Beam Help
Get help now

How-to · Zoho CRM

How to Create Data Sharing Rules in Zoho CRM

Set up data sharing rules to control who can access specific records.

Data sharing rules in Zoho CRM let you control exactly which users, roles, and groups can access specific CRM records — and a recent interface overhaul has made creating and managing these rules significantly more straightforward. Here at Beam Help (independent expert support for Zoho, not official Zoho support), we'll walk you through the full process.


Why this matters


Most CRM organisations use a role hierarchy where not every user should see every record. Data sharing rules let you extend access beyond the default organisation-wide permissions — for example, allowing a regional sales team to view deals owned by another team. Getting this right protects sensitive customer data while ensuring the right people have the information they need to act. The Q1 2025 update to Zoho CRM's Data Sharing settings makes this easier to manage than ever before. [1]


Step-by-step


Step 1. Navigate to Data Sharing settings.

In Zoho CRM, go to Setup and locate the Data Sharing section under Security Controls. The refreshed interface now presents two clearly separated tabs: one for Default Organisation Permissions and one for Sharing Rules, so you can immediately see where to work. [1]


Step 2. Review your default organisation permissions.

Before creating a specific sharing rule, click the Default Organisation Permissions tab to confirm the baseline access level for each module (e.g., Private, Public Read Only, Public Read/Write). Sharing rules only extend access beyond this baseline, so understanding your defaults first prevents unintended over-sharing. [1]


Step 3. Switch to the Sharing Rules tab.

Click the Sharing Rules tab to see a module-wise list of all existing rules. The updated view organises rules by module, making it easy to spot gaps or duplicates at a glance. [1]


Step 4. Locate the correct module.

Use the Search bar or the Advanced Filters option to narrow down to the module you want to configure — for instance, Leads, Contacts, or Deals. You can also filter the list by module name directly from the filter controls. [1]


Step 5. Create a new sharing rule.

Click the button to add a new rule for your chosen module. You will be prompted to define:


  • Who owns the records — specify the role, role and subordinates, group, or territory whose records should be shared.
  • Who gets access — choose the users, roles, or groups that should receive the extended access.
  • What level of access — typically Read Only or Read/Write, depending on what the receiving group needs. [1]

Step 6. Set criteria and conditions.

Depending on your edition, you may be able to apply field-based criteria so the rule only applies to records matching certain conditions (for example, only Deals above a certain value, or Leads from a specific source). Define these conditions carefully to avoid over-broad sharing. [1]


Step 7. Save and activate the rule.

Once you are satisfied with the configuration, save the rule. Thanks to the one-touch activation feature introduced in the Q1 2025 update, you can enable or disable any sharing rule with a single click — no need to delete and recreate rules when you need to temporarily suspend them. [1]


Step 8. (Optional) Clone an existing rule to speed up setup.

If you need a similar rule for another role or group, use the Clone function on any existing rule. This copies the criteria and conditions into a new draft that you can adjust before deploying, saving significant configuration time. [1]


Common pitfalls


  • Sharing rules only extend, never restrict. If your default organisation permission is already set to Public Read/Write, a sharing rule cannot reduce that access for a subset of users. Restrictions must be handled through Profiles, not sharing rules.
  • Activating vs. saving. After saving a rule, confirm it is toggled on using the one-touch activation control. A saved but inactive rule has no effect on record visibility. [1]
  • Cloning without reviewing criteria. When you clone a rule, the original criteria carry over exactly. Always review the conditions before activating a cloned rule to avoid unintentionally granting access based on stale logic. [1]
  • Module-wise organisation. The detailed list is organised per module, so if you cannot find a rule, make sure you are looking in the correct module section or use the search/filter tools to locate it. [1]

What to check


  • Verify the rule is active — confirm the toggle next to your new rule shows it as enabled after saving. [1]
  • Test with an affected user — log in as (or impersonate) a user in the receiving role or group and confirm they can now see the intended records but not records outside the rule's scope.
  • Cross-check default permissions — revisit the Default Organisation Permissions tab to ensure the baseline settings still align with your security policy after adding the new rule. [1]

Sources cited

  1. [1] Q1 2025 Update
  2. [2] CRM | Help Video | Knowledge Base
  3. [3] Consolidate your workflows and be more productive - Introducing Multiple Conditions in Workflow Rules
  4. [4] Hi, how can we help?
  5. [5] Zoho Community | Connect, network, and share on Zoho Forums
  6. [6] Zoho Tables | Collaboration | Knowledge Base
  7. [7] ZOHO CRM User management or role
  8. [8] Zoho Analytics On-Premise API