Understanding Security Management
- Former user (Deleted)
- Former user (Deleted)
- Frini Pouyiouka
Back to Security Management Main Page
Table of Contents
What is Security Management?
The Security Management module manages the System's security and controls the access to its features. The module also provides a set of business rules which can be used to automatically apply additional security controls.
For information related to record level access rights and restrictions (e.g. granting exclusive access to Contact Information to the members of the Department that created the Contacts) view Network Management.
Security Management Glossary
| Terms | Descriptions |
|---|---|
| Security Profile | Provide information regarding the access to modules and features. |
Privacy Level | Controls the access to data and defines how it can be shared between Organisational Units. |
| Organisational Unit | Used to organise the company’s network. |
| CSR | Stands for Conditional Security Restriction; CSRs define restrictions on features and make processes and attributes more secure, based on conditions. |
| ACR | Stand for Automatic Collaboration Rules; ACRs define rules that automatically assign a record on a specific User or Unit to further process the entity up to its completion. |
| PLAR | Privacy Level Assignment Rules automatically add a Privacy Level to specific records that meet certain conditions. |
| Common Processes | Processes which are common to all modules of the software such as Create, Read, Update and Delete. |
| Additional Processes | Any processes which are not considered as Common Processes. |
Security Management Key Processes and Concepts
| Processes / Concept | Description |
|---|---|
| Applying Privacy Level Restrictions
| Privacy Level Restrictions are applied while configuring the collaboration between Communities and Groups. Privacy Levels are used to apply additional restrictions to those stemming from the specified collaboration options. For example, users belonging to Sales Branch 1 might be able to view records belonging to Sales Branch 2, as long as the Privacy Level of the records is set to 'Public'. Privacy Level Restrictions are applied based on the following logic:
For more information view Setting up Privacy Level Assignment Rules (PLARs) and Setting up Group Collaboration Profiles. |
| Applying Privacy Levels on Entities | Users (with permission granted through their security profile) can change the Privacy Level using the dedicated Action 'Set Privacy Level'. The available choices for the new Privacy Level are filtered based on the following logic:
For more information view Setting Privacy Level - Global. |
| Unit Automatic Assignment Versus ACR Automatic Assignment | ACR with assignment option 'Based on Geographical Areas' has the same automatic assignment logic as that defined in Units. Extra conditions (entity and organisational) apply making the assignment more specific. The System first checks for assignments to be applied through the ACRs; if no assignment is made, then the Unit Automatic Assignment is checked and applied. |
Logging Changes Done to Records | Audit Log is visible on the top-right corner of the Data Entry pages of all audit trailed entities. Information related to User modifications of records is captured and displayed in the Audit Trail Tab:
|
Security Management Access & Viewing Controls
Business Network Characteristics define the level of access for each record. i.e., whether it will be available for selection, viewing or editing.
| Entity | Network Characteristics | Description |
|---|---|---|
| Privacy Level Groups | A Privacy Level Group can be selected, provided the user adding the Group belongs to one of the Allowed Organisational Units defined in the Group, or a collaboration exists between their Unit and the AOU of the Group, or if the user is a Super User. |
Security Management Related Modules
| Entity | Interaction of Security Management with Entity |
|---|---|
| All Modules |
|
Security Management - Business Examples
The following section provides business examples of how the CRM.COM Security Management module is used.
Assignment of High Privacy Level Service Requests to Specific User
Business Requirement
Company ZX would like to make the following automatic assignment to the user: Supervisor.
- Service Requests of Type 'Informational' and Privacy Level 'Super High'.
- All Service Request Types that have Privacy Level 'High'.
- Regardless of the Organisational Unit of the user that opened them.
CRM.COM Solution
Configurations
- Privacy Level Group
Create a Privacy Level Group with the following settings:- Group Name: General
- Privacy Levels
- Privacy Level: Super High / Hierarchy Level: 10
- Privacy Level: High / Hierarchy Level: 8
- Privacy Level: Moderate / Hierarchy Level: 6
- Privacy Level: Low / Hierarchy Level: 2
- Automatic Collaboration Rule
Create an ACR with the following settings:- Entity: Service Requests
- Entity Conditions:
Define two conditions:- Condition 1
- Type: Informational
- Privacy Level: Super High
- Condition 2
- Privacy Level: High
- Condition 1
- Organisational Conditions: NONE
- Assignments:
Assign to User Supervisor
User Actions
- Create the Service Request.
- Once the Service Request is created, the Privacy Level must be set.
- Select Set Privacy Level Action from the Service Request's Data Entry page and select the respective Privacy Level.
Once the Level is set the assignment to the Supervisor is completed.
More information can be found at:
Set up Visibility Conditions on Date of Birth
Business Requirement
Company ZX would like to hide Customer's Birthday from users that belong to the Customer Service department, as Birthday is only relevant for Marketing Purposes.
CRM.COM Solution
- User Process
Create a CSR with the following configurations:- Entity: Contact Information
- Field Restrictions: Day of Birth
- Organisational Conditions: Customer Service
More information on setting up visibility conditions can be found at Creating Conditional Security Restrictions (CSR).
Set up a Privacy Level to be Assigned to Subscriptions of Type London
Business Requirement
Company ZX would like to restrict access to Subscriptions created with Type 'London' by applying a 'High' Privacy Level.
CRM.COM Solution
- Configuration
- Create a PLAR with the following configurations:
- Name: London Subscriptions
- State: Active
- Assignment Options: Specific
- Privacy Level: High
- Entity Conditions:
- Entity: Subscriptions
- Entity Type: London
- Create a PLAR with the following configurations:
More Information on setting up a Privacy Level can be found at Setting up Privacy Level Assignment Rules (PLARs).
Company ZX Audit Trail Settings
Business Requirement
Company ZX would like to monitor every change of address.
CRM.COM Solution
- Configuration
Create an 'Active' Audit Trail record with the following settings:
- Entity: Contact Information
- Fields:
- Contact Information Addresses
- Contact Information Addresses/Area
- Contact Information Addresses/Country
- Contact Information Addresses/District
- Contact Information Addresses/Municipality
- Contact Information Addresses/Postal Code
- Contact Information Addresses/State
- Contact Information Addresses/Street Name
- Contact Information Addresses/Street Number
- Contact Information Addresses/Town
- Contact Information Addresses/Type
More information on Audit Trail settings can be found at Setting and Using Audit Trail.
Related Areas