Contents
2024
2023
2022
2021
Changelog
June 21, 2023
Announced: June 21, 2023
June 21, 2023
We are introducing 2 new types of permissions as part of the Permission sets feature in our web app and API:
- Permissions for adding items
- Permissions for editing another user’s items
Users can now be restricted from creating new and/or editing existing other users’ entities (deals, leads, persons and organizations). This ensures data reliability and quality for your Pipedrive account.
What is being added?
We will roll the feature out to all companies between June 26 and July 20, 2023.
By default, nothing will be changed in the API behavior.
When a user’s permission for creating entities (e.g., the can_add_deals
permission for deals) is disabled, the user will not be able to add new deals, leads, persons and/or organizations via the API. Similarly, the user will not be able to edit other users’ entities when the editing permission is disabled. The deals, leads, persons and organizations that are owned by the user themselves will always remain editable.
1. Permissions for adding items
Deals API
If the user does not have the can_add_deals
permission, calling the POST /deals
and/or POST /deals/{id}/duplicate
endpoints will result in a 403
error.
Leads API
If the user does not have the can_add_leads
permission, calling the POST /leads
endpoint will result in a 403
error.
Organizations API
If the user does not have the can_add_organizations
permission, calling the POST /organizations
endpoint will result in a 403
error.
Persons API
If the user does not have the can_add_people
permission, calling the POST /persons
endpoint will result in a 403
error.
2. Permissions for editing another user’s items
Deals API
If the user does not have the can_edit_other_users_deals
permission, calling the following endpoints will result in a 403
error:
POST /deals/{id}/participants
POST /deals/{id}/products
PUT /deals/{id}
PUT /deals/{id}/products/{product_id}
DELETE /deals/{id}/participants/{deal_participant_id}
DELETE /deals/{id}/products/{product_attachment_id}
Leads API
If the user does not have the can_edit_other_users_leads
permission, calling the PATCH /leads/{id}
endpoint will result in a 403
error.
Organizations API
If the user does not have the can_edit_other_users_organizations
permission, calling the PUT /organizations/{id}
endpoint will result in a 403
error.
Persons API
If the user does not have the can_edit_other_users_people
permission, calling the following endpoints will result in a 403
error:
Here’s an example 403
error response for both types of permissions:
{
"success": false,
"error": "You do not have permission to do this.",
"error_info": "Please check developers.pipedrive.com for more information about Pipedrive API.",
"data": null,
"additional_data": null
}
Where can I find the permissions for a user?
We will be adding all of the above mentioned permission fields to the response of the GET /users/{id}/permissions
endpoint, which can be used to find a specific user’s permissions.
If you have any questions or comments, let us know in our Developers' Community.