Navigate to Configuration > Security > Security Groups.
Key points to note:
- By default, all data created will be visible to all Users, each record will be assigned the default Security Group of 'Everyone'. All Users by default are assigned to this Group and the Security Group cannot be deleted, but a user can be removed from the Group.
- A User must be defined as an Administrator in order to access Security Groups and other security related controls.
- Administrators are not subject to security rules. Any User that is defined as being an Administrator will be able to see all data in the account regardless of any rules that have been set, and they cannot be set to have Read-Only (ro) access.
Security Groups Setup
Any number of Security Groups can be created, and any number of Users can be added to each Group.
Fig 1 Security Groups
Create a new Security Group by clicking the New button to the top-right of the summary table. All you have to do at this point is give the group a name and [Save].
You should set up Security Groups to match your requirements. There should be a Security Group for each group of Users that require access to different data sets. For example, you may have a “Head Office Group” that has access to all of your data and a “Sales Group” that has read only access only a selection of sales related Contracts.
Adding Users to a Security Group
You now should add Users to the Security Groups that were created. You can add one or many Users to one or many Security Groups. In the Security Group record, select the Users tab and click the New button. A pop up will appear, allowing you to select the User that you would like adding to the Group. Repeat until all relevant Users are assigned to the Group.
Fig 2 Users in Security Groups
You have now successfully created a Security Group and assigned Users to it. This means that if you apply this Security Group to any record, only Users within this Security Group can view this record.
By default the system will apply the Security Group for all records as 'Everyone' this means that every User can see every record - if you wish restrict records then you must change the default Security Group from 'Everyone' to another Security Group value.
You can update the Security Group of a record manually or have the system default it automatically.
Security Sub Groups
Sub Groups are where you can assign a Security Group to another, this action creates a link between the two. If the Master Security Group is assigned to a record and it has assigned Sub Groups then people in those Sub Groups will also be able to see that record with the same RO/RW permissions as the Master Group
Fig 3 - Security Sub Groups
Click here for more information regarding Automation for Basic Security
System Security Groups
There are three system Security Groups that cannot be deleted.
By default, when an account is made 'Everyone' is the default. This Security Group is assigned to all records so everyone has access to every record and every feature until you state otherwise.
No-One is a Security Group to effectively hide something from everyone
- If 'No-One' has been assigned to a record then only Admins will be able to see it
- If 'No-One' has been assigned to a feature then the feature is removed from the interface, even to Admins
To learn how to hide features from your interface please click here
Contract Assigned Users
This Group specifically looks at the People assigned to a Contract in the People tab and then allows them access to the record.
Rather than listing each individual separately it groups them into this Security Group. This means that People can be added or removed from the record in the People tab and access to that record will update automatically.
Fig 3 - Contract Assigned Users Security Group
The attributes of Read Only (ro) and Read write (rw) will be applied for ALL people associated to this group for that record, if you flag the 'Contract Assigned Users' to have (ro) access then all People linked to the Contract will only have Read Only access.
This Security Group has been created also so it can be used in Automation to assign this type of Security Group in required circumstances.
Fig 4 - Contract Assigned Users within Automation
If a Contract is flagged as 'Confidential' then this will now fall under the 'Contract Assigned Users' Security Group as it is the same functionality.
Assigned People in this instance will have full (rw) access to the Contract and cannot be altered.
Fig 5 - Confidential flag
If you have pulled out the Security Group field into your Contract Summary screen view then these Security groups will be displayed.
Fig 6 - Security Groups in the Summary screen