Permissions
Covers the viewing and editing of Sharing Permissions on records, and how using Capabilities and Permissions control security access across Workbooks.
Permissions
All individual Records in Workbooks have a set of Sharing Permissions which control who can view and modify that record. When you create a new record, the Permissions it is given are a function of the Sharing Policies and Mandatory permissions in place at that time.
When your Workbooks account is originally created it’s given a set of Sharing Policies which, by default, are open and allow the majority of Users to see the majority of records. However, if your company has purchased the Advanced Security extension you can configure the Sharing Policies to best suit your business needs.
You can see the Sharing Permissions applied to an individual record by clicking on the padlock icon in the top right-hand corner of the record (as standard users in the Everyone group have the View Permissions capability). The Sharing Permissions will look something like this:
In this example, the Permissions for this Sales Lead are:
- Users in the Everyone group have Read and Modify access
- The Owner of the record (in this case, Hugh Demery) has Read, Modify, Delete, Change Owner and Change Permissions access
- Users in the System Administrator group have Read, Modify, Delete, Change Owner and Change Permissions access.
A User with Change Permissions access for a record can edit the permissions, either widening access to other Users or removing access, thus Permissions can be used to restrict access to records to individual Users or to User Groups.
For example, if a new Note is created, by default, it is given the following Permissions:
This means that users in the Everyone group have Read and Modify access, and the Owner of the Note and Users in the System Administrator group have full access.
If you now want to remove access from the Everyone group and give access to a group called Managers, this can be achieved by clicking the Edit button and changing the Permissions, as shown in the first screenshot above, resulting in the second screenshot:
With these new Permissions all Users in the Manager group (as well as the Owner and System Administrators) will have access to Read and Modify this record, but Users in the Everyone group will not.
NOTE: The Permissions have only been changed for this Note record; the Permission of all other Notes in the system will remain unchanged.
Using Capabilities & Permissions
Capabilities and Permissions combine to control security access across Workbooks, providing a very flexible framework to enable you to build a security policy which best supports your business needs.
For example, if a User has the View CRM Sales Leads and Modify CRM Sales Leads Capabilities, they will be able to access the Sales Leads Landing Pages from the Start menu, see the Sales Leads they have permission to access and create new Sales Leads. Having the View CRM Sales Leads capability does NOT necessarily enable a User to see ALL Sales Leads – only those which they have permission to view.
NOTE:
- It’s possible to create a scenario where a User has no Capability to view Sales Leads but Sales Leads appear in their search results. However, this is because the Sales Leads found by the search do have the relevant Permissions, e.g the User is in the Everyone group, and Everyone has the permission to view the Sales Lead. This may happen if a User specifically gives sharing permission to that User, or if your Sharing Policies are not correctly configured.
- Watching records, Sharing Permission and Viewing Object information can be controlled with Capabilities which means they can be revoked from certain Users. If a User does not have the relevant Permissions the Watch/Sharing/Viewing Object button won’t be visible to them.