HubSpot Ideas


Restrict permissions for workflows (enrolling contacts in workflows)

Some people in our company create lists of contacts and then enroll them in workflows. 


To allow that, we have to give them access to all workflows so they can edit them. This is a high-security risk of them being able to actually change workflows.


We need a more precise distinction here so that we can grant access only to those who should make changes to the current workflow.

4 Commentaires
Membre | Partenaire solutions Diamond

Unfortunately, you cannot define this from the permission or user point of view. They can access and edit everything if you give them access to edit workflow. Unless, each workflow (assets in general in HubSpot), are assigned to a specific team. One way to address the above issue would be.
1. Defining a team of "super/automation users" within HubSpot.
2. Only assign a few users within HubSpot under that team, assuming you want to give them access to all workflow.
3. Assign all the workflows to that team.

Now only users under that team can access or edit the workflow. If you give access to the workflow to other users from the different teams, they would not be able to access the workflow that belongs to "super/automation users"


While this works if you want complete control via an all-or-nothing approach; we DO want team members to be able to build workflows but want to limit who can deploy them; or require review and approval (similar to what was implemented for content) before going live. Given the potential impact of a workflow (particularly a poorly constructed one) could have on the entire database, this seems as (if not more) important than content control in the backend. 


Yes, we would love to be able to say 'lock down' a specific folder of workflows to 'view only' for all but Super admin users (ie, set permission/access levels for individuals to specific folders within workflows not just access to all workflows - also need an edit or view access for each user). That would be ideal as all teams could then see the workflow and access it if we make it visible but will be unable to edit them. This would apply to all 'global' workflows that are required for system administration/governance but if they are accidentally edited or removed, would cause a huge problem for the business!


I hope this feature will be available soon.

While ultimately we would need what AdeleTib is requesting (pre-deployment approval by a super admin, etc), another mid-way approach to it would be to allow users (other than superadmins) to edit only workflows they create. It's still risky as they could create a workflow that tangles or contradicts and existing one, it is more unlikely and at least you're making sure they at least don't change an existing/approved one.