Record Level Security

When you set up security roles, you can control the specific records that the role can access and what they can do with those records. This is called record level security or row level security.

You can also specify the type of access the role has to a group of records: read only, modify only, add/modify, or full.

You set up record level security on the Record Access tab of Configuration > Security > Roles.

Record level security works in conjunction with Vision lookups. When a user displays a lookup list, the list includes only those records that the user's role is able to access. The user cannot navigate to any records that they do not have permission to access.

Record level security also works in conjunction with the work breakdown structure and other hierarchical structures in Vision. For example, if a role has access rights to a project (level one of the work breakdown structure), then that role can also access to phases (level two) and tasks (level three) within that project. However, if a role only has access to a specific phase of a project, the role can only access tasks within that particular phase.

Examples

For example, a project manager has full access to the Employee Info Center and Project Info Center, whereas a project consultant only needs read access to the Project Info Center.

In a more complex example, a project manager named John James only has read access to the Opportunity Info Center records for the state of Missouri.

Access

The Record Access tab of Configuration > Security > Roles lists all of the Vision application areas. For each application area, you can choose one of the following access levels:

  • Read Only — The role can look at records but not add, modify, or delete record information.
  • Modify Only — The role can look at records and make modifications to information, but cannot add new records or delete records.
  • Add/Modify — The role can look at, modify, and add records, but cannot delete records.
  • Full — The role has full rights to the records. This includes the ability to read, add, modify, and delete records.

Record Level View

Click in the Record Level View field to display the lookup for an application area. Use the lookup to enter criteria that defines the records that the role can view.

Record Level Update

Click in the Record Level Update field to display the lookup for an application area. Use the lookup to enter criteria that defines the records that the role can update.

The choices that you make here must be consistent with the role's access level. For example, if a role has Read Only access rights to an application area, you cannot then give the role update privileges to records in that application area.