Defining security policies
You can set up security policies that you use to restrict customers to their own data and restrict your employees to the data records of one or more customers. You create these policies only if customer data segmentation is important to you. If customers do not log in to your system, or if you do not want to segment your workforce, either or both of the security policies are not required.
About this task
The Security Groups application provides a wide range of options for defining security groups and setting your security policies. The three most commonly used security policies for service providers are the following:
| Security policy | Description |
|---|---|
| Policy to provide access to all customers | You create a security group whose members are authorized to view the records of all of your customers. You might grant this access to management, to Service Desk representatives, or to other groups that require access to all customer records. |
| Policy to enforce security for external customers | You create a security group whose members are authorized to view records associated with the customer specified in their person records. In the person record, each group member has a customer in the Cust/Vendor field. |
| Policy to segment your employee workforce by customer | You create a security group whose members are authorized to work with the data of one or more customers. The customers for an employee are defined in the customer access list in that employee's person record. |
When you define a customer-related security policy in the Security Groups application, you check one of the options in the Customer Authorization section. For example, if you are defining the second policy in the table above, which enforces security for external customers, you check the Authorize Group for Customer in User's Person Record option. For the third policy listed in the table, you check Authorize Group for Customers in User's Person Customer Access List.
If you check any of the options in the Customer Authorization section, you must ensure that you do not define any Collection restrictions for the security group. If you do so, an error message is displayed, and you are unable to save the security group.
If you want to establish both Collections and Customer Authorization security, you must create separate security groups for each of these restrictions. After you create a group that has the Collections restriction, you can assign users to the group as appropriate. You cannot have Customer Authorization and Collection restrictions defined for the same security group.