Roles (Data Visibility)
Roles define whose records a user can see, based on organizational hierarchy. Users in higher roles (with subordinates) automatically see their subordinates' records. Roles form a reporting hierarchy tree (GlionConsulting: Roles & Profiles).
Share Data with Peers: An optional role-level setting that, when enabled, allows users in the same role to view each other's records (disabled by default) (Zoho CRM FAQs: Roles and Profiles).
Key difference from Territories: A user can belong to only one role but can be assigned to multiple territories.
Profiles (Functional Permissions)
Profiles define what a user can do in the CRM: which modules they can access, which CRUD operations they can perform, and which admin/developer features they can use (GlionConsulting: Roles & Profiles).
Profiles control:
- Access to individual modules
- Create, Read, Edit, Delete, Export rights per module
- Access to reports, workflows, dashboards
- Access to developer tools (Client Scripts, Widgets, Functions)
- Module Customization permission
- Manage Data Sharing permission
Standard profiles: Administrator (all permissions by default) and Standard (configurable).
Field-Level Security
Field-level security (FLS) is managed at the profile level and applies across all layouts for the selected profile. For each field in a module, administrators can set one of three permissions per profile (Zoho CRM tips: Field-Level Security):
- Visible (default; can read and edit if profile allows)
- Read-Only (can see value but not edit)
- Hidden (field not shown at all for users in this profile)
Path: Setup > Customization > Modules and Fields > [Module] > Fields > Field Permissions.