Tips, Tricks & Best Practices

PZickert
Participant

Security Settings for Sales team

SOLVE

Does anyone have any good recommendations for security settings for sales people?  In know how to do and change the settings, I am more or less looking for recommendations on what they should and shold not be able to edit, delete, change. etc.  

0 Upvotes
2 Accepted solutions
karstenkoehler
Solution
Hall of Famer | Partner
Hall of Famer | Partner

Security Settings for Sales team

SOLVE

Hi @PZickert,

 

This depends on your sales organisation. For example, do you want sales reps to see their contacts only? This can make sense when the team is competitive and you don't want reps to go after another person's contacts.

 

Here are a few other thoughts:

 

Be careful with import permissions. Imports can bulk change associations (hard to reverse), all property values, including the contact owner. That means that import can bulk change contact access and gain view or edit access to contacts they previously didn't own.

 

Don't grant export permissions. Otherwise any user could just leave the company with an Excel file of all contacts. It's not allowed but it would be possible.

 

Be careful with delete permissions, both individual and bulk delete. I rarely grant these, people rarely complain which means that this is an easy potential catastrophe you can avoid.

 

Grant viewing but not editing permissions of marketing and service assets. It's crucial for sales to have a 360 degree view of what's happening but they don't need to be able to edit assets.

 

Do not let sales reps edit property settings. This can be the equivalent of bulk deletion without an option to reverse it. It can also damage data quality (redundant properties, duplicate values etc).

 

Enforce two-factor authentification. This simply makes sense for security reasons. You don't want anyone to be able to login with an email and password alone.

 

Be generous with reporting permissions, within the limits of their owned records, of course. If people want to analyze what they're doing, let them. Reports can be recreated, if necessary. Little damage can be done.

 

No need to give any permissions from the "Account" tab. Sales reps shouldn't install apps (this should managed centrally), they shouldn't be able to edit users, teams, account defaults etc.

 

Entirely different story for sales managers and sales operations, of course. They might need some of these permissions to maintain data quality, clean up, integrate business intelligence solutions and so on.

 

Let me know if you have questions about any of these!

Karsten Köhler
HubSpot Freelancer | RevOps & CRM Consultant | Community Hall of Famer

Beratungstermin mit Karsten vereinbaren

 

Did my post help answer your query? Help the community by marking it as a solution.

View solution in original post

PZickert
Solution
Participant

Security Settings for Sales team

SOLVE

Thank you!  Very helpful.  Question- a sales manager is asking me to open up to the sales reps the ability to change any account owner within our instance.  We are in the midst of changing many accounts right now and my feeling is they don't want the burden of making all the account changes themselves and letting the sales reps do this on their own.  Is that too much to open up?  they want these open until June 1st too.  Honestly makes me a bit nervous.

View solution in original post

0 Upvotes
3 Replies 3
PZickert
Participant

Security Settings for Sales team

SOLVE

Thannk you both very much, this helps!  One other question, where it has Marketing contacts access

Let users set marketing contacts and create assets.  Is there anyway I can let my users set these marketing contacts, but not have access to create assets?
0 Upvotes
PZickert
Solution
Participant

Security Settings for Sales team

SOLVE

Thank you!  Very helpful.  Question- a sales manager is asking me to open up to the sales reps the ability to change any account owner within our instance.  We are in the midst of changing many accounts right now and my feeling is they don't want the burden of making all the account changes themselves and letting the sales reps do this on their own.  Is that too much to open up?  they want these open until June 1st too.  Honestly makes me a bit nervous.

0 Upvotes
karstenkoehler
Solution
Hall of Famer | Partner
Hall of Famer | Partner

Security Settings for Sales team

SOLVE

Hi @PZickert,

 

This depends on your sales organisation. For example, do you want sales reps to see their contacts only? This can make sense when the team is competitive and you don't want reps to go after another person's contacts.

 

Here are a few other thoughts:

 

Be careful with import permissions. Imports can bulk change associations (hard to reverse), all property values, including the contact owner. That means that import can bulk change contact access and gain view or edit access to contacts they previously didn't own.

 

Don't grant export permissions. Otherwise any user could just leave the company with an Excel file of all contacts. It's not allowed but it would be possible.

 

Be careful with delete permissions, both individual and bulk delete. I rarely grant these, people rarely complain which means that this is an easy potential catastrophe you can avoid.

 

Grant viewing but not editing permissions of marketing and service assets. It's crucial for sales to have a 360 degree view of what's happening but they don't need to be able to edit assets.

 

Do not let sales reps edit property settings. This can be the equivalent of bulk deletion without an option to reverse it. It can also damage data quality (redundant properties, duplicate values etc).

 

Enforce two-factor authentification. This simply makes sense for security reasons. You don't want anyone to be able to login with an email and password alone.

 

Be generous with reporting permissions, within the limits of their owned records, of course. If people want to analyze what they're doing, let them. Reports can be recreated, if necessary. Little damage can be done.

 

No need to give any permissions from the "Account" tab. Sales reps shouldn't install apps (this should managed centrally), they shouldn't be able to edit users, teams, account defaults etc.

 

Entirely different story for sales managers and sales operations, of course. They might need some of these permissions to maintain data quality, clean up, integrate business intelligence solutions and so on.

 

Let me know if you have questions about any of these!

Karsten Köhler
HubSpot Freelancer | RevOps & CRM Consultant | Community Hall of Famer

Beratungstermin mit Karsten vereinbaren

 

Did my post help answer your query? Help the community by marking it as a solution.