Overview

An ACL (Access Control List) is a security feature used in systems (e.g., networking, file systems, databases) to define rules for what users or systems can access specific resources and what actions they can perform on them.

Provisioning Access in CRMs Without API Support for ACLs

Most CRM systems, like HubSpot and Pipedrive, do not provide APIs to fetch Access Control List (ACL) information. How can you ensure proper access provisioning in such cases? Here are two approaches:

1. User-Based Authentication

Enable individual users—such as Account Executives, Marketers, and other team members—to connect their own CRM accounts. This ensures:

• CRM ACLs are maintained by the third-party provider (e.g., Salesforce, HubSpot).

• Users only access records they are authorized to view or edit.

• A streamlined experience without additional configuration by admins.

2. Rule-Based ACLs with Admin Authentication

For admin-level connections, implement a rule-based ACL system within your product:

• Provide a form for admins to specify access rules, such as: Which users or roles in your product can access specific CRM records.

• Use these rules to create and enforce access segmentation directly in your application.

Example: