...
...
...
...
...
...
...
...
...
hidden | true |
---|
...
Learn to work with Security Management
...
name | blue |
---|
On this page
...
Anchor | ||||
---|---|---|---|---|
|
Excerpt | ||
---|---|---|
| ||
Learn to work with Security Management |
Panel | ||||
---|---|---|---|---|
| ||||
On this page
|
Overview
Security management is responsible for the system's security and the center from which an organization controls access to system modules and features. It also provides a set of business rules which can be used to automatically apply additional security controlsfeatures and ensures the implementation of its business rules.
Note |
---|
For information related to record level access rights and restrictions (e.g. granting exclusive access to Contact Information to the members of the department that created the contacts) view Access to customer data is handled through Network Management. |
Major features
- Control of actions, printouts, reports, WEB APIs, and modules accessible to groups of users through security profile
- Automatic assignment of privacy level to new records used to restrict access to groups of users
- Automatic assignment of tasks to users or groups of users
- Capturing of changes done to entries using audit trail
- Restriction of visibility and modification of fields to selected departments
- Custom selection of fields set as mandatory
- Creation of security keys which can be used in webhooks
- Grant access to modules and features through a security profile.
- Assign privacy level automatically (restricting access to records, to specific groups).
- Automatically assign tasks to users or departments.
- Capture changes in records with an audit trail.
- Allow selected departments to view and edit specific fields.
- Select which fields should be mandatory.
- Create security keys to be used in webhooks.
Setting Up Security Management
Info | ||
---|---|---|
| ||
Foundation > Security Management |
Security
...
Security Profiles provide information related to the access of modules and features by users. For example, they determine whether a menu option is available on the left menu and if the 'New' button is available for subscriptions in the Data Entry page or if the accounts receivable report, and create WEB API will be available.
Security profiles are then assigned to users and determine the respective modules and features each User will have access to when logging into the system.
Note |
---|
By default, full access is granted by Security Profiles and it is up to you to restrict access. |
...
profiles
...
Security profiles determine the system modules and features that users can access (including actions, printouts, reports, WEB APIs). A profile grants full access by default. It is subsequently configured with restrictions and then assigned to users.
For example, a profile can be used to restrict access to:
- Sections on the Left menu
- 'New' subscriptions button in the Data Entry page
- Accounts receivable report
- Option to create WEB APIs.
Security profile fields
The table describes the sections of Security Management Definitions Data Entry page , and explains how the fields in the page are used.
...
Main Information | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Name Alternative Code Number of Active Users : A that use the specific profile (read-only value that provides the number of 'Active' users that use the specific Security Profile). | ||||||||||||||||||||||||||||
Inherited Security Profiles | ||||||||||||||||||||||||||||
Main Menu | Security profiles may can inherit configuration of existing security profiles configurations to speed up the setup process. The configuration of inherited security profiles overrides that of newly created profiles. For example, if a security profile for team leaders does not allow access to module configuration, then the security profile for team members (inherited from the team leaders' security profile) will also not allow access to module configuration, even if access was allowed in the definition of the team members' profile. Therefore, inherited security profiles are useful when you wish to add additional restrictions to those of an existing profile. | |||||||||||||||||||||||||||
Menu Access | ||||||||||||||||||||||||||||
Inherited profiles are ideal for setting additional restrictions, as their configuration overrides those of a new profile. E.g.: The security profile of management team leaders restricts access to module configuration. If the finance team leaders inherit their profile from the management, access to module configuration will be restricted despite being granted in the finance team leaders profile definition. | ||||||||||||||||||||||||||||
Menu Access Select menu options (left-hand side checkbox) and use 'Allow' or 'Deny' access | ||||||||||||||||||||||||||||
Main Menu: If access to a 'Parent' menu | option is denied, then the 'Children' menu options will not be available. For example, if Access to Billing > Additive Discounts is denied, denying access to option is denied (e.g., Billing > Additive Discounts | > Manage Ad Hoc Discounts will not be necessary, as the restriction will be applied through the 'Parent' menu option.Shortcuts Menu | Allow or deny access to main menu options by selecting them (left hand side checkbox) and click on Allow Access or Deny Access links respectively.), the restriction is also applied the 'Child' menu options (e.g., Billing > Additive Discounts > Manage Ad Hoc Discounts). The child menu option will not be available. Shortcuts Menu | |||||||||||||||||||||||||
Module Access | ||||||||||||||||||||||||||||
Custom Processes | 'Deny' or 'Allow' access to each module's Custom Processes, which include any processes that are not included as standard with the software release butDefine the features from each module which that should be restricted for this to each security profile. | Common Processes | Additional Processes | organisation | Web API Methods | 'Deny' or 'Allow' access to | available for each module. | 'Deny' or 'Allow' access to Reports available for each module. | 'Deny' or 'Allow' access to Printouts available for each module. | Interfaces | 'Deny' or 'Allow' access to Interfaces available for each module, whichwith | (like Custom Processes). Such interfaces | only | organisation and can be found under Pentaho Exports or Pentaho Imports of | ||||||||||||||
Dashboards | 'Deny' or 'Allow' access to the Dashboards available for each module. | |||||||||||||||||||||||||||
Privacy
...
levels and
...
privacy level groups
...
Privacy levels (PL) are used to control access to view and modify data shared between organizational units. The privacy levels are assigned to individual records of Explicit Viewing Entities (, either manually by through a dedicated action or automatically by PLARs) and are used to control the access to data when shared between organisational units as well as visibility and modification of information of those records.
Privacy levels have a flat structure and their hierarchy level is represented by a numeric value. Larger privacy level numbers denote , ascending with higher privacy; Users that belong to organisational units that have an organizational unit with access to records of a specific privacy level (e.g. Privacy Level 3) can only access all records of that privacy level and below. (, PL3) can access records up to and including the specific privacy level (e.g., PL 1, 2, 3).
Privacy level groups are used to classify and label privacy levels. Once privacy level and level groups and levels are configured , they must be are used in collaboration tandem with other system features to be used:
...
. For example, they can be used to:
- Control the modification of shared records (e.g., create Group Collaboration Profiles to share data between the London and Manchester group but restrict modification of , but only let Manchester users modify records created by London users, to Manchester users).
- Control over the visibility and modification of records with a specific privacy level: For exampleprivate records (e.g., setup Conditional Security Restrictions and restrict the visibility and modification of address and telephones, of contact information with high privacy level to all call centre agents . Refer to Applying conditional security conditions.of high privacy contact addresses and telephones to call center agents).
- Assign new records to particular users or departments according to the privacy level of each record has: For example(e.g., setup Automatic Collaboration Rules and assign new activities with high privacy level activities to the manager. Refer to Applying automatic collaboration rules.
...
- ).
Privacy level and privacy level group fields
The table describes the sections of Automatic Collaboration Rules Privacy Level Group Data Entry page , and explains how the fields in the page are used.
Mandatory
Main Information | |
---|---|
Name: the name of the group which will include with multiple privacy levels. Alternative Code Privacy Levels: A list of all privacy levels which that are included in the group.
|
Anchor | ||||
---|---|---|---|---|
|
...
level assignment rules
...
Privacy Level Assignment Rules (PLARs) are used to automatically apply privacy levels on entity records. PLARs are triggered when creating or modifying a record that meets the conditions set on the organisational units and the entity. PLARs are also applicable on all , based on a set of conditions set in the PLAR. PLARs can also be applied to Web API calls.
Privacy level assignment
...
rule fields
The table describes the sections of Privacy Level Assignment RulesRule Data Entry page , and explains how the fields in the page are used.
...
Main Information | ||
---|---|---|
Name State: The state of the PLAR which can be 'Active' or 'Inactive' . If the state is 'Inactive', (no assignment is performed). Priority Order: Determines the order in which PLARS should be applied in case multiple are applicable. The selection box includes 5 Priority options (numbered are applied. Priority options are numbered from '1' (highest priority) to '5') with '1' being the highest priority. Rules with no defined priority are considered to . Rules with undefined priority order have the lowest priority. Assignment OptionsOption: Select how the privacy level will be assigned to an entity.
Inherit fromFrom Contact Information/Accounts Receivable: TheApply the privacy level of the master entity record which is either Contact Information or Accounts Receivable depending on the entity in question will also be applied to this record. For example(contact information or accounts receivable). E.g., Communications have asa contact information master entity Contact Information. If the privacy level ofthe contact for which the communication is created ishas privacy level set to '5', then so will the createdcommunication will also have privacy level 5. | ||
Conditions | ||
Entity Conditions |
| |
Organisational Conditions | A set of the organisational units for which the PLAR is valid, and in which the unit of the user creating or modifying a record The units in which users (creating and editing records) must be included ,for the PLAR to be triggered and appliedapply. |
Anchor | ||||
---|---|---|---|---|
|
...
collaboration rules
...
Automatic Collaboration Rules collaboration rules (ACRs) are used to automatically assign the further processing of a record to a specific user or unit based on a set of conditions, to further process the record up to its completion. ACRs are applied when .
ACRs are triggered when creating or modifying a record that meets the ACR conditions. ACR is only applicable for ACRs apply to the following Assignable assignable entities:
- Activities
- Service requests
- Jobs
- Leads
Note |
---|
ACRs offer two options for Automatic Assignment: Automatic AssignmentThe automatic assignment of ACRS can be based on the geographical area of the Contact.Automatic Assignmentcontact or as defined by the setup rule. |
Automatic collaboration rule fields
The table describes the sections of Automatic Collaboration Rules Data Entry page , and explains how the fields in the page are used.
...
Main Information | ||
---|---|---|
Name Entity: select the entity which can be one of the following: Activities, Service requests, Jobs, Leads (these are Assignable Entities)State: The state of the ACR which One of the assignable entities (activities, service requests, jobs, leads). State of the ACR can be 'Active' or 'Inactive' . If the state is 'Inactive', (no assignment is performed). Priority Order: Determines the order in which ACRs should be applied in case multiple are applicable. The selection box includes 5 Priority options (numbered '1' ACSs are applied. Priority options are numbered from '1' (highest priority) to '5') with '1' being the highest priority. Rules with no defined priority are considered to . Rules with undefined priority order have the lowest priority. | ||
Assignment Settings | ||
Assignment Options: Defines Select how the assignment will be applied. Two options are available:
| ||
Conditions | ||
Entity Conditions | The set of entity related conditions which include the following:
| |
Organisational Conditions | A set of the organisational units for which the ACR is valid, and in which the Unit of the User creating or modifying a record The units in which users (creating and editing records) must be included, in order for the ACR to be triggered and appliedapplicable. |
Anchor | ||||
---|---|---|---|---|
|
...
security restrictions
...
Conditional Security Restrictions (CSRs) are used to restrict the visibility of certain system features and module attributes of each module, and to define particular attributes as 'Non-editable' or 'Mandatory'. The restrictions are applied provided that certain if conditions set on the organisational organizational units and the entity entities are met. CSRs are also applicable on all apply to all Web API calls.
Different restrictions are applied for to fields. , processes, and printouts.
Restrictions | |||
---|---|---|---|
Type | Visible Entity will be visible | Editable | Mandatory Entity cannot be saved if not defined |
Fields | |||
Processes | |||
Printouts |
Conditional security restriction fields
The table describes the sections of Conditional Security Restrictions Data Entry page , and explains how the fields in the page are used.
Mandatory
Main Information | |||
---|---|---|---|
Name TheEntity: The entity that the CSR will be applied to. State: The state of the ACR which CSR can be 'Active' or 'Inactive'. If the state is ' or 'Inactive' , (no assignment is performed). | |||
Restrictions | |||
Fields | Unless otherwise stated otherwise in the CSR, the system sets the fields as Editable and Visible (default)'Visible' and 'Editable' by default. Select entity fields of the selected entity and enable or disable, visibility, modification and requirementcheck to enable whether they should be 'Visible', 'Editable' and 'Mandatory'.
| ||
Restricted Processes | Add the processes which that should not be available. | ||
Restricted Printouts | Add the printouts which that should not be available. | ||
Conditions | |||
Entity Conditions | The set of entity related conditions which include the following:Conditions |
| |
Organisational Conditions | A set of the organisational units for which the CSR is valid, and in which the unit of the user creating or modifying a record The units in which users (creating and editing records) must be included , for the CSR to be triggeredapply. |
Audit
...
trail
...
Audit Trail Settings trail settings define the rules governing Audit Trail logging in the System which monitors changes performed on System entries. Through Audit Trail Settings, the entities and fields that should be monitored can be selectedfor monitoring modifications on system records.
Entities and fields to be monitored are selected through audit trail settings. Only one 'Active' instance of Audit Trail Settings per Entity audit trail settings can be configured in the System. Audit Trail Settings can only be applied on predefined for each entity. Settings are applied to predefined CRM.COM entities, either through the UI or Web API and during the execution on any of the following processes:
- Modifying
- Deleting
- Removing information
The logging of an Audit Trail , while modifying, deleting or removing information.
The logging of audit trail can be applied to a block of information or to block components of that block. e.g., for the Contact Information Entity, the . For example, the complete address block or only specific components of the address (e.g such as Address/District) can be monitored. When an address block is monitored, every an entry is added to the audit trail every time the address is modified, added or deleted, an entry will be added to the Audit Trail. . When the district is monitored, an Audit Trail entry will be added when the district of an already defined address is updated.
Refer to Viewing Audit Trail to see for information on how audit trail settings are applied and shown for displayed in updated records.
Audit trail fields
The table describes the sections of Audit Trail Data Entry page , and explains how the fields in the page are used.
Mandatory
Main Information | |
---|---|
Entity: The entity that the Audit Trail The Entity to which the audit trail will be applied on. State : The state of the audit trail settings instance, which can be 'Active' or 'Inactive'. | |
Monitored Fields | |
A list of all fields related to the selected entity that can be monitored , with the option to set them as active or not. Either activate or deactivate specific fields by using the respective checkbox or 'Activate All' and 'Deactivate All' by using respective linksand which can be activated or deactivated individually or all at once. At least one field should be activated if the Audit Trail Settings State is in an 'Active'' audit trail setting. |
Secret
...
keys
...
Secret keys are registered to specific URL endpoints and are used by Webhooks in order to generate a code that will be used by third-party systems to authenticate received data.
Secret keys fields
The table describes the sections of Secret Keys Data Entry page , and explains how the fields in the page are used.
...
Main Information | |
---|---|
Name Alternative Code Type: The type of the secret Key which should be set to Webhook of key (Webhook) URL Endpoint : The URL endpoint associated with the key (e.g., www.crm.com) Key: The key is generated Generated automatically and is unique. The key is used to generate the authentication code for the webhookWebhook. |
Related Configuration Areas
The following module is related to security management and must Mandatory modules must be configured for the security management module to work.
Optional modules may be configured for the security management module management module to operate at its full capacity.
Manual Link | Area | Description | Configuration | Area | Description | Configuration |
---|---|---|---|---|---|---|
Network Management | Units | Configure the units to which the ACR will assign records. To use the 'Based on Geographical Areas' assignment option of the ACR, define the 'covered geographical areas' for each unit. Units may also be used in the organizational conditions of CSRs and PLARs. | Mandatory | |||
Network Management | Groups | Groups may be used in the organizational conditions of ACRs, CSRs and PLARs. | Optional | |||
Network Management | Units | Configure the units which the ACR will use to assign records to. Optionally for each Unit define the 'covered geographical areas' to be able to use the 'Based on Geographical Areas' assignment option of the CSR | MandatoryCommunities | Communities may be used in the organizational conditions of ACRs, CSRs and PLARs. | Optional | |
Network Management | Collaboration Between Groups | Once privacy levels and level groups and levels are configured, use them in collaboration between groups to restrict the sharing of records between collaborating groups based on their privacy level. | Optional |
Using Security Management
Anchor | ||||
---|---|---|---|---|
|
...
a privacy level
...
The privacy level of a record, used in system security processes, can determine:
- Permissions to view and modify information shared between departments through Group Collaboration.
- Permissions to view and modify data through Conditional Security Restrictions.
- Users or units to be assigned activities, service requests, jobs and leads through Automatic Collaboration Rules.
To define the privacy level of a record, click on SET PRIVACY LEVEL from the Actions menu available on the Summary and Data Entry page. In the Summary page, select the records to update by checking the checkbox on the left of the record.
Additional Information
- By changing Modifying the privacy level of a 'contact information' or an 'accounts receivable privacy levels' affects the privacy level of entities associated with the specific contact or account. For example, if the privacy level of a contact is set to 'High', the privacy level of any Contact Information based Entities or Accounts Receivable based Entities records, is affectedIn case privacy level is not defined the record is the contact's subscriptions, accounts, wallets, and activities will be set to the same level.
- Records without a privacy level are accessible to all users.
- Privacy level can be automatically set on a record based on Privacy Level Assignment Rules (PLARs)on privacy level assignment rules.
Anchor | ||||
---|---|---|---|---|
|
...
Security Profiles profiles are assigned to users through the Manage Usersmanage users Data Entry page. Once you create the The security profile you can define the security level of a user by adding the profile to his useris created and added to a user to define their security level.
Anchor | ||||
---|---|---|---|---|
|
...
the audit trail
...
The audit trail identifies changes on system records by providing information on the old and new value as well as modified values and the user that made effected the change. Once audit trailed entities are established, it will be is possible to monitor their modifications changes directly from the entry's their Data Entry page.
- Navigate to the Data Entry page of a record with enabled an audit trail enabled record.
- Click on the AUDIT LOG button located at the top-right corner of the page.
The Audit Log modal will open providing information on the modified fields and their changes.
Anchor | ||||
---|---|---|---|---|
|
...
Conditional security restrictions (CSRs) are automatically applied as long as conditions set in the CSR are met. Below you can see a few examples of how you can use CSR.if their conditions are met. CSR examples:
Fields: The address of a contact information with high privacy level is not visible to call centre center agents.
- Restricted Processes: Restrict the creation of a job of a 'New Subscription' fulfilment fulfillment scope jobs to call centre center agents.
- Restricted Printouts: Restrict the extraction of a wallet printout when the wallet printouts after a wallet is cancelledcanceled.
Anchor | ||||
---|---|---|---|---|
|
...
Automatic collaboration rules are used to assign an activity a service request, a lead or a job activities, service requests, leads or jobs to a specific user or unit with the purpose to handle them. For example, on creating when a new lead for a potential rewards participant residing in London is created, you it can be automatically assign it assigned to a marketing department call agent responsible for Londoners.There are 2 ways that the assignment can be donethe London area.
Note |
---|
|
Security Management Business Examples
...
Assigning tasks for government
...
clients to a specific user
Panel | ||||
---|---|---|---|---|
| ||||
Scenario 1 Company ZX would like requires the supervisor to handle service requests created for government representative customers to only be managed by the Supervisorclients. Solution Configuration Privacy Level Group
Privacy Level Assignment Rule
Automatic Collaboration Rule
User Process Preconditions: Privacy Level forContact Information and Accounts Receivable of government representative customers The privacy level when creating contact information and accounts receivable for government clients should be manually set to 'Super High upon creation'.
|
...
Hiding sensitive government client information
...
Panel | ||||
---|---|---|---|---|
| ||||
Scenario Company ZX would like to hide requires that the addresses and phone numbers of government representative customers, to users that belong to the Customer Service departmentclients are hidden from users belonging to the customer service department. Solution Configuration Privacy Level Group
Conditional Security Restriction Create a CSR with the following configurations:
|
...
Monitoring address changes
Panel | ||||
---|---|---|---|---|
| ||||
Scenario 3 Company ZX would like wants to monitor every change of all address changes. Solution Configuration Audit Trail Create an 'Active' Audit Trail audit trail record with the following settings:
|
Note | ||
---|---|---|
| ||
|
Glossary
CRM.COM Term | Definition |
---|---|
Activity | A small task or action that is either stand-alone or must be completed as part of a larger project. |
Lead | A potential opportunity for additional business. |
Service Request | Used Request used to register problems that customers experience with their products and subscriptions and to check whether products are under warranty. |
Job | A small project initiated by the operator for customers, involving the delivery and billing of services, products, and activities. Customer requests and orders, such as that for a new subscription, can be initiated and registered through a job. |
Assignable Entity | A CRM.COM entity which that requires a course of action and can be assigned to a unit or a user, which will be responsible for performing the actions. |
Organisational Unit | A unit or , group or community. |
Explicit Viewing Entity | Entity which that holds information regarding the owner of a record. |
Unit | Represents a A body of Users which users that belong on to the same team and follow identical business processes. |
Group | Represents a A body of Users which users that belong to the same department and to one or multiple collaborating teams within that department, and follow common business processes. |
Collaboration | The sharing between groups of data to be viewed, modified, or assigned between goups. |
Panel | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Related Links
|