Controlling access to customer information

Defining customer objects to determine access
In a multiple-customer environment, the data that is restricted is determined by customer objects. These objects contain conditions that specify access to customer-level information. You can use the default set of customer objects without modification if these objects meet your needs. You can change the restrictions that are specified by these objects, and you can create your own customer objects.

Defining security policies
You can set up security policies that you use to restrict customers to their own data and restrict your employees to the data records of one or more customers. You create these policies only if customer data segmentation is important to you. If customers do not log in to your system, or if you do not want to segment your workforce, either or both of the security policies are not required.

Applying security policies to customers and employees
After you define security groups and establish policies that you want to enforce for customer, employees, or both, you can specify customer and employee users as members of the relevant groups. After you do so, the specified customer and employee users are restricted to customer records as defined in your policies.