Record Access Tab of Roles

Use the Record Access tab to determine a role's access rights to specific menus and records in Ajera CRM. For example, a project manager needs full access to records in the Project Info Center, but a project consultant only needs read access to these records.

Even if a role does not have access to an Info Center, you can still set up record level read and update criteria for reporting purposes. Before you can assign access rights to any Ajera CRM module, you must activate the module in Configuration > Module Activation.

Contents

Application Record Access Grid

Use this grid to control the role's access to portions of the Ajera CRM application, including access to menu items and records. Options on this grid depend on the Ajera CRM applications that are installed.

Field Description
Application Record Access Drop-down Click the drop-down arrow on a grid header to complete any of the following actions:
  • To print grid data, click Print. When the Print Preview form displays, click File > Print to send the grid data to your default printer.
  • To export grid data to an Excel spreadsheet, click Export to Excel. When Microsoft Excel opens, use its features to modify, print, or email the data, or to save the spreadsheet file locally.
  • To turn on grouping for a grid, click Enable Grouping. When a field displays with the instruction: "Drag a column header here to group by that column," drag and drop column headers into this field, in the sequence that you want them to display.

Not all options are available on all grids.

Application Select the Ajera CRM application for which you want to establish access rights. The applications that display depend on the Ajera CRM applications that you install.
Access Click in this field, and use the drop-down list to select the access rights for the selected item.
  • Read Only — The role can look at records but not add, modify, or delete record information.
  • Modify Only — The role can read records and modify information, but cannot add new records or delete records.
  • Add/Modify — The role can read, modify, and add records, but cannot delete records.
  • Full — The role can read, add, modify, and delete records.

The Access column is view-only for certain applications. You must use the Ajera CRM default for these applications.

Record Level View Click in this field, and then click to open a lookup dialog box and determine the records that members of this role can view within the selected application. For example, for the Client application, you might give a role the ability to see client information in the Client Info Center for only a subset of clients. This setting also controls the list of records that are returned in the search results list in lookup fields and user-defined lookup fields for this application that appear in other applications (such as in the Primary Client lookup field in the Project Info Center).

Client Info Center Example

You set up record level view security so that security role A can view only one client—Brown and Associates. John is assigned to role A.

Outcome:
  • In the Client Info Center, when John opens the Client lookup in the Search field, the only client that will be returned in the search is Brown and Associates. This is the only client whose record John can view in the Client Info Center.
  • In the Project Info Center, when John opens the Client lookup in the Primary Client field, the only client that will be returned in the search is Brown and Associates. This is the only client that he can assign to a project in the Project Info Center.
  • In the Project Info Center when John opens the Client lookup in a user-defined client field, the only client that will be returned in the search is Brown and Associates. This is the only, client in the user-defined client field that he can assign to a project in the Project Info Center.
The exception to this behavior is the record level view setting that you assign for the Employees Info Center. The Employees record level view setting is not applied to the Employee lookup fields in other Info Centers (for example, the Principal, Project Manager, or Supervisor lookup fields in the Project Info Center).

Employees Info Center Example

You set up record level view security so that security role A can view only one employee - Emily Collins. John is assigned to role A.

Outcome:
  • In the Employees Info Center when John opens the Employee lookup in the Search field, the only employee that will be returned in the search is Emily Collins. This is the only employee whose record John can view in the Employees Info Center.
  • In the Project Info Center when John opens the Employee lookup in the Principal, Project Manager, or Supervisor fields, all employees are returned in the search. John can assign any employee to a project in the Project Info Center.
  • In the Project Info Center when John opens the Employee lookup in a user-defined employee field, all employees are returned in the search. John can assign any employee to a project in the Project Info Center.

The role's Access settings supersede Record Level View rights. You cannot give a role permission to view a record if the role does not have permission to access the corresponding application.

The default for this field is Not in Use.

Record Level Update Click in this field, and then click to open a lookup dialog box and determine the records that this role can update within the selected application. For example, you might give a role the ability to update information about only a subset of clients in the Client Info Center.

The default for this field is Same as View, meaning that the Record Level Update setting is the same as the Record Level View setting.

The role's Access settings supersede Record Update View rights. You cannot give a role permission to update a record if the role doesn't have permission to access the corresponding application.

Options below the grid

Field Description
Allow modification of Disable Login user setting in Users when read-only access Select this option to give users in this role access to modify the enable/disable login user setting when they only have read-only access to the Users application.
Allow modification of Passwords in Users when read-only access Select this option to give users in this role access to modify user passwords even if they only have read-only access to the Users application.

Activity Access

Use these fields to determine access to Ajera CRM activities.

Field Description
Record Level View Use the lookup to select one of the following options as the criteria for the chosen info center:
  • Not in Use — Select this option to eliminate Record Level View from the Activity access rights. This is the default setting.
  • Use info center access — Select this option to apply Info Center access to the activity record access. For example, Record Access for the Client Info Center is set to all clients in California. If you set the activity access to Use info center access, then of all activities associated with a client, the role will only be able to view the activities of the clients to which it has rights (in other words, all clients in California).
  • Use query — Select this option to use a query to determine the activity access rights.
Record Level Update Use the lookup to select one of the following options as the update access for the record level:
  • Read Only — The role can look at records but cannot add, modify, or delete record information.
  • Modify Only — The role can look at records and make modifications to information, but cannot add new records or delete records.
  • Add/Modify — The role can look at, modify, and add records, but cannot delete records.
  • Full — The role can read, add, modify, and delete records.
Parent Topic: Roles Form