Throughout InterAction, there are two key levels of information – global and folder-specific. These two levels are both controlled by access rights:
- A user’s access to a contact’s global information depends on his or her access rights to the folder that sources the contact.
-
A user’s access to a contact’s folder-specific information depends on the access rights to the folder to which the information is specific.
For more about folder-specific vs. global data, see Folder-Specific and Global Data.
Note that security for activities is handled differently than this. For details, see Security for Activities.
You can assign access rights to an individual user, a group of users, or all users. Although access rights are always assigned to folders, the different rights control different levels of information:
- Folder-level actions, such as seeing the information in the folder, and adding/removing contacts.
- Contact-level actions, such as editing a contact’s name or adding a phone number.
- Folder management and administration actions such as defining additional fields or deleting a folder.
Access rights work differently in the Windows Client and the Web Client for two reasons:
- Many actions aren’t available to Web Client users. For example, Web Client users cannot delete marketing lists, so the administrative access rights needed for this action don’t apply to marketing lists. They do apply to working lists since Web Client users can manage those folders.
- Many contact-level edits (such as editing names and addresses) on firm contacts use Data Change Management instead of access rights. For these changes, the access rights are essentially overridden in the Web Client.
Access rights have absolutely no affect on user contact lists – a user contact list is only accessible by the user and his or her proxies.
The restrictions and possible actions Web Client users can perform differs between the folder classes. For details about how access rights work with each folder class, see the following:
- Web Client Security for Contact Types
- Web Client Security for Working Lists
- Web Client Security for Marketing Lists
- Web Client Security for Administrative Folders
For details about access rights, see the following topics:
- Available Access Rights
- Automatically Assigning Access Rights
- Exactly What Access Rights Do Web Client Users Need?
Available Access Rights
The following table lists the available access rights and the actions controlled by that right. You set access rights in the New/Edit Access Rights dialog box in the Windows Client.
Access Rights for Folders
| Access Right | What it Allows |
|---|---|
| Read |
Allows you to see contacts contained in the folder. Also allows you to see any folder-specific information for the folder, such as additional field values. Note that a user does not necessarily need Read access to a folder to see folder-specific activities in the folder. The user creating the activity can specify who is allowed to see the information; for details, see Security for Activities. |
| Add Contact |
Allows you to create a contact sourced in this folder. If users don’t have add contact access to the source folders for firm contacts, they cannot create firm contacts and InterAction cannot behave correctly. For details about these folders, see Sourcing Firm Contacts. |
| Delete Contacts | Allows you to delete a contact from this folder (if the folder sources the contact) or remove a contact from this folder (if the contact is linked into the folder). |
| Link Contacts FROM this Folder |
Allows you to link a contact that is sourced in this folder into another folder. Users should only have this access right for the source folders (Firm Contacts - People and Firm Contacts - Companies). For details about these folders, see Sourcing Firm Contacts. |
| Link Contacts INTO this Folder | Allows you to link a contact that is sourced in another folder into this folder. |
| Folder Management |
Allows you to do several folder management tasks:
Note that these rights can be broken out into individual components. You assign individual contact data rights in the Advanced Access Rights Options dialog box. |
|
Contact Data Note that these rights can be broken out into individual components. For example, instead of assigning add all contact data, you could just assign add addresses. You assign individual contact data rights in the Advanced Access Rights Options dialog box. |
|
| Add |
Add all types of folder-specific data to contacts:
|
| Edit |
Edit all types of folder-specific contact data:
|
| Delete |
Delete all types of data to contacts:
|
| Folder Administration | |
| Folder Administration |
This access right grants all folder, contact data, and folder management rights. It also gives the ability to do the following:
A user with Folder Administration access rights to a folder can edit data sourced in the folder even if the data is owned by a user or by an external program (through Application Collaboration). |
Every folder has an owner. This defaults to the user that created the folder and is only different if ownership has been changed. Only a user with Folder Administration access rights can change the ownership of the folder. By default, a folder owner has all access rights to the folder, but this can be changed.
The folder owner is normally the person responsible for the folder. Since the folder creator is assigned ownership by default and owners automatically get all access rights initially, this also ensures that a user has full access to any folders he or she creates.
New/Edit Access Rights Dialog Box
Advanced Access Rights Options Dialog Box
Exactly What Access Rights Do Web Client Users Need?
Web Client users need the following access rights for the different types of folders they encounter in the Web Client.
The Public Source Folders (Firm Contacts - Companies and Firm Contacts - People)
InterAction comes with the correct access rights settings for these folders. These should not be changed. Denying Web Client users proper access to the source folders essentially cripples InterAction. The following access rights are needed:
- Read access to be able to see firm contacts and function in the Web Client.
- Add Contacts access in order to add new firm contacts.
- Link From access rights in order to add firm contacts to marketing lists and working lists.
- All add, edit, and delete contact data rights.
Contact Types
Users who need to see that a contact type is applied to a contact need Read access. They do not need any other rights – when users edit the set of contact types for a contact, the changes are managed by Data Change Management instead of traditional folder access rights. For details, see Access Rights and Data Change Management.
If the contact type has additional fields that users need to edit, they need the edit additional fields rights. Also, if you want to allow Web Client users to create and edit folder-specific phones and addresses on contact types, they will need the related contact data rights for phones and addresses. Note that Data Change Management rules do not apply to changes to folder-specific phones and addresses.
Information Folders Used for Profile Information
Users need Read access in order to see the profile information stored in the folder. For example, the Client Financial Information folder contains several additional fields for storing client revenue numbers. This information appears on the client profile page. Users with Read access to the Client Financial Folder see the data on the client profile page; users without Read access to the folder do not see the information.
If users need to edit the profiles, they need edit additional fields and link into access rights. For details, see Web Client Security for Administrative Folders.
Marketing Lists
Users need the following access, depending on your goal with the marketing folder:
- Read access allows the user to see the list of contacts included in the marketing list. The user can also see whether or not a particular contact is on the list.
- Link Into access allows the user to add additional contacts to the marketing list.
- Delete Contacts access allows the user to remove contacts from the marketing list.
- Add, Edit, and Delete Phones and Addresses access allows the user to manage folder-specific phones and addresses for contacts on the list.
Therefore, if you want professionals to contribute to the list, grant both Read and Link Into access rights. If you want them to see the list but not add to it, grant just Read access rights. If they should not even be aware that the list exists, grant no access. In addition, you may want to assign Add and Edit Activities rights if users need to create and edit activities regarding the marketing list.
You can configure a marketing list to use Data Change Management instead of access rights. In this case, the rights described for contact type folders above apply instead.
Working Lists
Web Client users can create and manage working lists. These folders use their own “model” for determining access for Web Client users. The rights needed by an individual user vary depending on what they need to do with the folder; for details, see Web Client Security for Working Lists.