Authorisation
Authorisation allows you to limit users' access to specific environments, functions and data. You can ensure that users have the right access to perform their tasks, but nothing more than that.
Description
To give someone access to an environment, you must add him as a user and assign a password (which this user can change himself if he wants to). If you want to give a user access to multiple environments, you must add the user to each environment and assign rights. This makes it possible for a user to have different rights in different environments.
If an existing user should temporarily be refused access to an environment, you must block the user. You divide your users into authorisation groups. Each user can be a member of multiple authorisation groups. You then assign access rights to the Start menu, to tabs and to actions. To apply a further refinement, use filter authorisation: this allows you to limit access to certain data in a table. Using filter authorisation you can determine, for example, that a user cannot view all the debtors, but only debtors that are not blocked.
If you use Windows authentication, a user only sees the environment he has access to when logging on. If you use application authentication, the user sees all environments, including environments he cannot log on to.
You authorise users for InSite via the Authorisation tool function, supplemented by other functions. The filter authorisation applies to both Profit Windows and InSite.
Note:
Set the rights per group. You can also set (deviating) rights per user, but this makes management more difficult and less robust. If, for example, a user is given a new job and you must assign rights to a new user, you can do this quickly by adding these users to the right groups.
You can populate groups based on layers, departments or jobs in the organisation chart of Profit HR. This method has a major benefit: if, for example, an employee moves to a different department, you can quickly update his/her authorisation (based on the organisation chart!).
Effective rights per user
'Effective rights' determine what access the user actually has based on his group rights and deviations at the user level. Profit combines this data as follows:
- Group rights
If a user belongs to several groups, his access is the sum of the rights of the groups in question. If you have set rights for the same job in several groups, the broadest rights apply.
Example:
A user is allowed to view addresses via the Everybody group and maintain them via the Administration group. Based on the groups, the most extensive access applies, so this user is allowed to maintain addresses.
- Deviating rights per user have priority over group rights.
If Profit has determined the access based on groups, Profit checks if any deviations have been set for the specific user.
For rights to the menu you can expand the rights at the user level, but you cannot limit them.
For tab authorisation, filter authorisation and action authorisation, the user can have fewer rights (compared to the groups) or more rights.
Example:
A user has viewing rights for organisations and persons based on his group rights, but does not have any rights for actions.
The following deviations apply at the user level:
- Filter authorisation determines that the user can only view Dutch organisations (limitation compared to group rights).
- The action authorisation specifies that the user is allowed to perform the Renumber organisation/person action (extension compared to group rights).
Effectively, this user can view Dutch organisations and perform the Renumber organisation/person action.
Procedure
- Enforce strong passwords
You can improve the security of Profit by forcing users to use a strong password.
- Configure authorisation groups
You group the users in user groups. Each user can be a member of several user groups.
- Configure users
You manage users who should have access to Profit.
- Authorisation methods
You can authorise users in various ways, depending on your package and module composition. You start with menu, tab and action authorisation. Afterwards you can apply a more detailed authorisation.
- Authorisation in combination with Profit CRM
This section relates to the authorisations of organisations and persons and dossier items.
- Authorisation in combination with Profit HR
When you register your employees in Profit HR, you can link your employees to Profit users. As Profit for each logged in user knows which employee this is, the logged in user can, for example, view his own employee details or submit a request for leave for himself. A manager can view his own details and the details of the people he manages.
- Authorisation per administration
An environment can contain several administrations. You record some data for the entire environment and other data per administration. You always work in one particular administration, but in certain situations it is possible for data from all the administrations to be visible. In that situation you can apply filter authorisation by administration.
- Authorisation management
Due to changes to your organisation and in Profit it is necessary to regularly check and adjust the authorisation. Profit offers a number of options with which you can simplify authorisation management, among other things, by viewing reports.