Authorisation in OutSite
Your website gives a visitor insight into the data in Profit. If your site is set up correctly, different types of visitors see different information on your site. You would not want an anonymous visitor to see customer-specific information. By authorising data, you ensure that the information you display on your site is only available to the correct visitor.
To secure your data, you must:
- Know which visitor visits or logs on to your site (authentication).
- Authorise your data so that the visitor only sees the data that he/she has rights to (authorisation).
You authorise the functionality in OutSite by linking authorisation roles to contact persons.
Example:
Only registered sales contacts can make an appointment with an account manager using a link on your website.
Depending on the authentication level, you determine the required data in zero, one or more steps.
|
Content |
Video
Description
Depending on the authentication level, you determine the required data in zero, one or more steps.
Authorisation means assigning privileges within a site. You use authorisation to ensure that specific functionality is available to some visitors but not to others.
Because authorisation roles are available, you do not need to know exactly which screens, tabs and other components belong to a function.
Some functionality is available at the person level, such as the My details functionality: everyone who logs on (i.e. every person) can see their own details. Other functionality is only available for persons with a specific role: for example, in the customer portal, not everyone can add a contact person. This is only allowed for people with the Customer portal administrator role. If a visitor logs on to the customer portal without the role of customer portal administrator, then this person may view and change their own personal details, but not the organisation details of their organisation. You specify if a person is a portal user or portal administrator in the contact person properties.
If new functionality becomes available via a new build or update, then a user with the correct authorisation role is immediately given access to the new function.
Authentication
You can use authentication to check if someone really is who they say they are. This always involves a check on the person and never on a company or department. Visitors to your website authenticate themselves by entering a username and password.
To simplify the authorisation set up, we make a distinction between different types of visitors:
Visitor type |
Logged on? |
Access to |
Anonymous visitor |
No |
Anonymous part of the website |
Person |
Yes |
View personal details
|
Portal user of a sales contact |
Yes |
View and change personal data, View organisation data.
|
Portal administrator of a sales contact |
Yes |
View and change personal details.
|
Site administrator |
Yes |
All parts of the site. The site administrator is an employee of your own organisation who maintains the website.
|
In a diagram, this looks as follows:
In this diagram, EnYoi ICT Services is your own organisation.
Procedure
- Add a site manager
- Add a portal user
- Visit the site as a logged on user
- Add a contact person
- Change a contact person
- Contact persons overview
- Revoke rights from a contact person
- Delete a contact person
- Change a password
- Forgotten password
- Authorisation roles
Also see
- E-mailing permission authorisation
In the properties window for a person, you can start the Emailing permission action if you are authorised for this.