Understand Roles and Role Hierarchy
What Does This Page Cover?
Learn about how you can give different departments and people of your organization specific roles and decide who reports to whom.
Availability
- Roles is accessible in all plans of Creator. Addition of new roles is possible only in the paid plans.
-
Only the
super admin, admins, and developers can create and manage Roles.
Overview
Any organization or business will have different people looking into different aspects of growing in the industry. Various departments work together to achieve this. Each department will have a head, managers, team leaders, seniors, juniors, etc. Data, being the most important and confidential part of a business, needs to be shared within these roles with utmost precaution. Considering this, data added by a superior not being accessible by subordinates who have lesser experience in data handling, makes up for a reliable method.
Roles and Role Hierarchy in Creator
User Permissions
encapsulates three triads that govern the accessibility of an application's components and the data stored in it. When you incorporate the potential of
permissions, role hierarchy, and
data sharing rules
in an application, a standardized and controlled approach of data handling can be achieved.
In Creator, Roles helps you create different types of roles for users based on their position in your organization hierarchy. After creating roles, you can:
- Assign them to the users in your organization.
- Define rules that allow the sharing of records from one role/user to another.
- Enable role hierarchy. Based on the role assigned to them, a user will be able to view the data of their subordinates but not their superiors. The Share Data with Peers option enables access of records to peers, i.e., people of the same role.
You can create and manage the hierarchical structure of your organization through each step in the Roles tab as seen below.
See How It Works
Use Case
Say there are senior sales executives and junior sales executives under the Sales Department of your business. The seniors take care of large scale orders and the juniors look after orders made by small scale businesses. The Share Data with Peers option enabled during the creation of these roles ensures that the users of the same role can view records added by each other. By enabling role hierarchy, the senior sales executives will be able to view the records added by the junior sales executives since the former stand higher in the role hierarchy.
Navigation Guide
In the Edit
mode
of the application, User Permissions is situated under the Permissions section of the Settings page. When the Roles tab is clicked, a screen appears from where you can view roles, add more of them, and manage role hierarchy.
Role Configuration
- Name - You can specify a name for the role.
- Reports to - You can choose the role under which they come, and thereby where this role stands in the hierarchy.
- Description - You can explain the purpose of the role.
Manage Role Hierarchy
- When role hierarchy is:
- Disabled - Each user assigned to a role can access only their own records according to the permission set assigned to them.
- Enabled - Users assigned to a role can access both their records and that of their subordinates, according to the permission set assigned to them.
- The record owner is the user who owns a particular report's records. They can be of two types:
- Added User: The user who adds a record in the live mode of the application is considered as the record owner.
- Field names of the Users fields, if added to a form, appear in the Record Owner dropdown. When chosen, the user who was selected in this field while adding a record will be considered as the record owner for that particular row of data.
Achieving Granular Access Control Using User Permissions
Any organization will want authority over how their data is circulated within their organization. When a systemized structure which decides how and who can access an application's data comes into place, both the management of data and its security is ensured. Using the combined power of
permissions
, role hierarchy, and
data sharing rules
helps you achieve this.
Each of the above features allows you to create a different type of exclusive access for users, to the data of an application. They work in different ways to achieve the intricate control of data that an organization needs.
Permissions vs Role Hierarchy
This table explains which records a user can access when they are assigned with the permissions listed below.
|
Permission Set Actions
|
Role hierarchy Disabled
|
Role hierarchy Enabled
|
|
View
|
Records added by them.
|
Records added by them.
|
|
Edit
|
|
|
|
View All
|
All records.
|
All records.
|
|
Modify All
|
All records.
|
All records.
|
Data Sharing vs Permissions
Data sharing rules allow the records of a report to be shared from one user/role to another. However, the shared data will be accessible by the receiver only if they have the permission to access that report.
Data Sharing vs Role Hierarchy
Data sharing rules overrule role hierarchy and allow users/roles to access shared data.
Usecase
: Say you add a user, Teresa, to an application. You assign her a role and a permission set while adding her to the application. A few scenarios are explained below to bring more clarity on how you can use User Permissions to define which records she can access.
- Scenario 1 - To let her access and delete only the records added by herself in a report, you assign her with a permission set that allows View, Edit, and Delete actions.
- Scenario 2 - To let her access both, her records and the records of her subordinates, you enable role hierarchy.
- Scenario 3 - To customize the sharing of records from a role/user to her (when she does not have access by default), you define a data sharing rule.
- Scenario 4 - To let her view all the records of a report regardless of who added it, you assign her with a permission set that allows View All/ Modify All actions.
Points to Note
- By default, a CEO role exists in all applications. They have access to all the data added by all other users in an application.
- While adding a user to an application, they need to be assigned with a role. You can either choose the default CEO role or any other role that you've added in the Roles page.
- Admins cannot be assigned with roles but can view all the data in an application.
- Developers cannot be assigned with roles.
- When role hierarchy is enabled, a superior can access the data added by their subordinate, given, they have the permission to access that report.
- When environments is enabled, the configured roles and change in role hierarchy will reflect on the users in the live mode only when the application is pushed to the Production environment.
Limitations
- The number of roles that can be added to an application depends on the plan your Creator plan. See our pricing page.
- The Roles and Role Hierarchy feature will not be applicable for the integrations forms. This implies that anyone who has access to integration form's report will have access to all the data irrespective of their role.
Related Topics
- Manage Roles and Role Hierarchy
- Understand User Permissions
- Understand Permissions
- Understand Data Sharing
- Understand Users
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
FAQs: Record Owner - Role Hierarchy
This page covers the significance of 'Reports to', determination of record owners, the relationship between Users' fields and the Record Owner dropdown, sharing data with peers, changing default record owner choices, and assigning ownership in the ...Manage Roles and Role Hierarchy
What Does This Page Cover? Learn to create a new role from the Roles tab. These roles help build the hierarchy in an organization. Availability Roles is accessible in all plans of Creator. Addition of new roles is possible only in the paid plans. ...Understand Permissions
What Does This Page Cover? Learn how you can define unique permission sets such as Read, Write, or customized ones that decide on how different users can access the records. Availability Permissions can be accessed in all plans of Creator. Addition ...Understand Users
This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version. 1. What Does This Page Cover? Learn about users who can be added to your organization and how they can access the ...Understand Data Sharing
What Does This Page Cover? Learn how the flow of data can be facilitated from between users/roles. Availability Data Sharing is accessible in all plans of Creator. Only the super admin, admins, and developers can create and manage Data Sharing. ...
New to Zoho LandingPage?
Zoho LandingPage Resources