For Web Client users, administrative folders use access rights and Data Change Management to control what users can read, add, edit, and delete for the specific folder.
Access rights control the following:
- The users allowed to see information in the folder.
- The users allowed to edit folder-specific information (such as additional fields).
-
The users allowed to add and remove contacts to the folder.
However, note that Web Client users do not normally add contacts to administrative folders directly; instead, other actions they take (such as applying a contact type) triggers InterAction to add the contact to the administrative folder behind the scenes. Therefore, add and remove rights don’t usually apply in the Web Client.
Data Change Management provides an alternative way to manage submissions and removals for the folder. It can also trigger rules that submit changes to a data steward when users change contact fields such as the names and addresses.
This is not typically used for administrative folders. Contacts are typically added to these folders automatically according to folder dependency rules, so you don’t normally need data stewards to review the submissions.
For Windows Client users, folder access rights determine all access to the folder. Data Change Management is not used in the Windows Client. For details about access rights in the Windows Client, see Access Rights for Folders.
See the following sections:
Since Administrative Folders Don't Appear in the Web Client, Why Does Security Matter for Them?
It is true that administrative folders don’t appear on the Web Client as lists, the way contact types, marketing lists, and working lists do. Information from the administrative folders, however, does appear in the Web Client:
- The public folders store the contacts in the firm list. End users must have access rights to these folders for the system to work correctly.
-
The information folders store data used on the Web Client profiles. Access rights to these folders determine which users can see and edit this information.
For example, fields from the Client Financial Information folder are used on the Client profile. Users without access to this folder will not see this information.
The out-of-the-box Web Client profiles use data from information folders extensively, so setting appropriate security on them is important.
Access Rights for Administrative Folders
Access rights control the information that is sourced in the folder. This means that the access rights for the folder control both of the following:
- The users who can edit global information for contacts that are sourced in the folder. This is because access to global information depends on the folder that sources the contacts.
- The users who can edit folder-specific information for any contacts in the folder. This is because access to folder-specific information always depends on the folder or folder the information is specific to.
Which Access Rights Apply to Administrative Folders in the Web Client?
If you choose to use just access rights for an administrative folder, you can grant Web Client users the access to do the following:
| To | The user needs |
|---|---|
| See folder-specific information (such as notes or additional fields) for contacts in the folder (usually displayed on profiles). | Read access rights |
|
View activities regarding the folder Note that creating activities regarding an administrative folder is not recommended and is only available within the Windows Client. Web Client users can view and edit these activities, however. |
Read access rights Note that granting this right does not necessarily apply to all activities regarding the folder. The user creating the activity can determine who is allowed to see it. For details, see Security for Activities. |
| Add firm contacts to the folder (usually done automatically as part of another action). | Link INTO access rights |
| Edit folder-specific additional field values | Edit additional fields access rights and Link INTO access rights (see What Access Rights Do Web Client Users Need to Edit Fields on Profiles?) |
| Edit folder-specific notes | Edit notes access rights |
| Edit folder-specific activities (activities regarding the administrative folder) |
Edit activities access rights Note that granting this right to Web Client users is not recommended. |
Which Access Rights Do Not Apply to Administrative Folders in the Web Client?
The following folder access rights for administrative folders have no affect in the Web Client because they control changes that are not available in the Web Client:
- Add Contacts (note that this controls sourcing contacts in the folder; users cannot do this from the Web Client)
- Delete Contacts
- Link FROM this folder
- Folder Management
The following add/edit/delete contact detail access rights also do not apply because they control editing folder-specific information that is not available in administrative folders on the Web Client:
- Name
- Addresses
- Phones
- Electronic Addresses
- Related Contacts
- Activities (note that although Web Client users cannot add activities to administrative folders, they could edit administrative folder-specific activities if they were granted the Edit Activities right. In general, to avoid confusion you should not grant users Edit Activities rights on these folders)
- Classifications
What Access Rights Do Web Client Users Need to Edit Fields on Profiles?
The edit additional fields access right gives users the ability to edit any of the folder-specific additional fields for a folder. For example, if you grant Ed Roberts this access to the Personnel Information folder, he can edit the additional fields displayed on the Personnel profile for a contact in this folder.
However, this access is not sufficient in all cases. Most of the out-of-the-box profiles appear for a contact based on whether the contact has a particular contact type. The fields displayed on the profile come from the separate information folder. This means it is possible for a contact to display a profile page with folder-specific fields from a folder that does not yet contain the contact.
In this case, a user with just edit additional fields access rights will not be able to edit the fields. A user with both edit additional fields and link into rights can edit the fields. Entering and saving a value will automatically link the contact into the folder.
For example, suppose Ed Roberts notices that the contact Jane Tarnoff isn’t listed as an Alumni, even though she worked at his organization several years ago. He assigns the Alumni contact type and then navigates to the Alumni profile. This profile displays fields from the Personnel Information folder. Ed wants to edit the “Date Left Firm” field.
Since the contact for Jane is not yet in the Personnel Information folder, Ed can only edit the fields if he has link into access rights to the Personnel Information folder. Once he enters the data, the contact will automatically be added to Personnel Information. At this point, any user with edit additional fields access to the folder can edit the fields.
If Ed doesn’t have the link into access, he will have to wait until Jane is added to the Personnel Information folder. This happens automatically when the folder dependency analyzer process runs, so this is normally a temporary situation.
To prevent user confusion, you should assign the edit additional fields and link into access rights to Web Client users together.
Data Change Management for Administrative Folders
Since users can only add contacts to administrative folders indirectly, Data Change Management is not normally used on these folders.
When configuring Data Change Management, you can also set up other rules to manage name, phone, and address information. For example, you can set up a rule that specifies that any changes to phone numbers for contacts on the folder will be reviewed by a data steward. These rules are typically used on contact types and not on administrative folders.
One exception would be if you wanted a special folder that would store very important contacts that require very strict rules for editing. In this case, you could set up the rules on an administrative folder, add the contacts to the folder, and use Data Change Management to handle any edits to the contacts. In this scenario, you might put the contact for your own company in this folder to prevent users from inadvertently changing it.
When using Data Change Management, the folder access rights for notes and additional fields still apply. For more about how access rights and Data Change Management work together, see When Are Access Rights Overridden by Data Change Management?.