Users & Permissions

I need a way to limit the number of employees that a sub-account owner can add to their account AND even prevent a sub-account owner from adding employees all together. I would also like the option to charge an incremental amount to the sub-account owner by how many employees they add. Even further, by including these settings in a snapshot, it would help automate the process of granting user permissions based on the SaaS plan or snapshot selected. By adding more granular control of 'User Permissions' within various sections and items under, this could be achieved. For example, the User Permissions for Settings could have sub settings to check on or off each of the items under each category. For example within Settings, we would have a toggle for each of the following items: MY BUSINESS Business Profile My Staff Pipelines BUSINESS SERVICES Calendars Phone Numbers Reputation Management Profile OTHER SETTINGS Custom Fields Custom Values Domains Media URL Redirects Integrations Email Services Conversation Providers Tags Labs Audit Logs

Description: Currently, managing permissions for the Notes section (on contacts, opportunities, etc.) lacks the necessary granularity for effective team management and data protection. To better manage diverse teams and safeguard important information, we require finer, role-based controls over what users can do with notes. --- Problem & Use Case: Different user roles within our business require different levels of access to notes. For example: We need the ability to assign Create Only permissions to certain roles (like VAs or entry-level staff) so they can add new information without the risk of accidentally editing or deleting crucial historical notes logged by senior staff or other team members. Other team members might need the ability to Create/Edit notes to update information as situations evolve, but should still be restricted from deleting notes entirely to maintain record integrity. Full Create/Edit/Delete permissions should be reservable for administrators or specific trusted roles. Without these distinct levels, we either grant too much access (risking accidental data loss or unauthorized modification) or restrict users too much, hindering productivity. This also makes it harder to maintain data integrity and accurate historical records. --- Proposed Solution: Please implement the following distinct permission levels that administrators can assign to users specifically for the Notes section: Create Only : User can add new notes but cannot modify or delete any existing notes. Create/Edit : User can add new notes and edit existing notes, but cannot delete notes. Create/Edit/Delete : User has full control – allowing adding, editing, and deleting of notes they have access to view. --- Benefits: ✅ Improve security and data integrity by limiting modification/deletion rights. ✅ Prevent accidental loss of important client history or internal communication. ✅ Empower administrators to configure user access precisely according to job responsibilities and trust levels. ✅ Enable more secure, effective, and clearly defined team collaboration within HighLevel. Implementing these granular permissions would be a valuable improvement for managing teams and protecting data within the platform.

GHL has by far one of the worst permission control out there, like you cant even edit and remove half the suff. You should be able to remove and add EACH tab and within each tab, you should be able to remove and add each sub category (like social planner inside the marketing tab), for each one of your users. You should be able to remove each tab inside settings INDIVIDUALLY, like the user permissions need to be WAY MORE GRANULAR. GHL, please add this, this would be a huge improvement to the platform. Thanks

GoHighLevel currently handles user permissions individually within each sub-account — with Admin and User types, and manual permission toggles. As marketing agencies, multi-client setups, and education businesses with internal marketing teams grow, this gets tedious, prone to human error, and limits scalability. We need a smarter, team-oriented permission system. 🎯 Feature Request: Marketing Teams + Roles System 📌 Roles Predefined permission profiles like: Marketing Admin Marketing Manager Campaign Specialist Content Creator Ads Manager Each Role would define: What areas they can access (CRM, Conversations, Opportunities, Campaigns, Ads, Reporting, etc.) What actions they can take (View, Create, Edit, Delete) What records they can access (All, Owned, or Team-based) 📌 Marketing Teams Groups of users organized by team responsibilities and roles. Example: “Facebook Ads Team” → 3 users with the Ads Manager role “Lead Nurturing Team” → 2 users with the Campaign Specialist role “Marketing Managers” → oversight across all teams Teams can be assigned to: Pipelines Ad Accounts Campaign Projects Automations Opportunities Dashboards Leads and opportunities should be assignable to Marketing Teams as well as individual users. ✅ Why This Matters 🚀 Faster onboarding: Assign a role, drop them into a team 📊 Easier scaling: Manage permissions by role or team, not one by one 🏢 Multi-client and agency ready: Control who works on what without risking account-wide access 📈 Cleaner reporting: Track both individual and team marketing performance 🔒 Better security: Consistent, reliable permission structures, reducing errors and overexposure 📊 Comparison to Current System: Current GHL User-level manual permissions No teams, only individual users Lead/campaign assignment to individuals only User-based reporting only VS Proposed System Role-based permissions with inheritance Group users into Marketing Teams (e.g. Ads Team, Nurturing Team) Assign leads, opportunities, and campaigns to Teams Individual + Team-based performance reporting

Hi, I would like to request more flexibility when it comes to user permissions. Currently, there are only two roles available: “Admin” and “User,” and only two permission levels: “Only Assigned Data” and “All Records.” It would be very helpful to have more conditional or customizable permissions. For example, I’d like to allow a user to view another specific user’s contacts without giving them full admin access. Right now, if a user has the “Only Assigned Data” setting, they can only see their own assigned contacts. The only way to see another user’s contacts is by making them an Admin, which is not ideal in this case. I simply want this user to collaborate with a teammate and be able to see the contacts assigned to that specific user—without having access to everything like an Admin would.

Whilst the recent enforcement of 2FA (via email) is a welcome addition to the security of High-Level, email based 2FA is unfortunately one of the least secure 2FA methods. So, please add more 2FA options. Including at a minimum TOTP codes (a global standard) that people can use through whatever TOTP App they use. (E.g. Authy, Duo, Google Authenticator, Microsoft Authenticator etc). And at the same time, please: Allow an agency to select what 2FA options they will allow to be used across their clients. Allow Admins of a sub-account to also have this level of functionality to select what 2FA options users in their Sub-Account can use IF the Agency gives it to them.

Currently, the "Only Assigned Data" option works only for User roles and not for Admins. However, in the context of a CRM designed for real estate teams, it would be extremely valuable to allow "Only Assigned Data" to also apply to Admin roles. Concrete Example: In a real estate team, it is common to grant Admin access to senior agents so they can add users or manage certain settings within their subaccount. However, even with an Admin role, we would like these users to see only their own contacts and opportunities (and not those of other team members), in order to maintain lead confidentiality between agents. Suggestion: Allow the "Only Assigned Data" setting to work for Admin roles as well, or add more granular permissions for Admins to better control data visibility. This would enable better team management in industries like real estate, where maintaining client confidentiality between agents is essential.

I am hiring several dialers to call my leads, but as of now I need to give them Admin roles with access to so much just information so that they can view all leads and calendars, which is REALLY unnecessary. I want to be able to select the specific information they have access to.

Right now all invoices are linked to customers. On The payment dashboard we have no option to filter by users who created the invoice. So simple but its missing. Please dont make half baked features. Make all the features you release complete!