Custom permissions for business plan
Javier Pereira
Custom permissions were recently introduced (FINALLY YAY!) to the enterprise version and nothing for the other plans, but I think this is a mistake.
Saap enterprise plans tend to focus on extra security, memory, support, automations and people included in the plan and are needed for very large companies in most cases. However, any serious small team, startup or small company do need custom permissions for managing their staff and guests but everything else included in the enterprise model is completely useless. There should some type of permission differences between the business model and the rest, it shouldn't be as white or black as it is now where the enterprise version is the only way to customize those permissions. Maybe make it so you have even more advanced permissions in enterprise vs business, but you need to include some of them in the business plan
Log In
Armin Kamfiroozie
We have been using ClickUp for several years, and recently our team has grown to 6-7 people. We upgraded to the Business plan (the one prior to the Enterprise plan) in hopes that it would meet most of our needs even as we expand to 20-30 members. However, when I wanted to modify some user permissions, I discovered that this basic role customization option—a critical security feature—is not available in our current plan and we would need to switch to the Business Plus plan, which nearly doubles our subscription cost.
For a platform like ClickUp, which claims to be tailored for small and medium-sized businesses, this creates an unnecessary barrier in terms of security and functionality. Our concern has reached a level where we are starting to consider leaving ClickUp and exploring other alternatives if this issue cannot be resolved.
The current three-role structure (Guest/Member/Admin) creates concerning potential security vulnerabilities:
- Any Member can export entire workspace data - risky for sensitive business information
- All Members have access to create spaces and manage custom fields - risking accidental system-wide changes
- No restrictions on modifying tags and statuses - potentially disrupting established workflow systems
- Limited control over Git access and integrations - exposing technical configurations to non-technical staff
- No middle ground for managing critical workspace settings
Here are just a few sample scenarios impossible to handle:
- External Collaborators need more than Guest permissions (create views, use Git) but shouldn't have Member's full access
- Junior Team Members need basic tools but shouldn't manage workspace settings
- Project Coordinators need to manage tags and statuses but not critical configurations
- Team Leads need team-specific management without workspace-level access
- Client-Facing Staff need view creation without internal system access
- and lots of other situations.
While advanced features can justifiably remain in higher tiers, basic role customization is a security necessity, not a luxury. Please consider adding this fundamental feature to the Business Plan to help teams maintain proper security practices without forcing them into enterprise-level pricing.
W
William Rosenthal
Totally gonna leave after that... 2.5 years and nothing.
v
vitoooo
this is the reason we leaving probably, because business plan has such security issue and lacks many features necessary for any business that is pushed to business plus (
I
Italo Aguiar
agree!
T
Troy Johnston
Suggestions to those that monitor these feature requests.
ALL these scenarios are presently un-secured on Business Plan. As a small business owner - unfortunately they represent a presently un-mitigated business risk that can readily cripple a business.
* Prevent guest invites (workspace level)
* Prevent public sharing (workspace level)
* Manage/Control item deletion at each level (eg Space, Folder, List, Task, Document, Page, etc)
* Prevent export (workspace level)
* Prevent member user from ability to remove Admin visibility
(YES it can happen - we bought the business and an employee went rogue and removed the visibility permission to all spaces for the two admins. Could not be recovered without help. Put simply a member user should not be in a position to overwrite the admin-level permission. Suffice to say they are no longer with us. - But it can happen.)
* Fix document views (in a space) so that deletion of the view does NOT delete the document as well. A view is commonly considered a slice of data held elsewhere.... no-one would expect that to delete a view also deletes the underlying data.
* Enforced propagation of security permissions (or forced logout) - So the Admin can make sure all members of the team in work-from-home situations have taken on the updated permission changes.
* Confirmation of important deletes. Pretty simple - "Are you sure Y/N"
We truly hope this is heard. Regards.
T
Troy Johnston
Small professional services company (4 people) - AGREE completely. Basic info asset security is lacking.
While I can understand charging more for items like white-labelling, higher automation counts, certain reporting or integrations, certain functional features and SSO under a higher level plan. However, to us, it is not good customer service at all to have no ability to secure our company assets (from deletion) unless under an enterprise level plan.
We are basic users. We use no automation or many of the features - but presently we cannot properly secure our company information from easy theft or deletion.
Items like having a standard 'collaborator' (member) user not being able to overwrite the permissions of an administrator or to prevent their deletion of company assets are a base-level requirement - not an enterprise level requirement.
The core items that really concern me (attempting to run a business using this tool) on a business plan are those that affect security over our information assets:
* ability for 'contribute' users (members) to
- overwrite the access permissions of an administrator
- delete items other than tasks (spaces, documents, etc are very large concern)
* inability to block public sharing at least globally on/off ... or ideally at user level or space/task/document level.
I absolutely understand the desire to have differing level plans and differing functional features... however these basic information security items should be available across all your paid plans.
I like your tool - however these intrinsic data security items lacking at the Business Plan level (our level) are a LARGE concern. Enough that we are unfortunately constantly looking at competitor products and will likely look to shift as soon as we find another that can manage recurring tasks like Clickup.
J
Jon Hegle
Yes, well said Javier.