Access controls for sales organisations - A complete guide

Roles hierarchy and access controls protect your data in two ways: by restricting access to unauthorised data and by protecting your data from prying eyes. Learn how you can implement these modules of CRM security in your business and keep your data accessible, yet secure.

Access controls for sales organisations - A complete guide

“Salespeople are not comfortable using CRM tools”

We have heard it multiple times from business owners, executives, and sales managers. “But why?”

Sales data is confidential and the salespeople need to be assured that their opportunities are visible only to them and to their superiors. If everyone is able to view and access each others’ information, it can lead to a sure-shot disaster.

You read it right. Too much information, too many privileges, and too much visibility can lead to misuse of data, stealing of opportunities, and create difficulty in performing the jobs efficiently.

What are these privileges and how to ensure you restrict them and give away only necessary information to your sales team? We will take a closer look.

In this article, we will learn

  • How are sales teams structured?
  • Sales CRM and Security features
  • How does the role hierarchy model work?
  • What are “Permissions and visibility”?
  • What is a “Profile”?
  • What is a “Role”?
  • What is a “User”?
  • What are the differences between roles and profiles?
  • Summary

How are sales teams structured?

Before we jump into the nitty-gritty of restricting privileges and sharing information, let us first understand the typical structure of sales teams.

The structure of functional sales organisation refers to the segmentation of the sales team into specialised groups based on the regions they serve, the number of products/services they offer, the size of the sales team, and the industry.

Frank V. Cespedes (senior lecturer of business administration at Harvard Business School) highlights four common structures of the sales organisation, in his book “Aligning Strategy and Sales”. They are structured as follows:

  • By product/service line,
  • By customer/account size,
  • By industry/vertical segment
  • By geography/territory
Sales team structure

Although structuring the sales team is imperative to boost your sales, it would be more efficient when the right people are given the right privileges. The ability to assign the appropriate privileges can be granted to you by role hierarchy and profile permissions in sales CRM software.

Sales CRM and Security features

Role hierarchy and profile permissions provide the right privileges to your sales team. At the same time, they also keep the data secure and safeguard your confidential information from unauthorized access. In other words, the CRM security feature enables the security of your data in two ways: by restricting access through role hierarchy and by providing permissions through profiles.

How does the role hierarchy model work?

Security and sharing play a major role in any sales organisation. Information should be shared among the users without violating security concerns. The role hierarchy model does just that. It provides access to the information that is relevant to the user.

The role hierarchy model in CRM software typically consists of four important pillars: Permissions and visibility, User, Role, and Profile. All these elements of the hierarchy model work in tandem to allow the users to access the information they need to know and avoid unauthorised access to data. Simply put, they determine what your sales team or the users can see and do inside the CRM.

Let us learn more about Permissions, Users, Roles, and Profiles.

What are “Permissions and visibility”?

Permissions and visibility is an organisational-wide security setting.

In simpler words, with permissions and visibility, you can have a baseline visibility set for each module in your organisation. This is known as the ‘org-wide default’ (organisational-wide default or OWD).

When permissions are set to “Public”, all the users can see and perform actions (provided by profile) on all records in the organisation.

When permissions are set to “Private”, the users can view and perform actions on the records that are owned by them, assigned to them, and the records of users in the lower hierarchical role than them.

OWD works on all Modules i.e Leads, Contacts, Accounts and Opportunities

For example, Opportunities that are set to “Private” allows the users to see only the Opportunities they own and all the Opportunities of users below their hierarchy.

Modules that are set to “Public” allow any user to see all the information associated with that particular module.

Note: Roles are effective only when permissions are set to “Private”.

Permissions and visibility also allow the admin to activate peer-to-peer sharing. This sharing access allows the users to see the data of their peers who are in the same role hierarchy. Peer to Peer sharing is also an organisation-wide setting.

What is a "Profile"?

Profiles determine what Modules (Lead, Contact, Account, Opportunity, Activity, Quotation, Message, and Tags) the user has access to and what they can do with that module. It manages what users can do in your functional sales organisation. This involves CRUD operations (C=Create; R=Read; U=Update; D=Delete), Import and Export operations, and Away message operations.


  • For business modules: Create, Read, Update, Delete, Import, and Export operations are allowed.
  • For quotation, activity, and tags modules: Create, Read, Update, and Delete operations are allowed.
  • For message module: Read and Away operations are allowed.

These operations allow you to mix and match what a particular profile can do with each module. The other permissions a profile can have are import and export data.

Import and export permissions allow or deny the profile to import/export the data to Modules. This is particularly useful to protect your data from being stolen or misused.

Let’s understand it with an example: a sales development representative (SDR) may need to view and edit records such as leads, contacts, accounts, and opportunities, but may not need access to delete, import, or export the records. In such cases, the admin of the CRM account can create a profile that can provide limited access to all Modules.

What is a "Role"?

Let’s talk about roles.

Roles control what a user can see in your CRM. It increases data visibility and opens up access to your records.

It is important to provide easy access to relevant information to your sales executives. But it is even more important to ensure they feel secure in the knowledge that their information is secure. Roles help you in this process.

To explain it with an example, a regional sales manager can access his data and the data of his subordinates whereas he may not need to access the data of his superiors or the other regional sales managers.

Note - Roles only make sense when Modules are marked “private” in permission and visibility.

What is a "User"?

Users are the people who can log into the CRM system. In other words, they are your teammates who have access to CRM.

Users can be created by the admin of the CRM account.

For instance, if the Sales Director is the admin of the CRM account, he/she can create all the sales managers and sales executives in his team as users. The users can be assigned to different roles and profiles which provide the necessary privileges to access the relevant information and restrict the visibility of confidential information.

Please note that you can only access users in other modules when their status is either approved or pending. Disabled users will not be listed.

Check our video tutorial to understand more about users, profiles, roles, and permissions & visibility.

CRM user management video tutorial

What are the differences between "Roles" and "Profiles"?

Role hierarchy and profile permissions can be confusing. We get it. So, we listed the differences for you!

Profiles are like users in the bubbles who are in the same organisation but can have different permissions (CRUD, Import/Export) on Modules (Lead, Contacts, Accounts and Opportunities). For example, ‘Marketing’ bubble, ‘System Admin’ bubble, ‘Sales’ bubble, etc.

Roles, on the other hand, help you have a hierarchy for access controls. The role hierarchy need not be the same as the role hierarchy of your organisation.

An easy tip to remember the difference between roles and profiles is that “Roles see, profiles do”



Allows the users to create, read, update, delete, import, and export 

Provides record visibility

Mandatory for each user


Controls access to Modules such as lead, account, contact, opportunity, and activity

Control access to records in Modules allowed by Profile.

Let’s see a real-life example :

Assume that the Sales Manager has access to create, read and update profile; sales executives are in the lower hierarchical role; all the permissions for objectives are set to “Private” and “Peer-to-Peer” sharing is disabled; the sales manager can create, read and update the records but can’t delete, import, or export the records. The sales manager can view his own records, the records assigned to him, and the records of his subordinates but not of his peers or his superiors (VP of Sales).

Structure of Profiles and Roles
Structure of Profiles and Roles


As an organisation scales up and onboards more users, it will become imperative to regulate access controls. Data security becomes essential. Along with robust security protocols and supporting frameworks, it is imperative for businesses to be aware of security practices and know how to put them to action. To safeguard your data from unauthorised access, create appropriate roles and profiles and provide your sales force with the permissions and visibility they need.

Do you need help to design roles/profiles in your CRM? If yes, let us help you to configure the same for maximum effectiveness. Contact us today and we would be glad to help!

Further reading