Versions Compared

Old Version 10

changes.mady.by.user Persia Xenopoulou

Saved on

compared with

New Version 11

changes.mady.by.user p_demou

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Back to Security Management Main Page 

Excerpt
hiddentrue

Understand the usage of Security Management within CRM.COM.

Panel
nameblue

Table of Contents

Table of Contents
minLevel2

What is Security Management?

The Security Management module manages all security aspects of the software. Access to features of the software and access to data can be controlled through the Security Management module. In addition the module the System's security and controls the access to its features. The module also provides a set of business rules which can be used to automatically apply additional security controls.

Note

For information related to record level access rights and restrictions (e.g. granting exclusive access to Contact Information to the members of the Department that created the Contacts) view Network Management.

Security Management  Glossary

Automatic Collaboration Rules
TermsDescriptions
Security ProfileSecurity profiles are used to control Provide information regarding the access to modules and features

Privacy Level

Privacy levels are used to control Controls the access to data and define defines how they it can be shared within organisational units
Organizational Unit

Organizational Units are used to organize the company’s network and define the collaboration between them

CSRConditional Security Restrictions
ACRbetween Organisational Units.
Organisational Unit

Used to organise the company’s network.

CSRStands for Conditional Security Restriction; CSRs define restrictions on features and make processes and attributes more secure, based on conditions.
ACRStand for Automatic Collaboration Rules; ACRs define rules that automatically assign a record on a specific User or Unit to further process the entity up to its completion.
PLARPrivacy Level Assignment Rules automatically add a Privacy Level to specific records that meet certain conditions.
Common ProcessesThe processes Processes which are common for each module to all modules of the software such as createCreate, read, update, delete processesRead, Update and Delete.
Additional ProcessesAny processes which are not considered as common processesCommon Processes.

Security Management  Key Processes and Concepts

Processes / ConceptDescription
Applying Privacy Level Restrictions

 

Privacy level restrictions Level Restrictions are applied as part of the processes which are enforcing the collaboration between communities and groups. Privacy levels while configuring the collaboration between Communities and Groups. Privacy Levels are used to apply additional restrictions on top of the restrictions which are derived by to those stemming from the specified collaboration options. For example, users belonging to sales branch Sales Branch 1 might be able to view records belonging to sales branch 2 only if their privacy level Sales Branch 2, as long as the Privacy Level of the records is set to public. The following logic is followed to apply privacy level restrictions:

Record

'Public'. Privacy Level Restrictions are applied based on the following logic:

  • A record is accessible if its privacy level Privacy Level has a numeric value which is equal to or less than the privacy level Privacy Level defined for a specific collaboration option.
  • Record A record is accessible if its privacy level Privacy Level is ignored because a specific collaboration option is set to be allowed as 'Allowed' for all privacy levelsRecord Privacy Levels.
  • A record is accessible if its privacy level Privacy Level is ignored because it is not specified (i.e., applicable by default to all by default)).
Note

For more information view Setting up Privacy Level Assignment Rules (PLARs) and Setting up Group Collaboration Profiles.

Applying Privacy Levels on Entities

All Users Users (with permission granted through their security profile) can change the privacy level through a dedicated “Set Privacy Level” action, if they are allowed by the security profile assigned to them. The new Privacy Levels which can be set Privacy Level using the dedicated Action 'Set Privacy Level'. The available choices for the new Privacy Level are filtered based on the following logic:

  • Privacy Levels belonging to Privacy Level Groups, which are applicable apply to all Communities, Group, Units. i.e., no restrictions were specified.
  • Privacy Levels belonging to Privacy Level Groups which have , including the Group one that the User used during log in login, are included in the list of Communities, Groups or Units which can select that record.
Note

For more information view Setting Privacy Level - Global.

Unit Automatic Assignment Versus ACR Automatic Assignment

ACR with assignment option "'Based on Geographical Areas" ' has the same automatic assignment logic as the one defined in Units, however the ACR offers you extra conditions (Entity & Organisational conditions), to make that defined in Units. Extra conditions (entity and organisational) apply making the assignment more specific.

Applying Audit Trail

Audit Trail is visible in the detail pages of all Audit Trailed Entities, as a tab at the bottom. If an entity is audit trailed and a user makes changes to an audit trailed field then all the related information will be captured and made available in the Audit Trail Tab of the specific record.

The information displayed in the audit trail tab is the following
Note

The System first checks for assignments to be applied through the ACRs; if no assignment is made, then the Unit Automatic Assignment is checked and applied.

Logging Changes Done to Records

Audit Log is visible on the top-right corner of the Data Entry pages of all audit trailed entities. Information related to User modifications of records is captured and displayed in the Audit Trail Tab:

  • Attribute: The field that has been manipulatedsubject to change.
  • Action: The action applied on the field.
    • Addition
    • Removal
    • Modification
  • From Value: The old former value (before the change).
  • To Value: The new value (after the change).
  • Modified Date: Date on which the change was executed.
  • Modified by User: User that made the change.
  • Modified by Unit: Unit of the user User that made the change belonged to.

Security Management

 Network Characteristics

Access & Viewing Controls

Business Network Characteristics define the level of access for each record. i.e., whether it will be available for selection, viewing , or editing etc.

EntityNetwork CharacteristicsDescription
Privacy Level GroupsA Privacy Level Groupcan be selected, provided the user adding the Groupbelongs to one of the Allowed Organisational Units defined in the Group, or a collaboration exists between their Unit and the AOU of the Group, or if the user is a Super User.

 

Security Management Related Modules 

EntityInteraction of Security Management with EntityHow
All Modules
  • Security Profiles control the access of users Users to all modules.
  • Privacy Level and Privacy Level Groups can be configured and applied to all modules.
  • Audit Trail can be configured to most of the modules
  • CSR, ACR and PLAR can be configured and applied to all modules.

Security Management  - Business Examples

The following section provides business examples to help you understand of how the CRM.COM Security Management module is used.

Set up Automatic Collaboration Rule for automatic assignment of Service Requests

Assignment of High Privacy Level Service Requests to Specific User

Panel
nameblue
titleSet up Automatic Collaboration Rule for automatic assignment of Service Requests

Business Requirement

Company ZX would like to make the following automatic assignment to the user: Supervisor.

  • Service Requests of type informational Type 'Informational' and Privacy Level 'Super High High'.
  • All Service Request types Types that have Privacy Level 'High'.
  • Regardless of the Organizational Organisational Unit of the user that opened them belongs to.

CRM.COM SolutionUser Process 

Configurations

  • Privacy Level Group
         Create a Privacy Level Group with the following settings:
    • Group Name: General
    • Privacy Levels
      • Privacy Level: Super High / Hierarchy Level: 10
      • Privacy Level: High / Hierarchy Level: 8
      • Privacy Level: Moderate / Hierarchy Level: 6
      • Privacy Level: Low / Hierarchy Level: 2

 

  • Automatic Collaboration Rule
    Create an ACR with the following configurationssettings:
    • Entity: Service Requests
    • Entity Conditions:
      Define two conditions:
      • Condition 1
        • Type: Informational
        and
        • Privacy Level: Super High
      • No Type and Condition 2
        • Privacy Level: High
    • Organisational Conditions: NONE NONE
    • Assignments:
             Assign to User Supervisor

User Actions

  • Create the Service Request.
  • Once the Service Request is created, the Privacy Level must be set.
  • Select Set Privacy Level Action from the Service Request's Data Entry page and select the respective Privacy Level.
    Once the Level is set the assignment to the Supervisor is completed.


Note

More Information on Set up Automatic Collaboration Rule informationcan be found atCreating Automatic Collaboration Rules (ACR):

 

Set up

visibility conditions

Visibility Conditions on Date of Birth

Panel
nameblue
titleSet up visibility conditions on Date of Birth

Business Requirement

Company ZX would like to hide Customer's Birthday from users that belong to the Customer Service department, as Birthday is only being used relevant for Marketing Purposes and would not like Customer Service department to have access. 

CRM.COM Solution

  • User Process
         Create a CSR with the following configurations:
    • Entity: Contact Information
    • Field Restrictions: Day of Birth
    • Organisational Conditions: Customer Service

Note

More Information information on Set setting up visibility conditions can be found at Creating Conditional Security Restrictions (CSR) /wiki/spaces/WIP/pages/10008256.

Set up a Privacy Level to be

assigned

Assigned to Subscriptions of Type London

Panel
nameblue
titleSet up a Privacy Level to be assigned to Subscriptions of Type London

Business Requirement

Company ZX would like to restrict access to Subscriptions created with type Type 'London' by applying a high 'High' Privacy Level.

CRM.COM Solution

  • Configuration
    • Create a PLAR with the following configurations:
      • Name: London Subscriptions
      • State: Active
      • Assignment Options: Specific
      • Privacy Level: High
      • Entity Conditions:
        • Entity: Subscriptions
        • Entity Type: London
Note

More Information on Set setting up a Privacy Level can be found at Creating Privacy Level Assignment Rules (PLAR) /wiki/spaces/WIP/pages/10008255.

Company ZX Audit Trail

settings

Settings

Panel
nameblue
titleCompany ZX Audit Trail settings

Business Requirement

Company ZX would like to monitor every time a change of address is done.

CRM.COM Solution

  • Configuration 

    Create an active 'Active' Audit Trail record with the following settings:

    • Entity: Contact Information
    • Fields: 
      • Contact Information Addresses
      • Contact Information Addresses/Area
      • Contact Information Addresses/Country
      • Contact Information Addresses/District
      • Contact Information Addresses/Municipality
      • Contact Information Addresses/Postal Code
      • Contact Information Addresses/State
      • Contact Information Addresses/Street Name
      • Contact Information Addresses/Street Number
      • Contact Information Addresses/Town
      • Contact Information Addresses/Type
Note

More Information information on Audit Trail settings can be found at Setting and Using Audit Trail /wiki/spaces/WIP/pages/10008253.

Panel
namegrey

Related Areas

Filter by label (Content by label)
showLabelsfalse
spacesV4Manual
showSpacefalse
labelssecurity-management-basics-r7,security-management-advanced-r7,security-management-admin-r7