Objects permissions are controlling the access to your data fields. Each object can be setup with specific days level access to create read edit and delete those records. Objects permissions should be carefully setup by the IT, compliance and security team. By default, InvestGlass has the following objects:
• Custom security
Object permissions will specify the level of access a user has to manipulate a field record: • Create
An object is a list of recorded fields. Those objects can be customized with custom fields
formats. Format called Input type will constrain the data expected in those records.
Permissions can be set to modify all. Modify all will allow users to read edit delete transfer and approve all records associated to these objects. One specific user can be set with only one set of permissions.
Custom permissions will give access to custom processes and applications.
Profiles will define the use and access to objects the fields in specific functions.
Permissions sets aims to list the permissions for a specific field (ie. First Name), feature (ie. Opportunities dashboard), widget (ie. HotNews, 4 eyes Order management check).
Permissions determine the access to the following:
• Object and field access
• Tab access
• Button access
• Field access
• Access to external widget
• Access to internal widget
• Login policy
Permission set group helps to propagate rules to a given group and assign restricted access. You can set those rules and clone them to save time.
Custom fields will record data. Custom fields are limited with value lists, business process with pipeline or page layout with tabs. To facilitate compliance reporting, InvestGlass helps administrators with custom fields tagging:
Field Security Classification • Public
• Mission Critical
• CCPA—California Consumer Privacy Act
• COPPA—Children's Online Privacy Protection Act
• GDPR—General Data Protection Regulation
• HIPAA—Health Insurance Portability and Accountability Act
• PCI—Payment Card Industry
• PII—Personally Identifiable Information
This classification will appear in audit extraction.
Value set or pick list fields are used to nurture web forms, and fields with suggested fields. Those fields can look into other tables. To limit access of a user to unauthorized record, you can limit the scope of the list from the value set setup. If you choose to set the value set to “All”, then users can look into fields even if they are not authorized, or owner of the record. If you choose “role permissions”, then return values will be limited to fields authorized with permissions system.
InvestGlass automation is a set of rules which can be setup with full rights to create, read, update and delete fields. Automation overrides roles and permissions rules and organization wide rules too. Please be careful when setting up automation system.
Organization-wide sharing defaults
Organization-wide sharing defaults are the top level of data access setup. Rules applies to the whole organization. Organization-wide default will ensure that your users are restricted to the data they owned or shared with other users.
You can set the organization-wide default to:
• Public Read Only
• Public Read/write
• Public Read/ Write / Transfer
For example, if you wish to prevent people editing other people contact - then you set it on Public Read Only. If we would set on private, it would mean that it is only visible for the owners and people above in the hierarchy. Then for each object you set if object can be override by the hierarchy Yes / No.
By default, InvestGlass uses a blend of rules based and hierarchy-based sharing rules. This means that Admin can see Manager a user data. Manager can see user data. User can only see their data. User cannot see data from a user in another group. Other rights sharing rules and allow users to view our records associated with this object.
Role hierarchy defines the access to apps and data based on your organization hierarchy.
When implementing security and sharing rules for your company, we suggest you make a spreadsheet table with the various types of users in your company in this table you should specify the level of access data as well as the type of feels and operations you allow on these fields. We suggest you review the rules on a monthly or quarterly basis at least when your organization host more than 50 people.
Create with options to have Hierarchy name, This role reports to (Hierarchy above), API hierarchy. When organization-wide is set as PRIVATE. Then we can set the rules more opened for the object and fields that are set as private.
For example, with Contact
Contact Access > Radio button
1.Users in this role cannot access contact that they do not own that are associated with accounts that they do own
2.Users in this role can view all opportunities associated with accounts that they own, regardless of who owns the contact
3.Users in this role can edit all opportunities associated with account that they own regardless of who owns the contact
The EDIT hierarchy for contact access will be very useful for sales ops to see Contact. Let’s imagine that we want sales ops to see Contact Report but not be able to change them. We would have set this hierarchy as Contact Edit and Call Report view
Verify Access for a Particular Field
Administrators can see whether access to a field restricted and what level record type or user profile is is needed to create, read, update or delete a record field. Go to my account, company and to custom field. View the field accessibility to check who can see what.
Manual sharing and hiding
You can set a single access for a limited period of time to records and contacts. This feature is particularly important when you wish to restrict or grant access for a limited period of time to a specific user – member.
Creating and editing folders
Folders is a place where you can store reports, commercial solicitations, emails templates and documents. Folders can be public, hidden, shared with on the client portal. You can make a folder available to your entire company or make it private so that only the owner has access. Folders can be created from the company setup page, from the contact, account and relation page.