Knowledge Base

Browse our knowledge base articles to quickly solve your issue.

Configuring the Advanced Security Module: Segmenting Users by function

In this example you will be looking at how to change the Permissions of a User for Organisation Records. For this, you will need to have two rulesets, one for Managers and one for Users.

The rules will be as follows:

  • Users will be able to only Read & Modify Items that they own.
  • Managers will be able to Read, Modify & Delete all items.

You will need to ensure that you have created the appropriate User Groups. Again, they do not necessarily need additional Capabilities but can be used only for segmentation purposes.


Once you have done this you will need to set up the Permissions for these Groups (Start > Configuration > Users & Security > Permissions).

The first thing you will need to do is create a new Ruleset and to do this you will need to select Manage Rulesets:


And then select New Ruleset:


You will only need to create a single Ruleset to create this capability:


You can now save and close these Rulesets and now add a sharing Policy, by selecting Add Sharing Policy:


From this view you will need to fill out the Form and apply your new Ruleset. As you are using Organisation Records, in this example you will need to create a New Sharing Policy that will look like below:


This means that any Organisation created by anyone will have the the sharing permissions of Users and Managers and depending on their User Group they will have different Permissions.

Now that you have created the Ruleset and Sharing Policy you will need to update the Sharing Permissions which can be done through a Bulk Action on the Organisation Landing Page:


Once you select Recalculate permissions it will ask you if you are sure you want to recalculate permissions for all records that are displayed on that landing page. Like any Bulk Action you will be given the option to undo it within 30 days if you need to revert back.

The Bulk Action will run in the background and may take a few minutes to run depending on the number of records that are being recalculated.

NOTE: If you have any Rulesets or Sharing Policies that affect the Everyone Group, these rules will overwrite new capabilities such as this as Permissions work on a cumulative basis, meaning that as they are a member of Everyone they get the permissions of the Everyone group.