Rights in Aurea CRM
Access rights for reps, rep groups and stations must be defined in accordance with your company structure and communication model.
You need to ensure that the responsibilities for maintaining data are clearly defined to guarantee that data can be communicated and that new and edited records can be integrated correctly.
- Module access rights are determined for each user when configuring their login, see Configuring Logins.
- CRM Process access rights can be defined in both the system-wide process CRM configuration and for each login role, see CRM Process Configuration.
- Info area and field access rights are defined for stations, groups, reps and login roles in the Rights info area, see Defining Access Rights and Assigning Rights. Access rights are cumulative and can be extended either globally or locally, see Rights Hierarchy.
- You can also split by tenants, see Tenants.
Rights Hierarchy
Aurea CRM's rights system operates on multiple levels. Access rights are combined at runtime and are applied in the following order:
- Station access rights apply to all users who log on to the station the access rights
are assigned to, see Defining a Station.Note: For all Aurea CRM products apart from Aurea CRM win, Station rights are defined in the database of the current station. However, you can also apply the station rights of another station. Create a file $$AS in the \system\sys directory e.g. of Aurea CRM web. If this file contains another station number than that of the current station, the access rights defined for that station apply. This $$AS file created should be in plain text encoded in ASCII or UTF8 without BOM. It must not be encoded in UTF8+BOM as this results in errors.
- Group access rights apply to all members of the (rights) group the access rights are assigned to, see Defining Groups.
- Rep access rights apply to individual reps, see Defining Reps.
- If a rep logs on using one or more roles, the access rights assigned to the login roles are also applied with the priority defined in the login roles, see Login Roles.
You can merge two or more rights formats in a single rights format in order to display or test the combined settings, see Merging Access Rights.
By default, the restrictions defined are cumulative and combined using a logical AND. You cannot remove a restriction defined in station access rights using rep access rights. To partially or completely override the rights hierarchy, you need to inherit access rights, see Inheriting Access Rights.
Rights restrictions are not automatically propagated to child infoareas and elements. The rights in such cases need to be inherited and configured specifically in the inheritance settings. To understand inheritance properties for access rights, see Inheritance Properties per Element. To configure access rights, see Inheritance Settings.
Rights and Communication
The access rights defined in the Rights info area are not applied during communication.
For further details, see Communication in the Aurea CRM win Administrator Guide.
If a user has been granted the privileges necessary to log on to the Communication module and initiate communication, the rep's access rights are not applied during communication.
This is necessary in order for new catalog values to be exchanged and for new information to be added to records the user can read but not edit.
Rights and Import/Export
All restrictions defined for a rep in the rights format also apply during the import or export of data, see Import/Export in the Aurea CRM win Administrator Guide.
For example, if mandatory fields are defined for a rep, all imported records where the mandatory field is empty are rejected. Conditional access rights (Condit. Update) can also affect the import, for example restrictions on editing or adding records.
In contrast, no restrictions are imposed on the administrator when importing and exporting data. However, triggers defined for the station are still initiated.
When importing, values are only entered in the Upd and Updated at fields if a new record is added.