workflows not just access to all workflows - also need an edit or view access for each user). That would be ideal as all teams could then see the workflow and access it if we make it visible but will be unable to edit them. This would apply to all 'global' workflows that are required for system administration/governance but if they are accidentally edited or removed, would cause a huge problem for the business!
While ultimately we would need what AdeleTib is requesting (pre-deployment approval by a super admin, etc), another mid-way approach to it would be to allow users (other than superadmins) to edit only workflows they create. It's still risky as they could create a workflow that tangles or contradicts and existing one, it is more unlikely and at least you're making sure they at least don't change an existing/approved one.
Just adding to this; it seems obvious to me that this should be a critical feature of Hubspot. From a permission perspective, why are we not able to add an option between 'view' and 'edit' that allows enrollment but not editing? We can restrict deletion, so why not enroling vs. editing? I manage the workflows for our team, and many of them are reliant on other workflows or properties etc which means that editing them without fully understanding them could backfire, and if someone jumps in to edit something thinking they're helping, it may have the opposite effect.
Please, please add this! I cannot understand why this isn't already a thing.
One way around this, is to make the enrollement criteria based on membership to a static list. Then as long as the user has permissions to create / edit lists, then they can bulk add contacts to the list and therefore enroll them in the Workflow.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.