Your Guide to HubSpot User Permissions

By Chris Hislop October 13, 2023

Let’s talk security. Specifically, cybersecurity. It might not be top of mind during your busy workdays, but cybersecurity is a cornerstone of modern business. More and more companies and industries are investing in new technology to increase connectivity, communication, and efficiencies between their teams and departments. 

At the same time, data breaches have increased to record numbers due to “less-than-adequate information security.” Insufficient cybersecurity precautions impact millions of people each year, and it’s never been more critical to take the proper steps to protect your business and your customers’ data. 

As digital marketers, we take cybersecurity seriously. We work with sensitive data in our clients’ HubSpot accounts every day, so we go to great lengths to ensure there are proper security checks in place. In addition to requiring everyone on our team to have two-step verification set up, we also take care to establish user permissions for everyone on the account. This best practice greatly reduces the chances of someone accidentally exposing the HubSpot account to a security breach. 

Why it’s important to manage account access

For organizations with multiple teams and users accessing HubSpot, it doesn’t make sense to give everyone full access to everything in the account. That’s a recipe for mixups, mistakes, and general confusion as multiple teams edit assets and manage the account. Giving users and teams access to only what they need is a smart and simple way to increase efficiency for your organization and reduce the chance for mishaps. 

At Raka, we work with our clients to confirm who needs access to specific tools in HubSpot. It’s a core step during every HubSpot implementation and gives both Raka and our clients peace of mind moving forward. To that end, we want to walk you through our three main tiers of HubSpot user permissions and how to determine who falls into each bucket. 

We even created a downloadable HubSpot user permissions matrix to guide you through the process and understand exactly what each tier can access. After reading this blog post, you should be able to quickly fill out the HubSpot user permissions matrix template and start managing permissions directly in your account. 

HubSpot user permissions guide

Set up HubSpot user permissions 

You can set HubSpot user permissions in Settings under Users and Teams. There are three tabs at the top: Users, Teams, and Roles. This allows you to grant permissions on a user-by-user basis, or for entire teams at a time.

HubSpot Users and Teams

One thing we’d like to note before we dive in is the distinction between HubSpot user permissions and roles. Roles differ from permissions in that once they are set, they cannot be changed. You can opt to set each of the permissions tiers outlined below as roles, but once they’re set, you’re stuck with them, so to speak. 

“If you want a user to have different permissions than the role, they would need to be removed from the role. Otherwise, the permissions would need to be changed for the entire role.”HubSpot 

Access level 1: Super Admin 

Super Admins have access to everything in HubSpot. They can download data, edit user permissions, and manage the account. Your internal leadership team, including your marketing managers, should have this access level. Additionally, if you work with a HubSpot solutions partner agency like Raka, their team should also have Super Admin access. This will give them the ability to manage your account quickly and effectively, helping you get the most out of your account and avoiding potential issues down the road. 

Access level 2: Marketing, sales, and service teams 

The next step down from Super Admin should be the teams handling the bulk of the work in your HubSpot account. This could be your marketing, sales, or service team (or a combination of the three). These are the users who are writing and sending emails, posting to social media, managing deals in the sales pipeline, or responding to service tickets, for example. 

They should have access to everything they need to edit in the Marketing, Sales, or Service Hub, and also have visibility into the other hubs. This visibility is critical for inter-department communication and clarity on progress towards SMART goals

This level of access should be limited from any features with larger account or billing implications, such as the bulk delete and account configuration settings. Those features simply won’t be of use to these users and by preventing access to them, you’ve protected your team against making a crucial mistake. 

Access level 3: Design 

This access level is perfect for designers or design teams—the users who are designing and building landing pages, blogs, emails, CTAs, and more in HubSpot. They usually don’t need access or visibility into Service or Sales Hub, so it’s safe to set them up in just Marketing Hub to begin with.  

These users should also be limited from features with larger implications. As a general rule of thumb, it’s safer to start out with stricter permissions and gradually add new privileges as needs become more apparent and your team gets more comfortable in the platform. 

Like we said earlier, it’s really easy to get confused by all the different HubSpot user permissions available. There’s a full guide to permissions here, but we recommend using our template as a starting point before you dive deeper into the minutiae. Setting up even basic user permissions in HubSpot is important for an added level of security for your business and your customer data. Plus, it improves efficiency and reduces confusion among your team as they work in your HubSpot account. 

HubSpot user permissions guide