Managing Unauthorized CRM Changes

Sales people are there to sell and good sales people will do anything to close a sale. Their commission depends on it. Unfortunately, sometimes that means that some sales people will “steal” an account from one of their colleagues in the company if they think they can get a deal out of it — and get away with it.

In a CRM, the fastest way to do this if for the sales people will change the assigned user for a contact or account to themselves. Then they show up as owning the contact or account and can work it as they please.

So how can you prevent this from causing havoc to your sales strategy and your sales team? There are two approaches I have used that have been successful.

1. Set up an Account Manager Security Role and lock down permissions.

The most direct approach is to lock down records so that the Account Manager can only edit the accounts for which they are the assigned user.

For example in SuiteCRM/SugarCRM:

1. Click on Admin in your personal menu and then click Role Management under the User section on the Admin dashboard. (Note that you have to have Admin privileges to do this.)


2. Under the Roles menu that appears at the top, click Create Role.


3. In the Create role window, add a clear identifiable name and description for the role. Click Save.


4. You will then be redirected to a Roles Permissions matrix showing a list of modules and permissions for the modules. Don’t be overwhelmed – the user will inherit permissions from their user type first so you don’t have to set all these permissions; you just have to set the ones you want to be different than the default access.


5. For all modules where you don’t want the account manager to be able to change a record (for example, Accounts, Contacts, Leads, Opportunities), click on “Not Set” in the Edit and Delete columns. Select “Owner”. This will allow the account manager to change any records they own, but they won’t be able to change or delete records they don’t own. (If you don’t want them to view those records at all you can lock down the Access column as well.)

Don’t worry about Import or Mass Update — if the account manager attempts changes this way, only the records they own will be changed.


6. Click the Save button. The new roles will change to Bold.

7.  Scroll down the page and to assign users to the roles. Click Select User. Select the users you want to add to the group in the pop up window and click Select. Then click Save in the permissions screen.


8. Any users in this group will not be see the pencil icon in the search screen or the Edit/Delete options in the record.


What if you want to allow an account manager to edit the accounts on their team?

Put that account manager and their team in a group, create a role for that account manager and select group in the permissions drop down.

2. Get notified of any changes.

Set up a workflow to get notified of changes. More later on this option.


Author: Terry Matz

Digital media expert with 18 years experience delivering web site strategies and solutions to improve business results through web site user experience, search engine optimization and marketing, and social media. Innovative thought leader with a cross-functional background in technology, communications, design, and marketing.

Share This Post On