- Sharing Policies & Mandatory Permissions

Introduction
- Introduction to Workbooks
- Using the Knowledge Base
- Editions & Licensing
  - Renewing Licences
- Workflow
  - Queues
- Logging In
Training
- Training Videos
- Courses
Desktop Environment
- Introduction
- Desktop
- Records
- Landing Pages
- Customising Views
  - Customising Columns
  - Filtering
- HTML Editor
- Welcome Messages & Bulletins
- Exporting Data
- Notifications & Reminders
Activities
- Introduction to Activities
- Using Activities
  - Meetings
  - Follow-on Activities
Cases
- Introduction to Cases
- Displaying & Adding Cases
- Managing Cases
Email
- Introduction to Email
- Working With Emails
- Email Signatures
- Email Mailing Lists
  - Creating Mailing Lists
- Email Dropbox
  - Setting up your Dropbox
  - Using your Dropbox
- Sending Bulk Email
Forecasts & Quotas
- Introduction to Forecasts & Quotas
- Sales Forecasts
  - Adjusting Forecasts
  - Included Forecasts
- Sales Quotas
Importing Data
- Introduction to Importing
- Preparing your Import Data
- Workbooks Import Wizard
  - Import Requirements
Leads
- Introduction to Leads
- Displaying & Adding Leads
- Converting Leads
Marketing
- Marketing Campaigns
- Products
  - Pricing Schemes
  - Supply Schemes
- Upload Library
  - Using the Upload Library
- Templates
- Mail Shots
  - Creating a Mail Shot
Opportunities
- Introduction to Opportunities
- Displaying & Adding Opportunities
- Opportunity Line Items
- Opportunity Relationships
People & Organisations
- Introduction to People & Organisations
- People
  - Displaying & Adding People
  - Adding People to Outlook
- Organisations
  - Displaying & Adding Organisations
  - Customers & Suppliers
- Relationships
  - Direct Relationships
  - Third Party Relationships
Reporting
- Introduction to Reporting
- Displaying Reports
- Creating Reports
- Sharing Reports
- Using Formulae
- Dashboards
  - Displaying & Adding Dashboards
- Charts
  - Creating Charts
Transaction Documents
- Introduction to Transaction Documents
- Credit Notes
- Customer Orders
- Invoices
- Quotations
- Supplier Orders
- Contract Management
  - Displaying & Adding Contracts
  - Using Contracts with Cases
Workbooks Glossary
- Workbooks Glossary
Workbooks Mobile Client
- Workbooks Mobile Client
Outlook Connector
- Workbooks Outlook Connector
- Installation Guide
  - First Run Assistant
- Using the Outlook Connector
Preferences
- Introduction to Preferences
- Setting your Preferences
  - Email Accounts
Auditing
- Auditing
Configuration
- Introduction to System Administration
  - Quick Start Wizard
- Users & Security
- Database
- Accounting
- Email & Web
- Customisation
- Automation
  - Processes
    - Process Logging
  - Workbooks Scripts
- PDF Configuration
  - Modifying Document Templates
    - Multi-line Value Tags
  - Modifying Default Colours & Images
Releases & Roadmap
- Roadmap
- January 2012 Release
- October 2011 Release
- September 2011 Release
- May 2011 Release
- February 2011 Release
- Autumn 2010 Release
- Summer 2010 Release
- Spring 2010 Release
Administrator Service
- Introduction to the Administrator Service
- Make a Request
Support
- About Workbooks Support

Forum Posts

The Permissions applied to objects (record types) are a product of the Mandatory Permissions applied to the object combined with the Sharing Policies for that object. You can access these settings by clicking Start > Configuration > Permissions.

Mandatory Permissions

The Mandatory Permissions for an object are the base-level permissions which are always in place regardless of any changes that a User tries to make. Users are not able to change the Mandatory Permissions; they must always apply.

By default your Workbooks account is configured so that the majority of objects have a mandatory Ruleset called Minimum Access.

minimum_acccess_ruleset

This means that as a bare minimum all Users have read access to objects they've created and Users in the System Administration group have full access to all objects.

Each object type has one set of Mandatory Permissions.

NOTE: A Ruleset is a set of permissions grouped together.

System Administrators are able to change the Mandatory Permissions by going to Start > Configuration > Permissions and selecting the Mandatory Permissions tab.

Sharing Policies

Sharing Policies combine with Mandatory Permissions to determine the overall permissions of an object when it's first created. By default Workbooks is supplied with one Sharing Policy for each object type, but a System Administrator can create more if required.

permissions_6

The majority of objects are configured with a Public Read Write Ruleset but this too can be changed.

The permissions an object is given when it's first created depend on which User is creating the object and which Sharing Policy applies for that User.

It is possible to create Sharing Policies for specific users and groups. However it is important to understand that when a new object is created the permissions it is given are based on ALL the policies that the user is matched against.

IMPORTANT NOTES:

Changing the Sharing Policies only affect records created after the changes have been made. The permissions of all existing records are not changed.
Changing the Mandatory Permissions will affect all records in the system. However it is possible that changing the Mandatory Permission on an object will not change the Sharing Permissions of a specific record, if the existing permissions take precedence.

Example One: Default Behaviour of Dashboards

By default all new Dashboards are created with the following Permissions:

permissions_7

This means that the owner of the Dashboard has full access and so do any Users in the System Administration group. This is because the Mandatory Permissions for a Dashboard object are combined with the Sharing Policies for the User. In this case the Mandatory Permissions for Dashboard objects have a Minimum Access Ruleset and the Sharing Policy for the Everyone group has a Private Ruleset. The combination of the Mandatory Permissions and the Sharing Policy result in the permissions for new Dashboards to be those shown above.

Example Two: Preventing System Administrators from accessing all Dashboards

As seen in Example One, by default all users in the System Administrator group have access to all Dashboards created. This is because the Mandatory Permission for Dashboards is Minimum Access which grants access to anyone in the System Administrator group.

To remove System Administrators from all Dashboards by default we need to do the following:

Create a new Mandatory Permissions Ruleset called Owner Full Access;
Set the permissions in the new Ruleset to Read, Modify, Delete, Change Owner, Change Permissions for Everyone on all items they own;
Set the Mandatory Permissions for Dashboards to our new Ruleset called Owner Full Access.

By applying these new Mandatory Permissions to Dashboards, the previous Mandatory Permissions are removed from all existing Dashboards. In this example, if a User had specifically shared their Dashboard with a System Administrator it would still be shared. If the Sharing Policy or the specific permissions of an object grant more access than the Mandatory Permissions, these take precedence.

Example Three: Limiting Opportunities to specific groups

Let’s assume you have two sales teams (UK and France) and you want each team to have access only to their own specific Opportunities, however you want your Sales Managers to have access to all Opportunities.

You will need to do the following:

Create a User Group called UK Team and add the UK users to that group;
Create a User Group called France Team and add the French users to the group;
Ensure all your Sales Managers are in the existing Sales Manager User Group;
Remove the existing Sharing Policy which states all new Opportunities are Public Read Write for everyone;
Create a new Ruleset under Sharing Policies called France & Managers with the following permissions:

permissions_11

Create a new Ruleset under Sharing Policies called UK & Managers with the following permissions:

permissions_12

Create a new Sharing Policy for Opportunities created by the UK team using the permissions Ruleset UK & Managers.
Create a new Sharing Policy for Opportunities created by the French team using the permissions Ruleset France & Managers.

permissions_13

This creates the following scenario:

All new Opportunities created by the UK team will be shared by all members of the UK team plus users in the Sales Manager group – this is controlled by the Sharing Policy;
All new Opportunities created by the French Team will be shared by all members of the French team plus users in the Sales Manager group – this is controlled by the Sharing Policy;
All Opportunities created by other people will only have the Mandatory Permissions set of Minimum Access which gives the access to the owner and System Administrators only.

Definitions

Capabilities: Capabilities control which part of the application a user can access.

Sharing Permissions: The permissions on a specific object at a point in time.

Sharing Policy: Based on the user creating the object, a Sharing Policy defines which Sharing Permissions (when combined with the Mandatory Permissions) are given to a new object when it is created.

Mandatory Permissions: A minimum set of permissions that an object will have at all times.

Ruleset: A set of permissions that are grouped together.

Tags: