Understanding Security Groups
This article describes the steps required to set up basic security in your intelligentcontract account.
This basic Security functionality allows an Administrator to create multiple Security Groups with Users assigned and then to apply that Security Group to a specific record therefore restricting who can see that record.
For example you can have a Security Group called 'Legal' with User 'Judy Weeks' assigned to it. You can then apply this Security Group to a Contract record and only the User 'Judy Weeks' can see that Contract record.
Creating a Security Group
Navigate to Configuration > Security > Security Groups.
Key points to note:
- By default, all data created will be visible to all Users, each record will be assigned the default Security Group of 'Everyone'. All Users by default are assigned to this Group and the Security Group cannot be deleted, user however can be removed from the Group.
- A User must be defined as an Administrator in order to access Security Groups and other security related controls.
- Administrators are not subject to security rules. Any User that is defined as being an Administrator will be able to see all data in the account regardless of any rules that have been set and they cannot be set to have (ro) Read Only access.
Security Groups Setup
Any number of Security Groups can be created and any number of Users can be added to each Group.
Fig 1 Security Groups
Create a new Security Group by clicking the New button to the top-right of the summary table. All you have to do at this point is give the group a name and [Save].
You should set up Security Groups to match your requirements. There should be a Security Group for each group of Users that require access to different data sets. So for example you may have a “Head Office Group” that has access to all of your data and then a “Sales Group” that has read only access only a selection of sales related Contracts.
Adding Users to a Security Group
You now should add Users to the Security Groups that were created. You can add one or many Users to one or many Security Groups. In the Security Group record select the Users tab and click the New button, a pop up will appear allowing you to select the User that you would like adding to the Group. Repeat until all relevant Users are assigned to the Group.
Fig 2 Users in Security Groups
You have now successfully created a Security Group and assigned Users to it - this means that if you apply this Security Group to any record then only Users within this Security Group can view this record.
By default the system will apply the Security Group for all records as 'Everyone' this means that every User can see every record - if you wish restrict records then you must change the default Security Group from 'Everyone' to another Security Group value.
You can update the Security Group of a record manually or have the system default it automatically.
Click here for more information regarding Automation for Basic Security
Manually updating a Security Group on a record
Every record within intelligentcontract has a default Security Group set to 'Everyone' if you wish to change this Security Group and restrict who can see this record then you can manually change the Security Group value once the record has been created.
Once a record is created you will see on the top right a padlock icon, click here and a small pop up will open displaying the current Security Group assigned to the record.
Some accounts may have this Security Group field pulled onto their record layout, adjustment to the value can be done via the field or within the pop up, changes to either one will update the other.
Updating a Security value
- Hover in the Security Groups field and an orange [Edit] field will appear, click here and the field will open for edit
- Click in the drop down or use the magnifying glass icon to view all the current Security Group values you can choose from
- When selected, the Security Group permission default will be the orange (ro) - Read Only, click the orange box again and it will update to a green (rw) Read Write. Click again it will go back to orange (ro).
- To remove a selected value, click the white 'x' in the required blue block
- You can assigned as many Security Groups as you wish to a record, each can have different permissions
- [Save] the field and the new Security settings will apply immediately
Fig 3 Changing Security Groups
TIP: The (ro) and (rw) permissions will determine if the selected Security Group can either Edit the record or just view it.
Pass Down Security Groups
By default every record held within a sub tab inherits its Security Group from the top level, so for example, if you have set a Contract record to have a top level Security Group of 'Legal (rw)' then every record created in its sub tabs will also inherit this value.
This is also stipulated in the records Security Details pop up. Here the top level Security Group is displayed with the 'Pass Down' Security Group. The pass down Security Group is the value the sub tab records inherit, by default the pass down Security Group is the same as the top level Security Group.
You are able to change the inherited Security Group to another in the same manner that you update the top level Security Group but with the added extra step of first selecting the sub tab that you wish to alter.
The example below shows that this Contracts sub tab's pass down Security Group is set to 'Everyone' but by selecting Contract Document and changing the pass down value to 'UK Property (ro)' instead this means that although 'Everyone (rw) has read write access to the Contract and most of its sub tab records only people within the 'UK Property' Security Group will be able to view the records created in its Documents sub tab.
Fig 4 - Updating Pass Down Values
Each sub tab value can be updated individually, so you could have the header record set to one Security Group(s), and each separate sub tab set to others. You can assign as many Security Groups to each of the settings and each of them with individual permissions.
These Security Groups values allow you to restrict who can see and update a record and within that record restrict who can see and update its sub tab records, giving you complete control of who has access to what data.