By default, access rights to CRM records is set as private so that the record owner and his/her manager can oversee the CRM data. However, using the Data Sharing Rules, you can extend the access rights to users belonging to other roles and groups. Once the data sharing rules are configured, users associated to other roles and groups can gain additional access to the records that belong to other users.

Note: The capabilities mentioned in this document apply only to org modules. They are not available for
team modules.
Key Features
Managing Default Data Sharing Process
You can provide the following types of access levels to user in Zoho CRM modules:
- Private: Only the record owner and his/her superior can view the record.
- Public Read only: Users can view others' records but cannot modify or delete the records.
- Public Read/Write: Users can view and modify others' records but cannot delete them.
- Public Read/Write/Delete: Other users can view, modify and delete the records.
Availability
Permission Required
Users with the Manage Data Sharing permission can access this feature.
Note
- By default, access rights to CRM records is set as private so that the record owner and his/her manager can oversee the CRM data.
- The organization-level data sharing model is not yet implemented for Notes, Reports, and Dashboards modules.
To manage default permissions
- Go to Setup
> Security Control > Roles and Sharing > Data Sharing Settings. - Click on the Default Organization Permissions tab and navigate to the particular module you want to edit.
- Click on the drop-down button to change Default Access for the module:
- Private
- Public Read Only
- Public Read/Write
- Public Read/Write/Delete

Data sharing for emails
For emails sent from Zoho CRM—including individual emails, emails sent using the organization's email address, mass emails, workflow, and others—the default sharing type will be set to Public Read/Write/Delete. You can also choose from Private, Public Read Only, or Public Read/Write for the default access type.
- Read: Allows viewing the email.
- Write: Allows replying or forwarding the email, and editing drafts or scheduled emails.
- Delete: Enables users to delete drafted or scheduled emails.
Here's how the different access types work for emails:
- When the access type is set to Private, only the email record owner (the person who sends the email) can view and reply to emails—plus any user higher than them in the role hierarchy. This ensures that those at higher levels in the organization can still access emails when necessary, even if the access type is set to Private.
- In the Public Read Only access type, every user in the organization can view emails sent by others. Additional actions, such as replying, forwarding, editing drafts, or deleting emails, are available only to the email's owner and those above them in the role hierarchy. Users at the same level or below the owner are limited to viewing emails and cannot perform these actions.
- In the Public Read/Write setting, every user in the CRM can see all emails as well as reply, forward, and edit both drafts and scheduled emails. However, users aren't able to delete emails.
- The Public Read/Write/Delete setting provides the most extensive level of access for emails. All users in the organization can view and reply to all emails, as well as edit and delete drafts or scheduled emails.
Managing Sharing Rules
The Sharing Rules tab under Data Sharing Settings allows you to create and manage custom data-sharing rules for different modules. Apart from creating new rules, in this section, you can activate, deactivate, clone, search, and filter rules efficiently.
Sharing rules are grouped based on the module they belong to, such as Leads, Contacts, Deals, and Accounts. This structured view helps you quickly locate and manage rules without unnecessary gaps.
Each rule displays key details, including:
- Shared From – The role, group, or record condition based on which the data is shared.
- Shared To – The role or group receiving access.
- Permission Levels – The level of access granted (Read, Write, Delete).
- Last Modified User & Time – Provides a quick view of:
- The date and time of the last update.
- The user who last modified the rule.
- Status – Indicates whether the rule is active or inactive.
Creating Sharing Rules
To create data sharing rules
- Go to Setup
> Security Control > Data Sharing Settings.
- Navigate to the Sharing Rules tab, and click the Create Sharing Rule button.

- In the New Sharing Rule page, do the following
Select the module from the drop-down.

Sharing Rule Name - Specify the Rule name.

Sharing Type - Select how records are shared.
Based on Record Owner:Records Shared From- Select either the roles, roles and subordinates, or groups, to share records from.

For example, the above preference would share all records owned by users with the
Sales Executive role.
Based on Criteria:
Set the specific criteria to meet your data sharing requirements.
Click the + button to add additional criteria.
Click
AND to change the filter condition to
OR and vice versa (You can also edit the criteria condition using the Edit Pattern option)

For example, the above set of criteria would share records that have New York as the billing city and have Business.
Records Shared To - Select either Roles, Roles and Subordinates, Groups, or All Users to share records to.

For example, records Shared To - Roles and Subordinates - Sales Admin would share the records with all users who have a Sales Admin role and their subordinates.
Permission - Choose the access type: Read Only, Read/Write, or Read/Write/Delete.
Superiors Allowed - Tick this checkbox to allow access to the shared records with the superiors to the particular role or group with whom the records are shared
Click Save.
Note:
- Once a data sharing rule is created, users will not be allowed to edit the rule until the execution is complete.
- If a module has 4,000,000 or more records, and 60% of them match the set rule criteria, the existing records will not be shared upon saving the rule. The customers have to reach support to share all the existing records that match the criteria. However, new and updated records that match the criteria will be shared.
- When you edit an existing sharing rule, on the Edit Sharing Page you can find details of when the rule was first created and when it was modified.

Activating or deactivating a rule
You can enable or disable a sharing rule using the toggle button available next to each rule. This provides greater flexibility in managing data access without needing to delete and recreate rules.
To activate or deactivate a rule:
- Navigate to the Sharing Rules tab.
- Locate the rule you want to modify.
- Click the toggle button to turn the rule on or off as needed.
Once deactivated, the rule will no longer apply to newly added records until it is reactivated.
Cloning a rule
If you need to create a new sharing rule similar to an existing one, you can clone the rule instead of manually configuring a new one. Cloning allows you to duplicate an existing rule within the same module and make necessary modifications.
For example, if you have a rule for sharing leads from the Eastern region, you can clone it and modify the criteria to apply to leads from the Western region.
To clone a sharing rule:
- Navigate to the Sharing Rules tab.
- Click the three-dot menu (ellipsis) icon next to the rule.
- Select Clone.
- Update the rule name and configurations as required.

- Click Save to apply the new rule.
Searching and filtering sharing rules
The search bar and filters options help you quickly locate specific sharing rules.
Searching by rule name
You can simply enter the rule name in the
search bar to find matching results. The list updates in real-time as you type.

Filtering rules
You can also refine the rule list using the filter options:
- Module Filter – View rules for a specific module or across all modules.

- Shared From – Filter rules by a specific role or group that is sharing data.
- Shared To – Select a target role or group that receives shared data.
- Superiors Inclusion – Include or exclude rules that apply to superior roles.
- Status – Filter between active and inactive rules.

To apply a filter:
- Click the filter icon.
- Select the desired filter criteria.

- Click Apply to refine the results.