How to Secure Your Flowlu Data with the Right Access Settings
Access rights are a must when you start using any system. Ignoring them can lead to problems: from breaking an NDA to losing important data on your portal.
In fact, studies show that up to 95% of data breaches involve human error and 68% are linked to non-malicious mistakes like misconfigured access. With the average cost of a breach reaching $4.44 million in 2025, even small permission errors can become very expensive.
Good access hygiene also keeps projects moving: people see exactly what they need to act, and nothing that slows them down.
This article explains how access rights work in Flowlu and gives you the tips to reduce the risk of losing information.
User permissions in Flowlu
In Flowlu, you can manage permissions at two levels:
System level: users are either Portal Administrators or Regular Users.
Module level: each module has its own rules. Most modules include:
- Administrator: full access to everything in that module.
- Access denied: no visibility or interaction with the module.
- Intermediate levels: partial access depending on role. For example, in CRM, the Employee role allows creating and managing opportunities but not deleting them or creating new pipelines.
A Portal Administrator is not the same as a Module Administrator.
Module-specific permission settings
Beyond these general roles, you can fine-tune access in the portal settings for each module. If you don’t want a setting to apply, simply uncheck the box in the portal settings of that module.
|
Module |
Setting |
What it means |
|
Users can view linked emails without accessing the email account |
If enabled, users can see emails linked to tasks without needing access to the connected email account. Disable if you want to restrict this. |
|
|
Users have access to all opportunities |
Employees can view all opportunities. Others only see assigned ones. Private pipelines remain hidden. |
|
|
Users can access all organizations and contacts |
Employees, CRM admins, and record owners can view all contacts and organizations. |
|
|
Users can view linked emails without accessing the email account |
Emails linked to opportunities, projects, tasks, and CRM accounts are visible without email account access. |
|
|
Users can delete opportunities assigned to them |
Employees can delete their own or unassigned opportunities. |
|
|
CRM administrators receive all notifications on opportunities |
CRM admins get all opportunity-related notifications automatically. |
|
|
Project managers have access to all projects |
Project managers can see all projects. Others only see the ones where they are assigned as managers. |
|
|
Users can view linked emails without accessing the email account |
Emails linked to projects are visible without email account access. |
|
|
Users can delete active projects |
If enabled, users can delete active projects. If disabled, they can only delete archived ones. |
|
|
Project manager can create income and expenses |
Project managers can create revenue and expenses in a project even without Finance access. |
|
|
Each user has access to all issued invoices |
Employees can view all invoices. If disabled, they see only those assigned to them. |
|
|
Each user can update the invoice assignee |
Employees can reassign invoices to themselves or others. |
|
|
Each user can log payments for invoices |
Employees can record invoice payments. If disabled, only Finance admins can. |
|
|
Each user can generate recurring invoices |
Employees can create recurring invoices. If disabled, only Finance admins can. |
|
|
Each user can view all estimates |
Employees can see all estimates. If disabled, they only see their assigned ones. |
|
|
Other |
Restrict edits to documents |
Some settings prevent users from editing documents. Review them to protect important records. |
|
Grant access to email accounts to the module administrator |
If enabled, the module administrator can manage all connected mail accounts. |
What a portal administrator can do
Portal Administrators have the highest level of control in Flowlu. They can:
- Add new users
- Promote or remove other portal administrators
- Set module permissions
- Remove or block users
It’s best to assign this role to company leaders or decision-makers. You may also assign it to a trusted technical specialist if needed.
By default, the person who registered the Flowlu portal becomes the first administrator. If that person isn’t part of company leadership, transfer the role to someone who is as soon as possible.
Managing administrator rights
Assigning a portal administrator
- Go to the My Team module.
- Find the user in the list.
- Check the Administrator box.
Removing administrator rights
- Go to the My Team module.
- Find the user in the list.
- Uncheck the Administrator box.
Access management workflows
It is also about what happens when new employees join, when someone leaves, or when you work with outside specialists. To keep everything clear and safe, you can use these simple workflows.
Offboarding workflow
- In My Team, change the user’s role from Portal Administrator (if applicable) to regular user.
- Reassign ownership of active records (opportunities, projects, invoices, tasks).
- Review module-level admin rights (CRM, Projects, Finance, Email) and remove any elevated access.
- Block sign-in by unchecking Allow authorization in the user profile.
- (Optional) Archive the account to restrict access while preserving tasks, projects, and other data for reassignment. Delete only if policy requires.
- Use Business Processes to trigger these steps automatically when offboarding starts.
Onboarding workflow
- Create a new role or use an existing one, and review the permissions included.
- Create the user in My Team.
- Assign a role (e.g., Sales—Employee) instead of setting permissions one by one.
- Confirm module access matches “minimum necessary” (CRM, Projects, Finance, Email).
- Once the invitation is accepted, add them to the right group, knowledge base and team chat for their department.
External specialist setup (Client Portal)
- Create an external user in Client Portal (not a regular user).
- Grant only the modules and records needed for the project.
- On project completion, block access or convert to internal if you hire them.
Best practices for managing employee access
Follow these best practices to make sure everyone has the right level of access without creating unnecessary risks.
Give employees only the access they need
Access should always match the employee’s role and main responsibilities. A sales manager usually only needs access to opportunities, CRM accounts, and sometimes projects, while an accountant needs access to Finance. Sales managers can work effectively with “Employee” access in CRM, while a sales director may require administrator rights for the module.
When in doubt, deny access by default. Only grant access to the modules or data someone really needs, and roll back temporary access as soon as the project ends. This keeps your portal secure without slowing down work.
Regularly check the list of administrators
Check the list of system users and compare it with your current staff. Make sure only the right people have higher permissions. Portal administrators should be trusted people, and module administrators should be only those who really need this access for their work.
If you notice an extra portal administrator, remove their admin rights. If you see a user who should not have access anymore, like a former employee, remove them from the system at once. To keep the system safe, check your user list often, at least once every three months.
Assign a backup portal administrator
If the company director is the main portal administrator, designate a backup. This can be another manager, a system administrator, or a technical specialist. A backup administrator ensures business continuity during vacations and can also revoke access if the director’s email account is ever compromised.
Use roles instead of individual permissions
In the My Team module, create standard roles for each department or job type, such as Sales—Employee, Sales—Manager, or Finance—Employee. Set the permissions once for each role, and every new employee assigned to it will automatically get the right access. This saves time, reduces mistakes, and keeps permissions consistent as your team grows.
Standardize the offboarding process
Onboarding gives new employees access to the system. Offboarding should also be clear and organized, so access is removed safely and in the same way every time. Define in advance:
- At what point access rights are revoked
- Whether the account is deleted or simply blocked
- Who is responsible for carrying out each step
Use Flowlu’s Business Processes module to automatically launch a workflow and assign tasks whenever you need to offboard an employee. This keeps the process consistent and saves time.
Use the Client Portal for external staff
When working with temporary or outsourced specialists, avoid adding them as regular users. Instead, manage them through the Client Portal module.
Here you can:
- Configure which modules external users can access and at what level
- Open or restrict access to specific information
- Block access once the project is complete
- Convert an external user into an internal one if you decide to hire them full-time
Avoid shared accounts
Always give each user their own account. Shared logins make it hard to know who did what, and this can cause security problems and confusion. Personal accounts create accountability and make audits much easier to manage.
Keep admin seats scarce
Administrator rights should be rare and given only to people who truly need them. Try to have as few module administrators as possible, and keep one backup portal administrator for emergencies. With fewer admins, there is less chance for mistakes or misuse.
Review on a regular cadence
Audit your users, roles, and admin rights at least quarterly. If your company is growing quickly, review them monthly. Set a recurring reminder (task) or create a Business Process in Flowlu to make sure reviews happen on schedule.
Own your ownership
Every important record — like opportunities, projects, invoices, or tasks — should have a clear owner. This makes it easier to give responsibilities to someone else when roles change or when an employee leaves. Clear ownership prevents records from getting lost or forgotten.
Final note
At Flowlu, security is a priority. All portal and user data is encrypted and regularly backed up, and our support team can help you recover your portal if needed.
Still, human factors — such as internal conflicts or malicious actions — can also put your portal at risk. Following the practices in this article will help reduce those risks.
In our view, good access controls aren’t just a setup task, they’re a habit. Review your admins, tidy up roles, and lock in a simple offboarding workflow so your team can move fast without putting data at risk. Take ten minutes today to scan My Team, confirm your backup portal admin, and turn your offboarding steps into a Business Process—future you will be glad you did.
A Portal Administrator manages the whole account: adding users, setting permissions, or blocking access. A Module Administrator only controls one module, like CRM or Projects.
Not always. You can block access by unchecking Allow authorization. This keeps all their tasks, projects, and records but prevents them from logging in.
Check your user list and admin rights at least once per quarter. If your team grows fast, review them monthly.
