Chat with us, powered by LiveChat

Get a quick quote with our pricing calculator

Knowledge Base

Browse our knowledge base articles to quickly solve your issue.

Knowledgebase articles

Configuring the Advanced Security Module: Segmenting Users by location

The example below will show how this can be Permissions can be configured for a Company spread across two Countries, Country A and Country B. 

The rules will be as follows:

  • Users in Country A can Read & Modify People Records assigned to Users in Country A but not Country B
  • Users in Country B can Read & Modify People Records assigned to Users in Country B but not Country A

Before you start configuring the Permissions, you need to make sure that you have User Groups in your database for Users in Country A & Country B.

NOTE: These User Groups do not need any capabilities unless they are required, if it is purely for segmenting your data.

To set up the Permissions for these Groups follow the path Start > Configuration > Users & Security > Permissions

Start with creating a new Ruleset by selecting Manage Rulesets:

Then select New Ruleset:

You will only need to create a single Ruleset, which will contain the Permissions for both Country A Users and Country B Users. This will provide your User Groups with access to items that they own such as below:

Save and close the Ruleset and now add a Sharing Policy, by selecting Add Sharing Policy:

A new window will pop up, fill this form and apply a new Ruleset. As you are using People Records in this example, you will need to create a New Sharing Policy that will look like below:

This shows that any People created by Everyone will only have the sharing permissions of that Country Ruleset. Providing that all of your Users are in either Country A or B, it will affect all of your Users and if there are additional Countries that you do not want to limit, then you will need to set the Created By to be the specific User Group such as:

Now you have created the Ruleset and Sharing Policy, the Sharing Permissions will need updating, which can be done through a Bulk Action on the Landing Page of the specific record type:

 

Once the Permissions have been recalculated the new Sharing Policies will take effect and a User in Country A will no longer be able to see any Person Record that is assigned to anyone in the Country B User Group and vice versa.