Explore How Records Are Shared acorss Users in Zoho CRM: A Troubleshooting Guide
Scenario
In Zoho CRM, many organizations follow a hierarchical structure where administrators prefer to restrict access to superiors data from their reporting users. However, in certain scenarios, data belonging to superiors may become visible to their subordinates.
In such cases, the administrator may question WHY a superior’s data is visible to reporting users, WHAT possible data-sharing scenarios could lead to this, and HOW to prevent it from occurring in the future.
The purpose of this post is to explain the scenarios and underlying reasons in detail, raise awareness about the steps customers can take to troubleshoot the issue, and provide guidance on the information required by Zoho to investigate the matter further.
Default Record Accessibility in Zoho CRM: How It Works
Before exploring the possible reasons, it is important to first understand how a user can access a record in Zoho CRM.
Record Ownership
When the user is assigned as the owner of a specific record in Zoho CRM, they are granted access to that record by default. For example, if a user named Harry is assigned as the owner of a Lead record, Harry will be able to access and manage that record without any additional permissions.
Based on Hierarchy preference
In Zoho CRM, you could find the hierarchy preference settings under "Setup >> General settings >> Company settings >> Hierarchy preference".
1. Role hierarchy
In Zoho CRM, access to the user's data is based on the Roles. Users at a higher hierarchy can view the data of users in the subordinate roles. For example, the company called 'Ha Showroom' follows the hierarchy structure as CEO >> Sales Manager >> Sales Person. Here, the CEO or Administrator can view the entire organization's data. Meanwhile, a Sales Manager can access their own data as well as the data of all Salespersons reporting to them.
If the "Share with peers" option is enabled for a role in Zoho CRM, users assigned to that role will be able to view each other’s data. For example, if Harish and Harry are both assigned to the Sales Manager role, and the "Share with peers" setting is enabled, then Harish will have access to Harry’s data, and vice versa.
When a user is designated as the Forecast Manager for a role in Zoho CRM, they gain access to the data of all other users within that same role. For instance, if Harish is assigned as the Forecast Manager for the Sales Manager role, and Harry and Harrison also belong to this role, then Harish will be able to access the data of both Harry and Harrison. However, Harry will not have access to Harish's or Harrison's data when "Share with peers" is not enabled. Similarly, Harrison will not be able to view the data of Harish or Harry.
2. Reporting hierarchy
In Zoho CRM, a user can be assigned a Reporting Manager, who will then have access to the user’s data. Any user in a higher role within the organization's hierarchy can be assigned as a reporting manager.
For example, consider a company Ha Showroom with the hierarchy: CEO → Sales Manager → Salesperson. In this case, Harish and Harry are in the Sales Manager role, while Harrison is in the Salesperson role.
If Harish is set as Harrison’s reporting manager, then Harish will be able to access Harrison’s data. However, despite being in the same role as Harish, the user Harry will not have access to Harrison’s data unless he is explicitly assigned as the reporting manager.
Administrator Profile
Users with the Admin profile in Zoho CRM have unrestricted access to all records across all modules, regardless of their position in the organizational role hierarchy.
For example, if Harrison is assigned the Admin profile, he will be able to access every record in the CRM system. Even if Harrison is assigned to the lowest role in the hierarchy, the Admin profile grants him complete visibility—allowing access to all records, including those owned by higher-level users such as the Super Admin or CEO.
Now that we have a clear understanding of how the user can access records in Zoho CRM, let’s explore the possible reasons for data sharing.
Possible Reasons of Data Sharing with Other Users
A) User Field
When you add a User field to a module in Zoho CRM, you will see an option called "Allow Record Accessibility." Enabling this option allows the user who is associated with the field to access the corresponding record and perform the actions defined in the permission settings.
For example, if this option is enabled and the permission is set to Read Write, then any user associated through this field will have access to the record and can view and edit it accordingly.
To troubleshoot unexpected record access, cross verify whether there is any User field in the module where the "Allow Record Accessibility" option is enabled. If such a field exists, verify whether the user (who is able to access the record) is associated with that field. If they are, this setting may be the reason the user has access to the record, based on the permissions configured (e.g., Full Access, Read Write or Read Only).
B) Record-level Sharing
Navigate to the record that is accessible to the reporting user, click the ellipsis (⋯) button, select the Share option, and check if the record has been explicitly shared with the reporting user. If so, you can revoke the sharing permission to restrict access.
Note: If the Record type is listed as "Lead only" for a shared lead record, it indicates that the specific lead record has been directly shared. However, If the Record type is "Via Lead", it means that the record is being shared as part of the "With Related list" option enabled in Record sharing settings. C) Data Sharing:
Navigate to Setup (⚙️) in Zoho CRM >> Security control >> Roles and sharing >> Data sharing settings
1. Module-level Sharing
If all users data is visible within a specific module, cross verify whether the module's data-sharing permission is set to Public. If so, all users will be able to access records owned by others, regardless of their roles. To restrict access, you could change the sharing permission to Private, ensuring that users can only view their own records unless explicitly shared.
2. Data Sharing Rule
If a reporting user has access to a superior’s data, check whether a "Sharing Rule" is enabled for that specific module. If such a rule exists, you could either modify the criteria or disable the rule altogether. You can refer to this Help Link to know more about Data Sharing Rules in Zoho CRM.
Understanding the ‘Superiors Allowed’ Option in Data Sharing Rules
When the Data Sharing rule is active, it's important to check whether the "Superiors Allowed" option is enabled. This setting allows users in superior roles of the target users (with whom the record is shared) to also gain access to the shared records.
Example:
Consider the following role hierarchy:
CEO → Manager → Team Lead → Support Agent
Let’s say a data sharing rule is created to share records owned by users in the Manager role with users in the Support Agent role. Now, if the "Superiors Allowed" option is enabled for this rule, users in the Team Lead role (who are superior to Support Agents) will also be able to access the Manager's records. In this case, the Manager’s records are shared with both Support Agents and Team Leads through the same rule.
By default, Team Leads and Support Agents cannot access records owned by Managers unless granted access through an Admin profile or a sharing rule. This rule enables such access.
D) Profile and Role
Navigate to Setup (⚙️) in Zoho CRM >> General settings >> Users >> select the user.
A) Profile:
If all data within the organization is visible to a subordinate user, it is important to check whether that user has been assigned to the Administrator profile. If so, this would explain why all records are accessible to that user.
B) Role:
If a user is able to access data belonging to other users within the same role, check whether the "Share with Peers" option is enabled for that role. Please note that this option is only applicable when the hierarchy preference is set to Role Hierarchy. It will not be available when using the Reporting Hierarchy structure.
E) Territory Management:
If a territory is assigned to a record, users who have access to that territory will also be able to access the record.
For example, if the user-Harish is assigned to a territory named New Orleans, and an account record owned by Harry meets the criteria for that territory, the record will be automatically assigned to New Orleans. As a result, Harish will gain access to that account record through his territory access.
Note: Territory rules override role-based or reporting hierarchy permissions. When a territory is assigned to a record, any user with access to that territory can view the record, regardless of their role.
What we need from Partners:
Please do not skip any questions.
If the superior’s record is still accessible to the other user (who is not supposed to view) after applying all the above recommendations, then we would request you to share the following information for further investigation:
1. Share the user's Zoho CRM Org ID and email address (user who is not supposed to access the record), which would help us to check the details on our end.
2. Share a screenshot of the record (including record URL) that is being shared by the mentioned user.
3. Let us know whether all the records are being shared with the mentioned user or only a single record is being shared.
4. Share a screenshot of the Data sharing rule >> 'Default Organisation permission' page and 'Sharing rule' page. Also, share a screenshot of the Module-Level permission page.
5. Is this happening to all the users in the same role or only for a specific user? Also, is it happening with other modules as well or a specific module?
6. Enable the support access (Help Link) for the respective Zoho CRM organization so that we can verify the record and sharing details from the backend.
Ensure that the page URL is visible in all the screenshots you share in the request.
Troubleshooting Guide Created by Harish K | Zoho Partner Support
If you need any further clarifications, please don’t hesitate to contact partner-support@zohocorp.com.
Additionally, we kindly ask all "Europe and UK Partners" to reach out to partner-support@eu.zohocorp.com.