Roles in Zoho CRM let you control which records each user can see and act on, forming the backbone of your organisation's data-access hierarchy.
Why this matters
When your sales team grows beyond a handful of people, you need a structured way to ensure managers can see their team's records while executives only access their own. Zoho CRM's role system mirrors your real-world reporting structure, so data visibility follows the org chart automatically. Without roles configured correctly, users may see too much — or too little — which creates both security and productivity problems. [1]
Step-by-step
Step 1. Log in to Zoho CRM as an Administrator. You need administrator-level access to create or modify roles; standard users cannot reach the relevant settings area. [1]
Step 2. Navigate to Setup. In the current Zoho CRM interface, the primary navigation bar on the left gives you quick access to settings and configuration options without having to dig through multiple menus. [3]
Step 3. Inside Setup, locate the Users & Control section (sometimes labelled Users and Permissions depending on your edition). From there, select Roles. This area is specifically designed to manage data-access permissions among users by assigning them to defined roles. [2]
Step 4. On the Roles page you will see any existing roles, typically starting with a default top-level role such as "CEO" or "Administrator." Click Add Role to create a new one. Give the role a clear, descriptive name — for example, "Sales Manager" or "Sales Executive" — so it is easy to identify when assigning users later. [4]
Step 5. Set the Reports To field for the new role. This determines where the role sits in the hierarchy. For instance, if you are creating an "Executive" role, you would set it to report to the "Manager" role. This parent-child relationship means users in higher roles can view records owned by users in roles beneath them. [1]
Step 6. Configure the Share data with peers option if needed. When this is enabled, users at the same role level can see each other's records. Disable it if you want executives to see only their own data. [1]
Step 7. Save the role. Repeat Steps 4–6 for every tier in your hierarchy — for example, Super Admin → Manager → Executive. [1]
Step 8. Once your roles exist, assign them to users. Go to Setup → Users & Control → Users, open a user's profile, and set their Role from the dropdown. Pair each role with an appropriate Profile to control which modules and features that user can access — for example, restricting executives to only the Leads and Emails modules. [4]
> Note from Beam Help: We are independent expert support for Zoho and not official Zoho support. The steps above reflect the standard Zoho CRM configuration workflow; always verify against your specific edition's interface.
Common pitfalls
- Roles alone do not restrict module access. Roles govern *record visibility* (who can see whose data), while Profiles govern *feature and module access* (which modules a user can open at all). You need both configured correctly to achieve granular permission control. [4]
- One license ≠ multiple users. Each active user in Zoho CRM requires their own paid licence seat. You cannot share a single licence across multiple team members. [1]
- Hierarchy gaps cause visibility issues. If a manager role is not correctly set as the parent of the executive role, the manager will not automatically inherit visibility of the executive's records. Double-check the Reports To chain after creating each role. [1]
- Forecasting relies on role hierarchy. If your organisation uses Zoho CRM's forecasting features, those forecasts are calculated based on the role hierarchy you define here — so an incorrect hierarchy will produce inaccurate forecast roll-ups. [4]
What to check
- Hierarchy is complete and connected: Confirm every role has the correct Reports To parent so the chain runs unbroken from the top-level role down to the most junior tier. [1]
- Users are assigned to roles: Visit Setup → Users and verify that every active user has a role assigned; unassigned users default to the top-level role, which may grant excessive visibility. [4]
- Profiles complement your roles: Check that the Profile attached to each role restricts or permits the correct modules — for example, ensuring executives can access Leads and Emails but not sensitive financial modules. [4]