Versions Compared

Old Version 5

changes.mady.by.user Persia Xenopoulou

Saved on

compared with

New Version Current

changes.mady.by.user Persia Xenopoulou

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

hiddentrue

...

Anchor
top
top

Excerpt
hiddentrue

Learn to work with Security Management

Panel
nameblue

On this page

Table of Contents
maxLevel2

Overview

...

Security management is responsible for the system's security and the center from which an organization controls access to system modules and features. It also provides a set of business rules which can be used to automatically apply additional security controls.

...

features and ensures the implementation of its business rules.

Note

Access to customer data is handled through Network Management.

 

Major features

  • Control of actions, printouts, reports, WEB APIs, and modules accessible to groups of users through security profile
  • Automatic assignment of privacy level to new records used to restrict access to groups of users
  • Automatic assignment of tasks to users or groups of users
  • Capturing of changes done to entries using audit trail
  • Restriction of visibility and modification of fields to selected departments
  • Custom selection of fields set as mandatory
  • Creation of security keys which can be used in webhooks

 

 

  • Grant access to modules and features through a security profile.
  • Assign privacy level automatically (restricting access to records, to specific groups).
  • Automatically assign tasks to users or departments.
  • Capture changes in records with an audit trail.
  • Allow selected departments to view and edit specific fields.
  • Select which fields should be mandatory. 
  • Create security keys to be used in webhooks.

Setting Up Security Management

Info
iconfalse
 Foundation > Security Management 

Security

...

profiles

...

Security Profiles provide information related to the access of modules and features by users. For example, they determine whether a menu option is available on the left menu and if the 'New' button is available for subscriptions in the Data Entry page or if the accounts receivable report, and create WEB API will be available. 

Security profiles are then assigned to users and determine the respective modules and features each User will have access to when logging into the system. 

Note

By default, full access is granted by Security Profiles and it is up to you to restrict access.

Image Removed

Security profile fields

The table describes the sections of Security Management Definitions Data Entry page, and profiles determine the system modules and features that users can access (including actions, printouts, reports, WEB APIs).  A profile grants full access by default.  It is subsequently configured with restrictions and then assigned to users.

For example, a profile can be used to restrict access to:

  • Sections on the Left menu
  • 'New' subscriptions button in the Data Entry page 
  • Accounts receivable report 
  • Option to create WEB APIs. 

Image Added

Back to top

Security profile fields

The table describes the sections of Security Management Definitions Data Entry page and explains how the fields in the page are used.

...

Allow or deny access to main menu options by selecting them (left hand side checkbox) and click on Allow Access or Deny Access links respectively.

, then Children will not be available. For example, if Access to  is denied, denying access to Billing > Additive Discounts > Manage   necessary, as the restriction will be applied through the 'Parent' menu option

'Deny' or 'Allow' access to each module's Additional Processes, which include actions available in the Actions Menu of the 'Manage Module' page and Common Processes and actions of all Configuration Modules of the specific entity.

If a process is defined as 'Denied' then the respective Actions menu button is greyed out.

'Deny' or 'Allow' access to each module's Custom Processes, which include any processes that are not included as standard with the software release but

'Deny' or 'Allow' access to each module's Common Processes, which include:

  • Viewing (i.e. accessing the Data Entry page)
  • Creating New
  • Editing
  • Deleting

If a process is defined as 'Denied' then the respective Actions menu button is greyed out.

organisation'Deny' or 'Allow' access to available for each module.  'Deny' or 'Allow' access to Interfaces available for each module, which with (like Custom Processes). Such interfaces only organisation and can be found under Pentaho Exports or Pentaho Imports of
Main Information

Name

Alternative Code

Number of Active Users : A that use the specific profile (read-only value that provides the number of 'Active' users that use the specific Security Profile.).

Inherited Security Profiles
Main Menu

Security profiles may can inherit configuration of existing security profiles configurations to speed up the setup process. The configuration of inherited security profiles overrides that of newly created profiles. For example, if a security profile for team leaders does not allow access to module configuration, then the security profile for team members (inherited from the team leaders' security profile) will also not allow access to module configuration, even if access was allowed in the definition of the team members' profile. Therefore, inherited security profiles are useful when you wish to add additional restrictions to those of an existing profile.

Menu Access

  Inherited profiles are ideal for setting additional restrictions, as their configuration overrides those of a new profile.

E.g.: The security profile of management team leaders restricts access to module configuration.  If the finance team leaders inherit their profile from the management, access to module configuration will be restricted despite being granted in the finance team leaders profile definition.

Menu Access

Select menu options (left-hand side checkbox) and use 'Allow' or 'Deny' access

Main Menu: If access to a 'Parent' menu option is denied

(e.g., Billing > Additive Discounts), the restriction is also applied the '

Child' menu options

(e.g., Billing > Additive Discounts

> Manage Ad Hoc Discounts

). The child menu option will not be

available.

Shortcuts Menu

Allow or deny access to main menu options by selecting them (left hand side checkbox) and click on Allow Access or Deny Access links respectively.Module Access
Custom Processes

Define the features from each module which that should be restricted for this to each security profile.


Modules can be filtered by application area by using the list filter . ' '. ().


 Image Added

Select a module to load the its security settings and select to grant or restrict its access by using 'Allow Access' and 'Deny Access'respectively. Image Removed

Common ProcessesAdditional Processes

use Allow and Deny access. The Actions menu button is greyed out for 'Denied' processes.

  • Common Processes: Accessing (viewing) the Data Entry page, Creating New, Editing, and Deleting.
  • Additional Processes: Actions available in the Manage Module page Actions menu or Action Panel and common processes and actions of all configuration modules of the specific entity.
  • Custom Processes that are not included as standard in the software release and have been explicitly implemented for an
  • organization.
Web API Methods
'Deny' or 'Allow' access to Reports available for each module.
Printouts

'Deny' or 'Allow' access to Printouts available for each module.

Interfaces
  • in the software release
  • and are available
  • if requested by an
  • organization under 'Pentaho Exports' or 'Imports' in the Utilities module.
Dashboards'Deny' or 'Allow' access to the Dashboards available for each module.


 Back to top 

Privacy

...

levels and privacy level groups

...

Privacy levels (PL) are used to control access to view and modify data shared between organizational units. The privacy levels are assigned to individual records of Explicit Viewing Entities (, either manually by through a dedicated action or automatically by PLARs) and are used to control the access to data when shared between organisational units as well as visibility and modification of information of those records..

Privacy levels have a flat structure and their hierarchy level is represented by a numeric value. Larger privacy level numbers denote , ascending with higher privacy; Users that belong to organisational units that have an organizational unit with access to records of a specific privacy level (e.g. Privacy Level 3)  can only access all records of that privacy level and below. (1,, PL3) can access records up to and including the specific privacy level (e.g., PL 1, 2, 3).

Privacy level groups are used to classify and label privacy levels. Once privacy level and level groups and levels are configured , they must be are used in collaboration tandem with other system features to .  For example, they can be used to:

  • Control over records shared between groups depending on their privacy level: For examplethe modification of shared records (e.g., create Group Collaboration Profiles to share data between the London and Manchester group but restrict modification of , but only let Manchester users modify records created by London users, to Manchester users).
  • Control over the visibility and modification of records with a specific privacy level: For exampleprivate records (e.g., setup Conditional Security Restrictions and restrict the visibility and modification of address and telephones, of contact information with high privacy level to all call centre agents . Refer to Applying conditional security conditions.of high privacy contact addresses and telephones to call center agents). 
  • Assign new records to particular users or departments according to the privacy level of each record has: For example(e.g., setup Automatic Collaboration Rules and assign new activities with high privacy level activities to the manager. Refer to Applying automatic collaboration rules. 

...

  • ).

Image Added

Privacy level and privacy level group fields

The table describes the sections of Automatic Collaboration Rules Privacy Level Group Data Entry page , and explains how the fields in the page are used.

 Mandatory  

Main Information

Name: the name of the group which will include with multiple privacy levels.

Alternative Code

Privacy Levels: A list of all privacy levels which that are included in the group.

  • Number: An auto-generated number that identifies the Privacy Levellevel.
  • Name
  • Hierarchy Level: The hierarchy level of the Privacy Level. Larger privacy level numbers denote , ascending with higher privacy; Users that belong to organisational units that have an organizational unit with access to records of a specific privacy level of this privacy level group specific privacy level (e.g. Privacy Level 5, PL5) can access all records belonging to this privacy level group, of that privacy level and belowup to and including the specific privacy level.


 Back to top 

Anchor
PLAR
PLAR
Privacy

...

level assignment rules 

...

Privacy Level Assignment Rules (PLARs) are used to automatically apply privacy levels on entity records. PLARs are triggered when creating or modifying a record that meets the , based on a set of conditions set on the organisational units and the entity. PLARs are also applicable on all in the PLAR.  PLARs can also be applied to Web API calls.   

Image RemovedImage Added

Privacy level assignment

...

rule fields 

The table describes the sections of Privacy Level Assignment RulesRule Data Entry page , and explains how the fields in the page are used.

...

Main Information

Name

State: The state of the PLAR which can be 'Active' or 'Inactive' . If the state is 'Inactive', (no assignment is performed).

Priority Order: Determines the order in which PLARS should be applied in case multiple are applicable. The selection box includes 5 Priority options (numbered are applied.  Priority options are numbered from '1' (highest priority) to '5') with '1' being the highest priority.  Rules with no defined priority are considered to undefined priority order have the lowest priority.

Assignment OptionsOption: Select how the privacy level will be assigned to an entity.

  • Specific: In case you select specific then you also need to (if selected, also define the 'Privacy Level' from the respective select box)  

Inherit

from

From Contact Information/Accounts Receivable:

The

Apply the privacy level of the master entity record

which is either Contact Information or Accounts Receivable depending on the entity in question will also be applied to this record. For example

(contact information or accounts receivable). E.g., Communications have

as

a contact information master entity

Contact Information

. If the

privacy level of the

contact for which the communication is created

is

has privacy level set to '5', then so will the

created

communication

will also have privacy level 5

. 

Refer to Network Management for a complete list of master and children entities.

Conditions
Entity Conditions

The set of entity related conditions which include the following:

  • Entity: select the entity for which the PLAR is applicable
    Entity (to which the PLAR applies).  Only Explicit Viewing Access Entities can be specified in PLARs.
  • Entity Type 
  • Master Entity Level: Conditions related to the level of the master entity which can be set as 'Equals to', 'Less than' or 'More than'.
Organisational ConditionsA set of the organisational units for which the PLAR is valid, and in which the unit of the user creating or modifying a record

The units in which users (creating and editing records) must be included

,

for the PLAR to

be triggered and applied

apply.

Back to top 

Anchor
ACR
ACR
Automatic

...

collaboration rules 

...

Automatic Collaboration Rules collaboration rules (ACRs) are used to automatically assign the further processing of a record to a specific user or unit based on a set of conditions, to further process the record up to its completion. ACRs are applied when

ACRs are triggered when creating or modifying a record that meets the ACR conditionsACR is only applicable for ACRs apply to the following Assignable assignable entities:

  • Activities
  • Service requests
  • Jobs
  • Leads
Note

ACRs offer two options for Automatic Assignment:

Automatic Assignment

The automatic assignment of ACRS can be based on the geographical area of the

Contact.Automatic Assignment

contact or as defined by the setup rule.

Image RemovedImage Added

Automatic collaboration rule fields

The table describes the sections of Automatic Collaboration Rules Data Entry page , and explains how the fields in the page are used.

...

Main Information

Name

Entity: select the entity which can be one of the following: Activities, Service requests, Jobs, Leads (these are Assignable Entities)State: The state of the ACR which One of the assignable entities (activities, service requests, jobs, leads).

State of the ACR can be 'Active' or 'Inactive' . If the state is 'Inactive', (no assignment is performed).

Priority Order: Determines the order in which ACRs should be applied in case multiple are applicable.  The selection box includes 5 Priority options (numbered '1' to '5') with '1' being the highest priority. Rules with no defined priority are considered to ACSs are applied.  Priority options are numbered from '1' (highest priority) to '5'.  Rules with undefined priority order have the lowest priority.
Assignment Settings

Assignment Options: Defines Select how the assignment will be applied. Two options are available:

  • Not Based On Covered Geographical Areas (default): If selected, define  Define the units and/or users to which new records should be assigned.
    • Assignment Type:
      • Specific: Specify an 'Assigned to Unit' and/or an 'Assigned to User ' that for theentity will be assigned to. If a user is specified he .  Users must belong to the defined Unitunit.
      • Logged In User's Unit: The entity will automatically be assigned to the unit of the logged in User's Unituser.
      • Logged In User: The entity will automatically be assigned to the logged in User and the User's Unit.user and their unit.
  • Based On Covered Geographical Areas

    If selected, then provide Select Units or Users which that will be automatically assigned to newly created records, provided that the location of the customer is within the covered geographical area of the unit, which that is defined in Units 
    For example, you can set .

    E.g., Set up a rule that will

    always

    assign new installation activities to installers

    that are found

    within the vicinity of the customer.

    .

      When searching for units or users to add, the system will only retrieve

    the Units (or users from units) that have covered geographical areas defined.i.e., a

    those in the defined geographical areas (A unit without a defined geographical area cannot be added to the ACR).

Refer to Applying automatic collaboration rules for more information.

Conditions
Entity Conditions

The set of entity related conditions which include the following:

  • Entity Type
  • Entity Type
  • Privacy Level
  • Life Cycle State
  • Status
  • Category
Organisational Conditions

A set of the organisational units for which the ACR is valid, and in which the Unit of the User creating or modifying a record The units in which users (creating and editing records) must be included, in order for the ACR to be triggered and appliedapplicable.


 Back to top 

Anchor
CSR
CSR
Conditional

...

security restrictions 

...

Conditional Security Restrictions (CSRs) are used to restrict the visibility of certain system features and module attributes of each module, and to define particular attributes as 'Non-editable' or 'Mandatory'. The restrictions are applied provided that certain if conditions set on the organisational organizational units and the entity entities are met. CSRs are also applicable on all apply to all Web API calls. 

Different restrictions are applied for to fields. , processes, and printouts.

 Restrictions

 

Type

Visible
Entity will be visible 

Editable
Entity will be available for editing

Mandatory
Entity cannot be saved if not defined 
Fields
Processes
Printouts

 

 Image RemovedImage Added

Conditional security restriction fields

The table describes the sections of Conditional Security Restrictions Data Entry page , and explains how the fields in the page are used.

 Mandatory  

The set of entity related conditions which include the following:
Main Information 

Name

TheEntity: The entity that the CSR will be applied to.

State: The state of the ACR which CSR can be 'Active' or 'Inactive' . If the state is 'Inactive', (no assignment is performed).

Restrictions

FieldsUnless otherwise stated otherwise in the CSR, the system sets the fields as Editable and Visible (default)'Visible' and 'Editable' by default.

Select entity fields of the selected entity and enable or disable, visibility, modification and requirementcheck to enable whether they should be 'Visible', 'Editable' and 'Mandatory'.

Note

A section or fields within a section can be selected. For example, Addresses or Addresses / Area can be selected. By selecting the section, top-level restrictions are defined (and not for each item explicitly).

Restricted Processes

Add the processes which that should not be available.

Restricted PrintoutsAdd the printouts which that should not be available.
Conditions
Entity Conditions
  • Entity Type
  • Privacy Level
  • Life Cycle State
  • Status
Organisational Conditions

A set of the organisational units for which the CSR is valid, and in which the unit of the user creating or modifying a record The units in which users (creating and editing records) must be included , for the CSR to be triggeredapply.


 Back to top 

Audit

...

trail

...

Audit Trail Settings trail settings define the rules governing Audit Trail logging in the System which monitors changes performed on System entries. Through Audit Trail Settings, the entities and fields that should be monitored can be selectedfor monitoring modifications and accessing on system records either through the UI or the WEB API.

Entities and fields to be monitored are selected through audit trail settings. Only one 'Active' instance of Audit Trail Settings per Entity audit trail settings can be configured in the System. Audit Trail Settings can only be applied on predefined for each entity.  Settings are applied to predefined CRM.COM entities, either through the UI or Web API and during the execution on any of the following processes:

...

, while modifying, deleting or removing information.

The logging of an Audit Trail audit trail can be applied to a block of information or to block components of that block. e.g., for the Contact Information Entity. For example, the complete address block or only specific components of the address (e.g such as Address/District) can be monitored. When an address block is monitored, every  an entry is added to the audit trail every time the address is modified, added or deleted, an entry will be added to the Audit Trail. When .  When the district is monitored, an Audit Trail entry will be added when the district of an already defined address is updated.

Additionally searching contacted in the system can be logged through audit trail logs available in summary pages.

Refer to Viewing Audit Trail to see  for information on how audit trail settings are applied and shown for displayed in updated records.

Image RemovedImage Added

Audit trail fields

...

The table describes the sections of Audit Trail Data Entry page , and explains how the fields in the page are used.

...

 Mandatory  

Main Information

Entity: The entity that the Audit Trail The Entity to which the audit trail will be applied on. The entities which can be monitored by the Audit Trail mechanism are listed in the Audit Trailed Entities.State: The state of the audit trail settings instance, which can be 'Active' .

State of the audit trail settings instance, which can be 'Active' or 'Inactive'.
Only The can only be one 'Active' instance can exist per Entityper entity.

Log Accessing and Retrieving defines whether the access or retrieve (search) of the data will be logged as well.

Monitored Fields

A list of all fields related to the selected entity that can be monitored , with the option to set them as active or not. Either activate or deactivate specific fields by using the respective checkbox or 'Activate All' and 'Deactivate All' by using respective linksand which can be activated or deactivated individually or all at once.

At least one field should be activated if the Audit Trail Settings State is in an 'Active' audit trail setting.

Back to top 

Secret

...

keys

...

Secret keys are registered to specific URL endpoints and are used by Webhooks in order to generate a code that will be used by third-party systems to authenticate received data. 

Image Removed

Secret keys fields

The table describes the sections of Secret Keys Data Entry page , and explains how the fields in the page are used.

...

Main Information

Name

Alternative Code

Type: The type of the secret Key which should be set to Webhook of key (Webhook)

URL Endpoint : The URL endpoint associated with the key (e.g., www.crm.com

 Key: The key is generated Generated automatically and is unique. The key is used to generate the authentication code for the webhookWebhook.

Back to top 

Related Configuration Areas

The following module is related to security management and must Mandatory modules must be configured for the security management module to work.

Optional modules may be configured for the security management module management module to operate at its full capacity.

Manual LinkAreaDescriptionConfiguration
Network ManagementUnits

Configure the units to which the ACR will

use to

assign records

to. Optionally for each Unit define the 'covered geographical areas' to be able to

. To use the 'Based on Geographical Areas' assignment option of the

CSR

ACR, define the 'covered geographical areas' for each unit.

Units may also be used in the organizational conditions of CSRs and PLARs.

Mandatory
Network Management Collaboration Between GroupsOnce privacy level groups and levels are configured use them in collaboration between groups to restrict the sharing of records between groups based on their privacy levelGroups may be used in the organizational conditions of ACRs, CSRs and PLARs.Optional

 

Using Security Management

...

Control who has access to records when shared between different departments, (collaboration of groups), or control visibility and modification of information of those records, by setting a privacy level. Use Actions > Set Privacy Level available from the Actions menu available through Summary and Data Entry Pages. 
In case you are setting the privacy level through the Summary page make sure that you first select all the records that you wish to update by checking  the checkbox on the left hand side of the record.

Additional Information

  • By changing contact information or accounts receivable privacy levels, the privacy level of any Contact Information based Entities or Accounts Receivable based Entities records, is affected
  • In case privacy level is not defined the record is accessible to all users.
  • Privacy level can be automatically set on a record based on Privacy Level Assignment Rules (PLARs). 

 

...

Audit trail helps you identify and changes done to records in your system by providing information on the old and new value as well as the user that made the change. Once audit trailed entities are established, it will be possible to monitor their modifications directly from the entry's Data Entry page.

  1. Navigate to the Data Entry page of a record with enabled audit trail
  2. Click on the AUDIT LOG button located at the top-right corner of the page.
     Image Removed 
  3. The Audit Log modal will open providing information on the modified fields and their changes.Image Removed 

...

Conditional security restrictions are automatically applied as long as conditions set in the CSR are met. Below you can see a few examples of how you can use CSR.

  • Fields: The address of a contact information with high privacy level is not visible to call centre agents

  • Restricted Processes: Restrict the creation of a job of a 'New Subscription' fulfilment scope to call centre agents
  • Restricted Printouts: Restrict the extraction of a wallet  printout when the wallet is cancelled

 

...

Automatic collaboration rules are used to assign an activity a service request, a lead or a job to a specific user or unit with the purpose to handle them. For example, on creating a new lead for a potential rewards participant residing in London, you can automatically assign it to a marketing department call agent responsible for Londoners.

There are 2 ways that the assignment can be done.

Note
  • If more than one unit covers the area in question, then the automatic assignment is not performed.
  • The geographical area information is compared to each entity's distinct address.
    • For activities, leads and service requests, it is compared against all available addresses of the related contact information ('Active' and 'Inactive').
    • For jobs: compared against job location

 

Security Management Business Examples

...

Network ManagementCommunitiesCommunities may be used in the organizational conditions of ACRs, CSRs and PLARs.Optional
Network Management Collaboration Between GroupsOnce privacy levels and level groups are configured, use them to restrict the sharing of records between collaborating groups.Optional

 

Using Security Management

Anchor
aPL
aPL
Assigning a privacy level

...

The privacy level of a record, used in system security processes, can determine:

To define the privacy level of a record, click on SET PRIVACY LEVEL from the Actions menu available on the Summary and Data Entry page.  In the Summary page, select the records to update by checking the checkbox on the left of the record.

Additional Information

  • Modifying the privacy level of a 'contact information' or an 'accounts receivable' affects the privacy level of entities associated with the specific contact or account.  For example, if the privacy level of a contact is set to 'High', the privacy level of the contact's subscriptions, accounts, wallets, and activities will be set to the same level.
  • Records without a privacy level are accessible to all users.
  • Privacy level can be automatically set on a record based on privacy level assignment rules

 

Anchor
aSP
aSP
Assigning a security profile to users

...

Security profiles are assigned to users through the manage users Data Entry page. The security profile is created and added to a user to define their security level. 

Anchor
vAudit
vAudit
Viewing the audit trail

...

The audit trail identifies changes on system records by providing information on modified values and the user that effected the change or accessing of such records as well as accessing of the records either through the UI or the WEB API

Once audit trailed entities are established, it is possible to monitor their changes directly from their Data Entry page.

  1. Navigate to the Data Entry page of an audit trail enabled record.
  2. Click on the AUDIT LOG button located at the top-right corner of the page. 

  3. The Audit Log modal will open providing information on the modified fields and their changes.

    Image Added 

Additionally Audit Trail logs associated to searching contacted in the system is available through the action 'Audit Log' available in Summary pages. If the audit trail is accessed then a list of all the searches taking place along with the criteria used is available.

Image Added

Back to top 

Anchor
aCSR
aCSR
Applying conditional security restrictions

...

Conditional security restrictions (CSRs) are automatically applied if their conditions are met. CSR examples:

  • Fields: The address of a contact with high privacy level is not visible to call center agents.

  • Processes: Restrict the creation 'New Subscription' fulfillment scope jobs to call center agents.
  • Printouts: Restrict wallet printouts after a wallet is canceled.

 

Anchor
aACR
aACR
Applying automatic collaboration rules

...

Automatic collaboration rules are used to assign activities, service requests, leads or jobs to a specific user or unit. For example, when a new lead for a potential rewards participant residing in London is created, it can be automatically assigned to a marketing department call agent responsible for the London area.

Note
  • If more than one unit covers the area, the assignment is not automatic.
  • Geographical area is evaluated against the entity's address.
    • For activities, leads and service requests, the geographical area is evaluated against all ('Active' and 'Inactive') addresses of the contact.
    • For jobs, the geographical area is evaluated against job location.

Back to top 

Reports

...

Audit Trail  information can be extracted in a structured format for analysis by using reports. The audit trail included in the report are selected and grouped based on user-defined criteria. The user can select the fields displayed in the report.
Refer to Reports for more information.

Audit Log per Contact Report

The report displays a list of the audit trail logs of a specific Contact Information and its related entities (Accounts Receivable and Rewards Participant)

Image Added

 

 

Audit Log per User Report

 

The report displays a list of the audit trail logs that were performed by a specific user and are related to Contact Information and its related entities (Accounts Receivable and Rewards Participant)

Image Added

Security Management Business Examples

Assigning tasks for government clients to a specific user

Panel
nameblue
titlePrivacy Level PLAR and ACR

Scenario 1

Company ZX would like requires the supervisor to handle service requests created for government representative customers to only be managed by the Supervisorclients.

Solution

Configuration

Privacy Level Group
 Create a Privacy Level Group privacy level group with the following settings:

  • Group Name: General
  • Privacy Levels
    • Privacy Level: Super High / Hierarchy Level: 10
    • Privacy Level: High / Hierarchy Level: 8
    • Privacy Level: Moderate / Hierarchy Level: 6
    • Privacy Level: Low / Hierarchy Level: 2

 

Privacy Level Assignment Rule
Create a PLAR with the following settings:

  • Assignment Options: Inherit From Contact Information/Accounts Receivable
  • Entity Conditions: Service Requests

 

Automatic Collaboration Rule
Create an ACR with the following settings:

  • Entity: Service Requests
  • Entity Conditions:
    • Privacy Level: Super High
  • Assignments
  • Assign to User: Supervisor


User Process

Preconditions: Privacy Level forContact Information and Accounts Receivable of government representative customers The privacy level when creating contact information and accounts receivable for government clients should be manually set to 'Super High upon creation'.

  1. Create and save the service request.
    • The privacy level is set to 'Super High' as it is inherited by the contact information (PLAR) and set to 'Super High'.
    • The service request is assigned to the supervisor due to as the privacy level set to 'Super High' (ACR).

 

...

Hiding sensitive government client information

...

Panel
nameblue
titlePrivacy Level and CSR

Scenario

Company ZX would like to hide requires that the addresses and phone numbers of government representative customers, to users that belong to the Customer Service departmentclients are hidden from users belonging to the customer service department.

Solution

Configuration

Privacy Level Group
 Create a Privacy Level Group privacy level group with the following settings:

  • Group Name: General
  • Privacy Levels
    • Privacy Level: Super High / Hierarchy Level: 10
    • Privacy Level: High / Hierarchy Level: 8
    • Privacy Level: Moderate / Hierarchy Level: 6
    • Privacy Level: Low / Hierarchy Level: 2

Conditional Security Restriction

Create a CSR with the following configurations:

    • Entity: Contact Information
    • Field Restrictions: Select all address related fields and remove visibility
    • Conditions: Privacy Level: : Privacy level is 'Super High'
    • Organisational Conditions: Customer Serviceservice

 

...

Monitoring address changes

Panel
nameblue
titleAudit Trail settings

Scenario 3

Company ZX would like wants to monitor every change of all address changes.

Solution

Configuration 

Audit Trail

Create an 'Active' Audit Trail audit trail record with the following settings: 

  • Entity: Contact Information
  • Fields: 
    • Contact Information Addresses
    • Contact Information Addresses/Area
    • Contact Information Addresses/Country
    • Contact Information Addresses/District
    • Contact Information Addresses/Municipality
    • Contact Information Addresses/Postal Code
    • Contact Information Addresses/State
    • Contact Information Addresses/Street Name
    • Contact Information Addresses/Street Number
    • Contact Information Addresses/Town
  • Contact Information Addresses/Type
Note
titleNotes

Back to top 

Glossary  

CRM.COM TermDefinition
ActivityA small task or action that is either stand-alone or must be completed as part of a larger project.
LeadA potential opportunity for additional business.
Service RequestUsed Request used to register problems that customers experience with their products and subscriptions and to check whether products are under warranty. 
JobA small project initiated by the operator for customers, involving the delivery and billing of services, products, and activities. Customer requests and orders, such as that for a new subscription, can be initiated and registered through a job.
Assignable EntityA CRM.COM entity which that requires a course of action and can be assigned to a unit or a user, which will be responsible for performing the actions.
Organisational UnitA unit or , group or community.
Explicit Viewing EntityEntity which that holds information regarding the owner of a record.
UnitRepresents a A body of Users which users that belong on to the same team and follow identical business processes.
GroupRepresents a A body of Users which users that belong to the same department and to one or multiple collaborating teams within that department, and follow common business processes.
CollaborationThe sharing between groups of data to be viewed, modified, or assigned between goups.

 

 

 

Panel
namegrey

Related Links

Filter by label (Content by label)
showLabelsfalse
spacesV4Manual
showSpacefalse
labelsglobal

 

Back to top