System Access Management
Entity = One saved record in the system, e.g. one account or quote.
System access can be set for each entity, so that on the strictest (=lowest) access level each user can only see their own entities. Every entity has always only one owner, which can be either an individual user or a group.
NB. The visibility of the activities is an exception and it is described in the guide Activities.
The visibility of the entities is inherited in the system role hierarchy, so that the users with higher role can always see the entities of the users that are on the same branch but with a lower role. By default, every user in the system can see each other’s entities.
CRM system users can be added, removed and edited in Settings → Users.
All the system users are listed in the main view (see the picture below). You can examine or edit a certain user by clicking either the username of the user or the Edit button in the first column of the row. A new user can be created by clicking the New User button. It is also possible to create a new user by copying an existing user as a template by clicking the Copy button on the right user row.
When you delete a user, you will also have to choose another user as an assignee for the deleted user’s entities (accounts, contacts, potentials, etc. See the picture below).
If the Archive user function is checked (and aktive), the entities of deleted user will remain owned by the original user. The user is still removed from the user register and cannot use the system anymore. When editing the deleted and archived user’s entities, keep in mind that the ownership of the entity has to be transferred to an active user.
NOTE: Archiving is an additional chargeable feature that needs to be deployed separately. However, the “Archive User” option is always visible even if the function is not activated. You can check the activity of the function from your reseller.
Sharing Access – Managing Organization Level Permissions
In the Sharing Access settings, the strictest (=lowest) access level must be defined. When the strictest level has been defined, you can then start managing custom sharing rules by modules for different roles and groups (see further below, the roles and groups need to be determined first).
Below there is a picture of the Sharing Access view, where the organization level access is determined.
Note, that every time when you change the module sharing rules, you have to click the Recalculate button to apply the changes.
The role hierarchy defines the visibility and editing and deleting permissions of the entities. A user with a higher role can always manage the entities owned by users with lower roles in the same branch, but only according to their own user profile permissions. The user can not see or edit the entities of another user with the same role level (these permissions can be granted in Sharing Access).
In the role hierarchy tree, you can change the roles’ order, delete roles and add new ones (see the picture below). When you place the cursor on the role, you can see the functions available for the role.
If any changes are made, remember to update the permissions via Sharing Access by clicking the Recalculate button.
A role is always linked to a Profile that defines the visibility of data of different entities to the users with the role. The form’s fields visible for each role are defined in profile permissions.
In the Profile settings it is possible to add, edit and delete the available profiles (see the picture below).
By clicking the name of the profile, you can edit the profile and define module level permissions to view, create/edit and delete the entities and the visibility of the module fields and tools (see the picture below).
Note: The visibility of the quick search fields in the modules is also managed in Profile settings. First, you’ll need to select the right profile. In editing mode, expand the settings of the Dashboards module by clicking the Expand/Collapse button (see the picture below). If the Quick search checkbox is checked, the quick search fields are visible for the users of the profile.
A group consists of a number of users in the system. An entity can be assigned to either an individual user or a group. If the entity is assigned to a group, it is visible for everyone who belongs to that group.
On the Groups settings it is possible to add, edit and delete the available groups (see the picture below). You can freely add Users, other Groups, Roles and Roles with hierarchy to a group.
Sharing Access – Custom Permissions
When the permissions have been defined on organization, role, profile and group level, you can also determine custom sharing rules for roles and groups in the Custom Sharing Rules section in Sharing Access (see the picture below). It is possible to add several different rules for different roles and groups.
The permissions described earlier determine all the permissions for the basic system access (excluding Activities). However, there are a few permission functions that are exceptional in the following areas:
- Provision calculation
- Custom reports
- Business Intelligence functions (see the guide Permissions – Business Intelligence)
- The Email Contact Portal (ECP).