Navigate to Configuration > Security > Security Groups.
Key points to note:
- By default, all data created will be visible to all Users, each record will be assigned the default Security Group of 'Everyone'. All Users by default are assigned to this Group and the Security Group cannot be deleted, but a user can be removed from the Group.
- A User must be defined as an Administrator in order to access Security Groups and other security related controls.
- Administrators are not subject to security rules. Any User that is defined as being an Administrator will be able to see all data in the account regardless of any rules that have been set, and they cannot be set to have Read-Only (ro) access.
Security Groups Setup
Any number of Security Groups can be created, and any number of Users can be added to each Group.
Fig 1 Security Groups
Create a new Security Group by clicking the New button to the top-right of the summary table. All you have to do at this point is give the group a name and [Save].
You should set up Security Groups to match your requirements. There should be a Security Group for each group of Users that require access to different data sets. For example, you may have a “Head Office Group” that has access to all of your data and a “Sales Group” that has read only access only a selection of sales related Contracts.
Adding Users to a Security Group
You now should add Users to the Security Groups that were created. You can add one or many Users to one or many Security Groups. In the Security Group record, select the Users tab and click the New button. A pop up will appear, allowing you to select the User that you would like adding to the Group. Repeat until all relevant Users are assigned to the Group.
Fig 2 Users in Security Groups
You have now successfully created a Security Group and assigned Users to it. This means that if you apply this Security Group to any record, only Users within this Security Group can view this record.
By default the system will apply the Security Group for all records as 'Everyone' this means that every User can see every record - if you wish restrict records then you must change the default Security Group from 'Everyone' to another Security Group value.
You can update the Security Group of a record manually or have the system default it automatically.
Click here for more information regarding Automation for Basic Security