ESM Inbound policies & processes
      Back to home
      1. Knowledge Base
      2. ESM Inbound policies & processes

      Which HubSpot permissions does ESM Inbound need to deliver my projects?

      In the vast majority of cases, you will need to assign Super Admin access to ESM Inbound's team for us to complete your projects.

      By default, ESM Inbound will request Super Admin access when working in your HubSpot portal. This is because the majority of projects our team works on require this level of access to deliver your work securely and efficiently. 

      As a security precaution, ESM Inbound's team members always use individual named accounts. We do not share login details internally or use shared accounts. This increases your security and provides a clear audit trail of user actions. 

      Why is it important that we have Super Admin access when working on API projects? 

      Your API key is one of the most sensitive pieces of information in your HubSpot portal. With access to your API key, a sufficiently technical user can take almost any action in your HubSpot portal whether or not they are a user. 

      Protecting your API key should be a top priority for your business and it will always be a top priority for ESM Inbound. 

      Many API projects require that we have access to the API key section of your HubSpot portal. Only Super Admins are able to access the API key within your HubSpot portal. Accessing the API key via this area in your HubSpot portal is more secure than alternatives such as: 

      • sharing the API key via email
      • sending the API key via direct messages
      • using SMS messages to send the API key to us. 

      The API screen in HubSpot shows an audit log of all users who have accessed or changed the key, meaning that your audit trail is secure. It gives your business confidence that you know your API key is secure. 

      This is one of the reasons we ask for our team members to be given Super Admin access in your HubSpot portal. It improves your security by limiting the users who can access sensitive information and giving you and audit trail for sensitive data. 

      What if I can't grant Super Admin access to your team? 

      If your business has a policy that prevents you from granting ESM Inbound access as Super Admin users, then you will need to discuss this point with your account manager. 

      In most scenarios, we will ask you to grant a minimum of one ESM Inbound user Super Admin access and document the highest level of access this user can grant to other ESM Inbound team members. 

      ESM Inbound considers the single Super Admin user option to be a high-risk choice for both your project timelines and your business. A single Super Admin user makes it difficult for us to change user permissions in a timely manner. 

      It also reduces the effectiveness of our internal policies surrounding risk control and risk mitigation for insider threats. 

      If your business cannot even grant a single ESM Inbound user Super Admin access, then you will need to either: 

      • provide a minimum of two members of your team who we can contact in order to add additional ESM Inbound team members as users and, when appropriate, change the level of permissions assigned to ESM Inbound users, or:
      • accept that our turnaround time on projects is likely to be unusually slow due to the need for us to routlinely request and wait for the correct level of access to our team members.