Difference between revisions of "Data Access Permissions"
From LongJump Support Wiki
imported>Evelyn m (Text replace - 'checkboxicon.gif' to 'checkboxicon.gif|link=') |
imported>Aeric |
||
| Line 1: | Line 1: | ||
Role Based Access Controls give users the ability to access data, based on their designated [[Role]] in a Team. | |||
Although more personalized controls are often needed, the out-of-the box implementation includes [[Default Roles]] for administrators, managers and team members. Additional roles can be added or modified as the needs of the organization change. Note that [[Visibility Controls]] are an extension of {{PAGENAME}}, and also affect the data that is available to users. | Although more personalized controls are often needed, the out-of-the box implementation includes [[Default Roles]] for administrators, managers and team members. Additional roles can be added or modified as the needs of the organization change. Note that [[Visibility Controls]] are an extension of {{PAGENAME}}, and also affect the data that is available to users. | ||
For example, a [[Web Tab]] can be created that is only available to managers. | |||
:''For other uses, see [[Access Control (disambiguation)]]. | :''For other uses, see [[Access Control (disambiguation)]]. | ||
==About Roles and Data Visibility== | ==About Roles and Data Visibility== | ||
{{:About Roles and Data Visibility}} | {{:About Roles and Data Visibility}} | ||
== | ==Working with Roles== | ||
{{permissions|Access Control/User Management|grant other users Role- and Team-based access rights}} | |||
{{:Manage Roles}} | {{:Manage Roles}} | ||
==Global vs. Individual Role Assignment == | ==Global vs. Individual Role Assignment == | ||
{{:Global vs. Individual Role Assignment}} | {{:Global vs. Individual Role Assignment}} | ||
<noinclude> | |||
[[Category:{{features}}]] | |||
[[Category:Glossary]] | |||
</noinclude> | |||
Revision as of 18:10, 29 July 2011
Role Based Access Controls give users the ability to access data, based on their designated Role in a Team.
Although more personalized controls are often needed, the out-of-the box implementation includes Default Roles for administrators, managers and team members. Additional roles can be added or modified as the needs of the organization change. Note that Visibility Controls are an extension of Data Access Permissions, and also affect the data that is available to users.
For example, a Web Tab can be created that is only available to managers.
- For other uses, see Access Control (disambiguation).
About Roles and Data Visibility
A user's access to data is determined by a number of factors:
- The user's Access Profile specifies global access permissions and administrative permissions.
- The Application Access settings determine which applications the user can run. The Objects available to the user are therefore the combination of
- a. Objects that are part of the running application
- b. Objects that or are shared from other applications.
- The user's Role in the application, as specified by the Application Access settings, specifies high-level access rights to individual application objects. (The privileges granted in Access Profiles and Roles are additive. If either the Access Profile or the Role grants permission to perform some operation on an object, then the user has that permission.)
- The Team the user belongs to, and the access to records owned by other team members, as determined by the user's [{Role]].
- Custom Access Criteria can be used to specify access rights for individual Records (add, view, update, delete), based on record data, user characteristics, and any other available information.
- Visibility Controls determine whether records owned by others are visible and optionally, whether they can be modified.
- Team Data Sharing Policies, which allow to data to be shared across Teams. (These settings override the record-level access permissions specified in the individual's Visibility Controls.)
- Role-Based Field Visibility, when used, specifies data visibility at the Field level.
Working with Roles
Users that have the Access Control/User Management permission can grant other users Role- and Team-based access rights
