Role, groups and rights to data

In this article

    Basic rule: If user A have user group G as primary group and User B has group G as Other groups, then the data shown to user A will now consider user B as part of his primary group.

    Using role-based security in SuperOffice Sales & Marketing, you can customize roles for different access levels in the company.

    A role describes two things:

    1 Which data objects (companies, contacts, projects, project members, selections, sales, follow-ups, documents and relations) are to be accessible (accessibility is determined using rights: none, read, create, update and delete) to users with this role.
    2 Which functions (for example, administrator access in the Maintenance Client, mail merge, exporting selections and publishing) are to be accessible to users with this role.

     

    A number of predefined roles are included with SuperOffice Sales & Marketing. The User levels 0-5 roles correspond to the user levels from previous versions of SuperOffice, where user level 0 is an administrator. You can edit these roles at will.

    One user may only only be assigned one role. The role determines the user's data access and functional rights.

    Primary group

    Select one of the predefined options for group membership in the Primary group list box. The user is granted access to data owned by other users in the same primary group. Access rights (e.g. write and delete access) for these data are defined in the role the use belongs to. A primary group is mandatory.

    Other groups

    Under Other groups are the other groups the user is assigned to. The other groups are optional. Adding one or more groups under Other groups means this users data will be part of the Other groups. This means that if user John has primary groups Administrator and Other groups set to Technical and Support, then data owned by John will be visible for all user who has Administrator, Technical or Support as primary user group.

    General rule: If you are part of my group, then I am part of your group as well. You may have the group as a primary group, while I have the group as a other group, but we are both in the same group.

    The role define what rights the user has on data owned by:

      the user
      other users in his primary group
      other users in his other groups
      all other associates
      external users
      anonymous users

     

    The data owner is based on the same logic as area management, and all data in the database is stamped with the users CURRENT primary user group. This means that if a user move from the user group SALE to the user group ADMINISTRATORS, all previous data the user entered to the database would still belong to user group SALE

     

    An example where user A, B and C all have the same role.

      User A User B User C
    User group 1 Primary group    
    User group 2   Primary group  
    User group 3 Other group Other group Primary group

     

    Here you see that user group 3 contains all users (A, B and C), the rights for user A to User Bs data is defined by their roles data rights to data owned by users in Other groups

    In this example, it means that User A may not see User Bs sales, follow-up or documents since user B is in user A’s “other groups” – and the role’s “other groups” has NONE rights for sales, follow-ups and documents. User B may not see User As sales, follow-up or documents for the same reason: user A is in user B’s “other groups”, not the primary group.

    User C however, will be able to read all sales, follow-up and documents created by both User A and B since the User group 3 has all users assigned to it, and user group 3 is user C’s primary group. This means that user A and user B are in user C’s “primary group”, rather than the “other groups” column in the role data-rights table.