Defining Tenant Rights

The Tenant Rights info area is used to specify which data and catalogs are separated by tenants.

In general, the following tenant rights should suffice:

  • "Standard", for most users
  • "Admin", for collective imports etc.

Defining Tenant Rights for Info Areas

To define tenant rights for info areas:

  1. Open the Tenant Rightd info area in the Rights module.
  2. Select Info Area from the context menu.

  3. Click in the Tenant No. Field column and select the field that contains the tenant number. When accessing a record in this info area, the contents of this field are compared to the tenant number of the user, group or station. When adding new records, the appropriate tenant number is entered in this field, see Assigning Tenants.

    You can choose to index the field in the SQL database in order to optimize performance when accessing this field.

    The <InfoAreaID>-TenNo field is available in the most important independent info areas (Company, Person, Campaign, Marketing Activity, Expenses, Property (BTB), Conditions (OTC) etc.). For other info areas, you can select a free field to use instead or define a field of type "mno" in the data model. If no field is available from the drop-down list in the Tenant No. Field column, you need to define a field of the type "mno" in the data model for that info area, see Aurea CRM Field Types.

  4. Enable the desired options:
    • View: Reps can only view those records that contain their tenant number (or contain no tenant number).
    • New: When a new record is added, the user's tenant number is entered in the field selected in the Tenant No. Field column upon saving. Default values or values entered manually are overwritten. You can deny access to tenant fields using access rights, in order to prevent subsequent changes to these fields, see Defining Rights at the Field Level.
    Note: If tenant rights are assigned to a parent info area, its child info areas are not automatically separated by tenant.
    • Update: Users can only edit those records that contain their tenant number (or contain no tenant number).
    • Delete: Users can only delete those records that contain their tenant number (or contain no tenant number).

    The following combinations are common:

    • View + New + Update + Delete: Read and write access is tenant-dependent.
    • New + Update + Delete: Write access is tenant-dependent. All users can view the records of other tenants.
  5. Define the tenant rights for all necessary info areas.
  6. Click (Save), see Saving, Loading and Deleting Formats in the Aurea CRM win User Manual.
  7. Assign the tenant rights to the desired tenant, see Defining Tenants.

Defining Tenant Rights for Catalogs

You can define which (variable) catalogs are identical for all tenants and which are different. For example, the Currency catalog is identical for all users, but the Marketing Activity catalog is separated by tenant.

Note: Fixed catalogs cannot be separated by tenant, see Catalogs.

To define tenant rights for catalogs:

  1. Open the Tenant Rights info area in the Rights module.
  2. Select Catalog from the context menu.

  3. Enable View or New for the appropriate catalogs.
    • View: Reps can only select catalog values containing their tenant number (or containing no number).
    Note: All catalog values are always visible to the administrator (SU).
    • New: The user's tenant number is entered when adding a new catalog value.
  4. Save the tenant right and assign it to the appropriate tenant, see Defining Tenants.
Note: If you separate a catalog by tenants, you should also do the same for those info areas that access the catalog. Otherwise, records may be displayed or saved with incomplete data. For example if a user edits a record containing a catalog value assigned to another tenant, the catalog value is deleted upon saving the record.

You can determine that certain values in catalog separated by tenants are available to all tenants, whereas others are only available to a single tenant.

Example: Standard activities in the Marketing Activity catalog should be available to all users, but not certain specific activities, see Tenants and Catalog Maintenance.

Access Rights and Tenant Rights

Data

You can separate data by tenants using either the Rights or Tenant Rights info areas:

  • You can configure tenant access rights with some effort in the Rights info area:
    1. For each info area, define a field (catalog, alphanumeric or numeric) used to store the tenant number.
    2. Define access rights for each tenant, which differs in terms of default values and conditions for this field.
    Note: This method is relatively cumbersome and prone to errors: access rights must be defined for each tenant and the correct values and conditions must be entered for all cases. Changes need to be applied to all access rights.
  • Defining tenant rights in the Tenant Rights info area has the advantage that separate access rights do not need to be defined for each tenant and default values and conditions are much clearer and easier to define.
  • If you have previously defined tenant rights using the Rights info area (using an appropriate field (catalog, alphanumeric or numeric) per info area), you can continue to use these fields or discard them and use the Maintenance or Import module to transfer existing data.

    You do not need to do this immediately when switching, but can subsequently update your settings in steps or only for some info areas.

All settings in the Tenant Rights info area are applied as those you had defined access rights in the Rights info area with conditions applied to the <xx>TenNo field.

Catalog Values

For catalogs, the settings in the Rights and Tenant Rights info areas do not overlap:

  • The Rights info area is used to define which catalogs new entries can be added to.
  • The Tenant Rights info area is used to specify those catalogs for which the tenant number should be entered when new values are added.