Objects permissions are controlling access to your data fields. Each object can be set up with specific days level access to create read edit and delete those records. Objects permissions should be carefully set up by the IT, compliance, and security team. By default, InvestGlass has the following objects:
• Custom security
Object permissions will specify the level of access a user has to manipulate a field record:
An object is a list of recorded fields. Those objects can be customized with custom field formats. The format called Input type will constrain the data expected in those records.
Permissions can be set to modify all. Modify all will allow users to read edit delete transfer and approve all records associated with these objects. One specific user can be set with only one set of permissions.
Custom permissions will give access to custom processes and applications.
Profiles will define the use and access to objects the fields in specific functions.
Permissions sets aim to list the permissions for a specific field (ie. First Name), feature (ie. Opportunities dashboard), widget (ie. HotNews, 4 eyes Order management check).
Permissions determine access to the following:
• Object and field access
• Tab access
• Button access
• Field access
• Access to external widgets
• Access to internal widgets
• Login policy
Permission set group helps to propagate rules to a given group and assign restricted access. You can set those rules and clone them to save time.
Custom fields will record data. Custom fields are limited with value lists, business processes with the pipeline, or page layout with tabs. To facilitate compliance reporting, InvestGlass helps administrators with custom fields tagging:
Field Security Classification
• Mission Critical
• CCPA—California Consumer Privacy Act
• COPPA—Children's Online Privacy Protection Act
• GDPR—General Data Protection Regulation
• HIPAA—Health Insurance Portability and Accountability Act
• PCI—Payment Card Industry
• PII—Personally Identifiable Information
This classification will appear in audit extraction.
Value set or picklist fields are used to nurture web forms and fields with suggested fields. Those fields can look into other tables. To limit access of a user to unauthorized records, you can limit the scope of the list from the value set setup. If you choose to set the value set to “All”, then users can look into fields even if they are not authorized, or owner of the record. If you choose “role permissions”, then return values will be limited to fields authorized with the permissions system.
InvestGlass automation is a set of rules which can be set up with full rights to create, read, update, and delete fields. Automation overrides roles and permissions rules and organization-wide rules too. Please be careful when setting up the automation system.
Organization-wide sharing defaults
Organization-wide sharing defaults are the top level of data access setup. Rules apply to the whole organization. Organization-wide default will ensure that your users are restricted to the data they owned or shared with other users.
You can set the organization-wide default to:
• Public Read Only
• Public Read/write
• Public Read/ Write / Transfer
For example, if you wish to prevent people from editing other people's contact - then you set it on Public Read Only. If we would set on private, it would mean that it is only visible for the owners and people above in the hierarchy. Then, for each object, you can set if an object can be overridden by the hierarchy Yes / No.
By default, InvestGlass uses a blend of rules-based and hierarchy-based sharing rules. This means that Admin can see Manager a user data. The manager can see user data. User can only see their data. Users cannot see data from a user in another group. Other rights sharing rules and allow users to view our records associated with this object.
Role hierarchy defines access to apps and data based on your organization hierarchy.
When implementing security and sharing rules for your company, we suggest you make a spreadsheet table with the various types of users in your company in this table you should specify the level of access data as well as the type of feels and operations you allow on these fields. We suggest you review the rules on a monthly or quarterly basis at least when your organization hosts more than 50 people.
Create with options to have Hierarchy name, This role reports to (Hierarchy above), API hierarchy. When organization-wide is set as PRIVATE. Then we can set the rules more open for the object and fields that are set as private.
For example, with Contact
Contact Access > Radio button 1.Users in this role cannot access contact that they do not own that are associated with accounts that they do own 2.Users in this role can view all opportunities associated with accounts that they own, regardless of who owns the contact 3.Users in this role can edit all opportunities associated with the account that they own regardless of who owns the contact
The EDIT hierarchy for contact access will be very useful for sales ops to see Contact. Let’s imagine that we want sales ops to see Contact Report but not be able to change them. We would have set this hierarchy as Contact Edit and Call Report view
Verify Access for a Particular Field
Administrators can see whether access to a field is restricted and what level record type or user profile is needed to create, read, update, or delete a record field. Go to my account, company, and custom fields. View the field accessibility to check who can see what.
Manual sharing and hiding
You can set single access for a limited period of time to records and contacts. This feature is particularly important when you wish to restrict or grant access for a limited period of time to a specific user – member.
Creating and editing folders
A folder is a place where you can store reports, commercial solicitations, email templates, and documents. Folders can be public, hidden, and shared with on the client portal. You can make a folder available to your entire company or make it private so that only the owner has access. Folders can be created from the company setup page, from the contact, account, and relation page.