Full Module-Level Access Control for Custom Profiles in Zoho Projects

Full Module-Level Access Control for Custom Profiles in Zoho Projects

Hello Zoho Projects Team,
We hope you are doing well.

We would like to submit a feature request regarding access control limitations in custom user profiles within Zoho Projects.


Current Behavior:
We created a custom profile intended for support agents, where the goal is to allow view-only access to the Issues section, so they can track bugs submitted via the Zoho Desk integration.


While this works partially, users assigned to this profile can still access additional project modules that are unrelated to their role, including:
  • Documents (including attachments and files)
  • Users (list of all internal and client users in the project)
  • Vani tab (even if not connected)
  • Collaboration section (Feed, Calendar, Chat)


This happens even though the intention is to restrict them to a very limited, issue-focused view.


Why this is a problem:
This creates both security and usability concerns:
  • Exposure to sensitive project files and internal information
  • Visibility into users and project structure that should remain restricted
  • Access to irrelevant modules that create confusion
  • Lack of true “least privilege” access control
  • Makes it difficult to safely expose Projects to external or semi-external users (such as support teams)


From a system design perspective, defining a custom profile should allow full control over what a user can and cannot see, not just partial restriction.


Requested Enhancement:
We kindly request the ability to fully control module visibility and access at the profile level.

This should include:

  • Ability to completely hide specific modules (Documents, Users, Collaboration, Vani, etc.)
  • Granular control over visibility vs. access (view / no access)
  • Ensuring users only see modules explicitly enabled in their profile
  • Consistent enforcement across all project areas (UI and navigation)


Benefits:
  • Stronger security and data protection
  • True role-based access control (RBAC)
  • Cleaner and simpler UI for restricted users
  • Better support for external or limited-access users
  • Safer integration scenarios (e.g., Zoho Desk → Zoho Projects)
  • Improved enterprise readiness of Zoho Projects

This enhancement is essential for organizations that need strict control over user visibility and access within projects.


Thank you for considering this request and for continuously improving Zoho Projects.

Kind regards,
Ram