Difference between revisions of "Company and User Security Matrix"

From SmartWiki
Jump to: navigation, search
(Notes)
Line 1: Line 1:
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
|[[Image:How.png|50px|link=]]
+
||[[Image:How.png|link=|50px]]
|This article will explain '''how''' you can implement this feature for use on your SmartSimple system.
+
||This article will explain '''how''' you can implement this feature for use on your SmartSimple system.
 
|}
 
|}
  
 
==Overview==
 
==Overview==
 
==Enabling the Company and User Matrix==
 
==Enabling the Company and User Matrix==
Note: You will need [[Global User Administrator]] Privileges to enable and configure this feature  
+
Note: You will need [[Global User Administrator]] Privileges to enable and configure this feature
 +
 
 
# In the '''Configuration''' menu, Click on '''Global Settings'''
 
# In the '''Configuration''' menu, Click on '''Global Settings'''
 
# Under the '''Security''' Tab, add a check mark to the box '''Enable Company and User Security Matrix'''
 
# Under the '''Security''' Tab, add a check mark to the box '''Enable Company and User Security Matrix'''
# Click '''Save'''
+
# Click '''Save'''
 +
 
 +
 
 +
:: [File:Org and user security matrix.png|800px|border]]
 +
 
  
  
Line 16: Line 21:
 
* In the '''Configuration''' menu, click on '''Global Settings'''
 
* In the '''Configuration''' menu, click on '''Global Settings'''
 
* Under the '''Security''' Tab, click on the '''User Security Matrix'''
 
* Under the '''Security''' Tab, click on the '''User Security Matrix'''
* Under the '''[[The Key Control Element – Roles|Login User Role]]''' select the user role you will be permissioning  
+
* Under the '''[[The Key Control Element – Roles|Login User Role]]''' select the user role you will be permissioning
* First set '''Hierarchy Permissions''' if applicable - This sets what general permissions a specific user role has to view and modify based on the following options  
+
* First set '''Hierarchy Permissions''' if applicable - This sets what general permissions a specific user role has to view and modify based on the following options
::*'''Users Under All Organizations''' - access to all users under all organizations  
+
*:* '''Users Under All Organizations''' - access to all users under all organizations
::*'''Users Under their Own Organization''' - access to those users found under the current users organization
+
*:* '''Users Under their Own Organization''' - access to those users found under the current users organization
::*'''Users Under Sub Organizations''' - access to those users found under the current users organization or its sub-organizations  
+
*:* '''Users Under Sub Organizations''' - access to those users found under the current users organization or its sub-organizations
::*'''Own Profile''' - access to users own profile  
+
*:* '''Own Profile''' - access to users own profile
 
 
* Set '''Roles Permissions''' if applicable - This sets the granular role-by-role permissions to perform views, edits, deletes, and lookups.
 
  
 +
*
 +
** Set '''Roles Permissions''' if applicable - This sets the granular role-by-role permissions to perform views, edits, deletes, and lookups.
  
 
==Configuring the Company Security Matrix==
 
==Configuring the Company Security Matrix==
* In the '''Configuration''' menu, click on '''Global Settings'''
+
** In the '''Configuration''' menu, click on '''Global Settings'''
* Under the '''Security''' Tab, click on the '''Company Security Matrix'''This defines how users can interact with company data
+
** Under the '''Security''' Tab, click on the '''Company Security Matrix'''This defines how users can interact with company data
* Under the '''Login User Role''' is displayed a list of all defined user roles. Select the user role you will be permissioning
+
** Under the '''Login User Role''' is displayed a list of all defined user roles. Select the user role you will be permissioning
* Set appropriate '''Hierarchy Permissions''' if applicable - This sets what general permissions a specific user role has to view and modify organization data that they belong to.
+
** Set appropriate '''Hierarchy Permissions''' if applicable - This sets what general permissions a specific user role has to view and modify organization data that they belong to.
:* Options include the ability to view, edit, add, delete, and lookup permissions for '''All Organizations''', their '''Own Organizations''', and their '''Sub Organizations'''.  
+
*** Options include the ability to view, edit, add, delete, and lookup permissions for '''All Organizations''', their '''Own Organizations''', and their '''Sub Organizations'''.
:* By adding a check mark to the specific check box in the matrix you will be enabling that permission for the specified user role.
+
*** By adding a check mark to the specific check box in the matrix you will be enabling that permission for the specified user role.
* Set '''Category Permissions''' if applicable - This sets granular category-by-category permissions to perform views, edits, deletes, and lookups.
+
** Set '''Category Permissions''' if applicable - This sets granular category-by-category permissions to perform views, edits, deletes, and lookups.
  
  
 
==Permission Types==
 
==Permission Types==
 
The following 10 permission types are available:
 
The following 10 permission types are available:
* '''Deny View''' - Users in this role are denied access to this item.
+
 
* '''Deny Edit''' - Users in this role can access but cannot edit.
+
** '''Deny View''' - Users in this role are denied access to this item.
* '''Deny Add''' - Users in this role can access but cannot create a new item.
+
** '''Deny Edit''' - Users in this role can access but cannot edit.
* '''Deny Delete''' - Users in this role can access but cannot delete an existing item.
+
** '''Deny Add''' - Users in this role can access but cannot create a new item.
* '''Deny Lookup''' - Users in this role can access but cannot search an existing item.
+
** '''Deny Delete''' - Users in this role can access but cannot delete an existing item.
* '''View''' – View the item.
+
** '''Deny Lookup''' - Users in this role can access but cannot search an existing item.
* '''Add''' – Create a new item.
+
** '''View''' – View the item.
* '''Edit''' – Edit an existing item.
+
** '''Add''' – Create a new item.
* '''Delete''' – Delete an existing item.
+
** '''Edit''' – Edit an existing item.
* '''Lookup''' – Search an existing item.
+
** '''Delete''' – Delete an existing item.
 +
** '''Lookup''' – Search an existing item.
  
  
Line 54: Line 60:
  
 
[[Image:Company_security_matrix_2015-12-16_1531.png|link=]]
 
[[Image:Company_security_matrix_2015-12-16_1531.png|link=]]
:A. From the '''Hierarchy Permissions''' - Employees can View, Edit, and Add data related to their Own Organization.
+
 
:B. From the '''Category Permissions''' - Employees can View and Edit "Event Registrant Organization" and View "Fiscal Agents".
+
*: A. From the '''Hierarchy Permissions''' - Employees can View, Edit, and Add data related to their Own Organization.
 +
*: B. From the '''Category Permissions''' - Employees can View and Edit "Event Registrant Organization" and View "Fiscal Agents".
 +
*
  
  
 
==Notes==
 
==Notes==
* Only a {{GUA}} or a {{LUA}} can define [[Role|roles]].
+
** Only a {{GUA}} or a {{LUA}} can define [[Role|roles]].
* When Company or User security matrix is enabled, then the system will ignore any other Company or User specific permissions when the current user is either a [[Local User Administrator]] or basic [[User]].
+
** When Company or User security matrix is enabled, then the system will ignore any other Company or User specific permissions when the current user is either a [[Local User Administrator]] or basic [[User]].
 
 
 
==Also See==
 
==Also See==
 
[[Security Matrix]]<br />
 
[[Security Matrix]]<br />
 
[[The Key Control Element – Roles]]<br />
 
[[The Key Control Element – Roles]]<br />
 
[[Using Roles]]<br />
 
[[Using Roles]]<br />
[[Roles & Permissions]]<br />
+
[[Roles & Permissions|Roles & Permissions]]
  
  
Line 72: Line 79:
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
|[[Image:Why.jpeg|50px|link=?]]
+
||[[Image:Why.jpeg|link=?|50px]]
|Click [[Company and User Security Matrix - Why?|here]] to learn why this feature is a benefit to your organization.
+
||Click [[Company and User Security Matrix - Why?|here]] to learn why this feature is a benefit to your organization.
|}  
+
|}
  
  
 
[[Category:How]][[Category:Security]]
 
[[Category:How]][[Category:Security]]

Revision as of 15:58, 2 July 2019

How.png This article will explain how you can implement this feature for use on your SmartSimple system.

Overview

Enabling the Company and User Matrix

Note: You will need Global User Administrator Privileges to enable and configure this feature

  1. In the Configuration menu, Click on Global Settings
  2. Under the Security Tab, add a check mark to the box Enable Company and User Security Matrix
  3. Click Save. 


[File:Org and user security matrix.png|800px|border]]


Configuring the User Security Matrix

  • In the Configuration menu, click on Global Settings
  • Under the Security Tab, click on the User Security Matrix
  • Under the Login User Role select the user role you will be permissioning
  • First set Hierarchy Permissions if applicable - This sets what general permissions a specific user role has to view and modify based on the following options
    • Users Under All Organizations - access to all users under all organizations
    • Users Under their Own Organization - access to those users found under the current users organization
    • Users Under Sub Organizations - access to those users found under the current users organization or its sub-organizations
    • Own Profile - access to users own profile
    • Set Roles Permissions if applicable - This sets the granular role-by-role permissions to perform views, edits, deletes, and lookups.

Configuring the Company Security Matrix

    • In the Configuration menu, click on Global Settings
    • Under the Security Tab, click on the Company Security MatrixThis defines how users can interact with company data
    • Under the Login User Role is displayed a list of all defined user roles. Select the user role you will be permissioning
    • Set appropriate Hierarchy Permissions if applicable - This sets what general permissions a specific user role has to view and modify organization data that they belong to.
      • Options include the ability to view, edit, add, delete, and lookup permissions for All Organizations, their Own Organizations, and their Sub Organizations.
      • By adding a check mark to the specific check box in the matrix you will be enabling that permission for the specified user role.
    • Set Category Permissions if applicable - This sets granular category-by-category permissions to perform views, edits, deletes, and lookups.


Permission Types

The following 10 permission types are available:

    • Deny View - Users in this role are denied access to this item.
    • Deny Edit - Users in this role can access but cannot edit.
    • Deny Add - Users in this role can access but cannot create a new item.
    • Deny Delete - Users in this role can access but cannot delete an existing item.
    • Deny Lookup - Users in this role can access but cannot search an existing item.
    • View – View the item.
    • Add – Create a new item.
    • Edit – Edit an existing item.
    • Delete – Delete an existing item.
    • Lookup – Search an existing item.


Company Security Matrix Example

1. Review the Hierarchy Permission and Category Permission shown below for the Employee Role:

Company security matrix 2015-12-16 1531.png

  • A. From the Hierarchy Permissions - Employees can View, Edit, and Add data related to their Own Organization.
    B. From the Category Permissions - Employees can View and Edit "Event Registrant Organization" and View "Fiscal Agents".


Notes

Also See

Security Matrix
The Key Control Element – Roles
Using Roles
Roles & Permissions


Why.jpeg Click here to learn why this feature is a benefit to your organization.