Overview of Data Access Controls
Data Access allows Vitally admins to have more granular control over the Account and Organizations that their team can access. There are two different layers: Team Member Access and Access Groups.
Team Member Access
Within Team Member Access you can set baseline permissions for team members:
All — full access to every account and organization.
Owned — only those where the user holds a key role (e.g., CSM, AE, Consultant).
None — no data access unless explicitly granted by an Access Group.
Admins always retain full access and cannot be restricted.
Overview of Access Groups in Vitally
Access Groups offer flexible, granular control over team access to customer data. These tools empower admins to define default visibility for non-admin users while layering on additional access via group filters—perfect for managing contractors, regional teams, or segmented internal audiences.
Access Groups extend access beyond default restrictions through dynamic filter-based rules (like Plan = Enterprise or Region = EMEA), enabling precise visibility assignments across teams.
How to Create Access Groups
Only Admins can create and manage Access Groups. Follow these steps to set up a new Access Group in Vitally:
Go to Settings
Select Data Access tab
Select +New Access Group
Select whether for Organizations or Accounts (if you have hierarchy on)
Name the Access Group
Select the team members
Add any additional rules (e.g., Plan, Region, CSM, Salesforce data).)
For each non-admin user, select their baseline access level: All, Owned, or None.
If access is being reduced, Vitally may prompt reassignment of their playbooks to avoid disruption.
Once you've created your Access Groups you can decide whether you want to give individual team members access to All (can access all Accounts and Organizations),
Visibility Model:
User visibility = Default access (All/Owned/None) + Any memberships in Access Groups.
Remember, Admins are not added to Access Groups since they inherently have access to all data.
Using & Managing Access Groups
Access Groups work with the default access settings assigned to each user. There are three possible settings:
all: Users with this setting can access all customers not restricted by Access Groups and any customer within groups they belong to.owned: These users can see customers they "own" (where they are assigned a Key Role) and those in Access Groups they belong to.none: This limits access strictly to customers in Access Groups the user is a member of, making it suitable for users like contractors who only need access to specific customers.
Hierarchy Considerations
Organizations: If a user can access an organization, they can also access all accounts under that organization.
Accounts Without an Organization: These accounts are only visible to users if they are included in an Access Group or the user owns the account.
Managing Roles and Playbooks
Admins always have access to all data.
Leaders can have restricted access, which can lead to issues when creating playbooks. Playbooks that target restricted customers will be labeled as "Restricted."
Admins can lift these restrictions but should be cautious of potential vulnerabilities, such as exposing data via playbooks to leaders who shouldn't have access.
Data Access FAQs
Who can create and manage Access Groups?
Only Admins have the ability to create, modify, or delete Access Groups. Admins are also the only users who have unrestricted access to all organizations and accounts.
Can I grant access to a single account within an organization?
No. Access is organized at the organization level: granting access to an organization automatically includes all its child accounts
Do Access Groups override the “Owned” default access?
They augment it. Users with “Owned” access see customer data where they hold a key role plus any organizations/accounts assigned via Access Groups.
What happens if a user cannot access an organization or account?
If a user does not have access to an organization or account, it will not appear in Vitally’s UI. This means the organization or account and any associated data (tasks, objects, etc.) will be hidden from the user.
Can leaders accidentally send data to customers they cannot access?
Yes, leaders could potentially send data to inaccessible customers via playbooks. However, Vitally mitigates this by restricting playbooks to only enroll customers that the creator can access. Admins can adjust these restrictions but must take precautions to avoid data leaks.
Can users with the none access level see anything outside of Access Groups?
No, users with none access only see customers within the Access Groups they are a member of. This is typically used for contractors or users with limited responsibilities.