Managing a HubSpot portal ain't always easy, and it's important that it's done the right way.
In 2026, keeping your portal secure and your team productive comes down to two things: HubSpot user permissions and the new HubSpot seat-based pricing model. This guide will walk you through exactly how to set up your team, save money on licenses, and lock down your data with confidence.
If you haven't checked your billing lately, the landscape has changed. HubSpot moved away from "unlimited users" and now uses a seat-based model. Think of a "Seat" as a license that determines what a person can actually do.
You hire a freelance SEO consultant for a three-month project. Instead of paying $50–$100/month for a Core Seat they won't fully use, you assign them a View-Only Seat. They can see your blog performance and traffic analytics, but they are blocked from touching your live website code or viewing private sales deals.
Navigate to the Settings icon (sprocket) in the left-hand navigation sidebar and select Users & Teams.
With Breeze AI now integrated into everything, you have to decide who gets to play with the robots.
A marketing intern uses Breeze AI to generate 10 social media posts. Because their permissions are set to "Draft Only," the posts stay in the queue. A Senior Manager reviews them for accuracy before they go live, preventing any "AI hallucinations" from reaching your customers.
A Sales Rep in California shouldn’t be able to see the notes or deal values for a rep in New York. By setting Deals Permission to "Owned Only," you prevent "lead poaching" and keep your sales team focused on their own assigned territory.
Being a Super Admin is like having the "Master Key" to the entire building. They can see everything, change billing, and even delete the entire portal.
An employee leaves the company on bad terms. If they had Super Admin permissions, they could theoretically export your entire customer list. Because your other Admin uses the Security Center, they see a "High-Risk Action" alert and revoke access before the export is even finished.
If a workflow suddenly stops working, you need to know why. The Audit Log shows exactly who changed what and when.
A critical automated email stops sending. You check the Audit Log and see that a new hire accidentally toggled the workflow to "Inactive" at 2:00 PM yesterday. You can see exactly who did it, fix the mistake, and use it as a quick training moment.
Your HubSpot is likely connected to things like Slack, Zoom, or Gmail. Managing these "non-human" users is just as important as your staff.
You build a custom app to sync shipping numbers from your warehouse. Instead of giving that app access to your whole CRM, you create a Private App with a scope limited only to "Deals: Write." If that app is ever compromised, your customer names and email addresses stay safe.
HubSpot user permissions control what each person can view, edit, publish, delete, or manage within a HubSpot portal. Administrators can assign permissions based on job responsibilities, helping protect sensitive data while giving employees access to the tools they need.
A HubSpot seat determines which features a user can access, while user permissions determine what actions they can perform within those features. For example, a user may have a Core Seat but only have permission to edit records they own, while another user with the same seat may have full administrative access.
Most organizations should limit their HubSpot portal to two or three Super Admins. Keeping the number of Super Admins low reduces security risks while ensuring the business still has backup administrators if someone leaves or is unavailable.
HubSpot permission sets are reusable templates that assign the same permissions to multiple users at once. They help organizations standardize access across teams, simplify onboarding, and reduce the risk of inconsistent or overly broad permissions.
Businesses should review HubSpot user permissions at least once per quarter and whenever employees change roles or leave the company. Regular permission audits improve security, ensure users have appropriate access, and help maintain compliance as teams and systems evolve.