Understanding Security Groups
This article describes the steps required to set up basic security in your intelligentcontract account.
This basic security functionality allows an Administrator to create multiple Security Groups with Users assigned, and then to apply that Security Group to a specific record; therefore restricting who can see that record.
For example, you can have a Security Group called 'Legal' with the User 'Judy Weeks' assigned to it. You can then apply this Security Group to a Contract record, and only the User 'Judy Weeks' can see that Contract record.
Creating a Security Group
Navigate to Configuration > Security > Security Groups.
Key points to note:
- By default, all data created will be visible to all Users, each record will be assigned the default Security Group of 'Everyone'. All Users by default are assigned to this Group and the Security Group cannot be deleted, but a user can be removed from the Group.
- A User must be defined as an Administrator in order to access Security Groups and other security related controls.
- Administrators are not subject to security rules. Any User that is defined as being an Administrator will be able to see all data in the account regardless of any rules that have been set, and they cannot be set to have Read-Only (ro) access.
Security Groups Setup
Any number of Security Groups can be created, and any number of Users can be added to each Group.
Fig 1 Security Groups
Create a new Security Group by clicking the New button to the top-right of the summary table. All you have to do at this point is give the group a name and [Save].
You should set up Security Groups to match your requirements. There should be a Security Group for each group of Users that require access to different data sets. For example, you may have a “Head Office Group” that has access to all of your data and a “Sales Group” that has read only access only a selection of sales related Contracts.
Adding Users to a Security Group
You now should add Users to the Security Groups that were created. You can add one or many Users to one or many Security Groups. In the Security Group record, select the Users tab and click the New button. A pop up will appear, allowing you to select the User that you would like adding to the Group. Repeat until all relevant Users are assigned to the Group.
Fig 2 Users in Security Groups
You have now successfully created a Security Group and assigned Users to it. This means that if you apply this Security Group to any record, only Users within this Security Group can view this record.
By default the system will apply the Security Group for all records as 'Everyone' this means that every User can see every record - if you wish restrict records then you must change the default Security Group from 'Everyone' to another Security Group value.
You can update the Security Group of a record manually or have the system default it automatically.
Click here for more information regarding Automation for Basic Security
Manually updating a Security Group on a record
Every record within intelligentcontract has a default Security Group set to 'Everyone'. If you wish to change this Security Group and restrict who can see this record, then you can manually change the Security Group value once the record has been created.
Once a record is created, you will see a padlock icon in the top right. Click here and a small pop up will open displaying the current Security Group assigned to the record.
Some accounts may have this Security Group field pulled onto their record layout. Adjustment to the value can be done via the field or within the pop up. Changes to either one will update the other.
Note: The behaviour of Security Group and pass down Security to Sub Tab records is controlled by a setting in your Account Configuration - please read the options available to you - by default the third option is applied to all Accounts, unless manually changed. The below example refers to the behavior for this option.
Updating a Security value
- Hover in the Security Groups field and an orange [Edit] field will appear. Click here, and the field will open for editing
- Click in the drop down or use the magnifying glass icon to view all the current Security Group values you can choose from
- When selected, the Security Group permission default will be the orange Read-Only (ro). Click the orange box again and it will update to a green Read-Write (rw). Click again it will go back to orange (ro)
- To remove a selected value, click the white 'x' in the required blue block
- You can assigned as many Security Groups as you wish to a record, each can have different permissions
- [Save] the field and the new Security settings will apply immediately
Fig 3 Changing Security Groups
TIP: The (ro) and (rw) permissions will determine if the selected Security Group can either Edit the record or just view it.
Pass Down Security Groups
Initially every record held within a sub tab inherits its Security Group from the top level, so for example, if you have set a Contract record to have a top level Security Group of 'Legal (rw)' then every record created in its sub tabs will also inherit this Security Group value.
This is stipulated in the Contract record Security Details pop up. Here the top level Security Group is displayed along with the 'Pass Down' Security Group values.
The 'Pass Down' Security Group section will display the Security Group that any new sub tab record will inherit, in the 'Apply' field. By default the pass down Security Group is the same as the top level Security Group.
You are able to change a sub tabs inherited Security Group by selecting the sub tab that you wish to alter in the drop down list and updating the Security Group for it in the 'Apply' field. Once saved, this will mean that any new records created in that tab will have this new Security Group applied to it.
If you wish to update all of your sub tabs to have the same new Security Group, rather than selecting each sub tab from the drop down list one by one, you can use the option of 'All sub entities'. By selecting this, you will update all unchanged Security Group values in all sub tabs to the selected new value.
Note: How security groups are passed to sub-entities can be controlled. There are 3 options depending on your business needs. The options are discussed here: Account Configuration
The example below shows that this Contracts header sub tab's pass down Security Group is set to 'Everyone', but by selecting the option of Contract Document from the drop down list and changing the pass down value to 'UK Property (ro)' instead this means that although 'Everyone (rw)' has read write access to the Contract and most of its sub tab records, only people within the 'UK Property' Security Group will be able to view any new records created in its Documents sub tab.
Fig 4 - Updating Pass Down Values
Each sub tab value can be updated individually, so you could have the header record set to one Security Group, and each sub tab set to another. You can assign as many Security Groups to each of the sub tabs and each with individual permissions.
These Security Groups values allow you to restrict who can see and update a Contract record and within that record, restrict who can see and update its sub tab records, giving you complete control of who has access to what data.