crm-now logo
Appendix A. Administration Examples
Prev   Next

Appendix A. Administration Examples

Table of Contents

Example I: Organizing a very small organization
Example I: simple settings
Example I: settings with groups
Example I: settings with sharing access
Example II
Example II: Settings primary based on groups
Example II: Settings primary based on roles
Administration FAQ

This appendix discusses the security setup for example organizations and explains what individual users are allowed to do on the CRM system under certain conditions. These examples do not include all possibilities for configuring the CRM system based on a company's needs. However, we believe that the principal functions of the security features are covered so that an administrator might quickly become capable to create his or her own setup.

Example I: Organizing a very small organization

The following configuration examples are based on a sales team as illustrated in figure: Example Sales Team 1. The Sales manager is the supervisor for person 1 and 2 which are members of the Team A. The sales manager is also the supervisor of the secretary.

Figure A.1. Example Sales Team 1

Example Sales Team 1

Example I: simple settings

For the first example settings we want to have the following rules implemented for Leads:

  • Person 1 and Person 2 have the permission to create Leads that are owned by Person 1 or Person 2.

  • Person1 will have no access privileges to Leads from Person 2 and vice versa.

  • The Sales manager has all access privileges to all Leads.

  • The secretary has no privileges to access Leads.

The following settings are necessary:

Create one common profile for Person 1, Person 2 and the Sales manager:

We need one profile, called Sales which should include all CRUD privileges for Leads. Make sure that the Global Privileges are disabled.

Create one profile for the Secretary:

Based on the Sales profile create a new profile, called Secretaryprofile where the access to the Leads module is disabled.

Create three roles:

We need one role for the Salesmanager, called Sales Manager, and one subordinated role for Person 1 and 2, called Sales Men. All roles are based on the Sales profile.

In addition, we need another subordinated role for the secretary, called Secretary Sales based on the Secretaryprofile that reports to the sales manager.

Set the sharing access:

At the Organization-level Sharing Rules menu set the rules for Leads to private.

[Important]Important

Always remember: If you make changes to the sharing rules, you must hit the [Recalculate] button to make your changes valid!

Since role of the Sales manager is superior to the role of Person 1, 2 the Sales manager has all CRUD privileges to the data of Person 1 and Person2. If Person 1 or Person 2 create a Lead, the owner gets assigned. If Person1 is assigned as owner of a Lead, Person 1 and the Sales manager can access and modify this Lead. If the ownership is changed to any one member of the team (Person 1 or Person 2) then only this person and the Sales manager can access the Lead. The secretary does not see any Lead data.

Example I: settings with groups

As another example settings we want to have the following rules implemented for Leads:

  • Person 1 and Person 2 have the permission to create Leads that are owned by Person 1 or Person 2 or by the team.

  • If a Lead is owned by a single Person the other team member will have no access privileges to this Lead.

  • The Sales manager has all access privileges to all Leads.

  • The Secretary has all access privileges to Leads owned by the team.

In order to implement these rules you have several options. These options are based on the following common settings:

Create one common profile for Person 1 and 2 and the Sales manager:

We need only one profile, called Sales which should include all CRUD privileges for Leads. Make sure that the Global Privileges are disabled.

Create two roles:

We need one role for the Sales manager, called Sales Manager, and one subordinated role for Person 1, 2 and the secretary, called Sales Men. Both roles are based on the Sales profile. Since the role of the Salesmanager is superior to the role of the other users the Sales manager has all CRUD privileges.

Create one group:
Option 1:

Create a group of users, called Team A. Include the Person 1 and Person 2 and the secretary user. We have to include the Sales Manager because groups of users are independent to the role based hierarchy and we will need access to the Leads assigned to Team A.

Option 2:

Create a group of role & subordinates, called Team A. Include the role of the Sales Manager.

Option 3:

Create a group of roles, called Team A. Include the role Sales Manager, the role Sales Men.

Set the sharing access:

At the Organization-level Sharing Rules menu set the rules for Leads to private.

[Important]Important

Always remember: If you make changes to the sharing rules you must hit the [Recalculate] button to make your changes valid!

If Person 1 or Person 2 create a Lead the owner gets assigned. If Team A is assigned as owner of the Lead, Person 1, Person 2, the Sales manager as well as the secretary can access the Lead. If the ownership is changed to any one member of the group (Person 1 or Person 2), then only this person and the Sales manager can access the Lead.

Example I: settings with sharing access

As another example we want to have the following rules implemented for Leads:

  • Person 1 and Person 2 have the permission to create Leads that are owned by Person 1 or Person 2.

  • If a Lead is owned by a single Person another team member will have read only access privileges to this Lead.

  • The Sales manager has all access privileges to all Leads.

  • The secretary has View only privileges to access Leads.

In order to implement these rules I have to implement the following settings:

Create one common profile for Person 1 and 2 and the Sales manager:

We need one profile, called Sales that should include all CRUD privileges for Leads. Make sure that the Edit All check box under Global Privileges is disabled.

Create one profile for the Secretary:

Based on the Sales profile create a new profile, called Secretaryprofile where the access to Leads is set to View only.

Create three roles:

We need one role for the Sales manager, called Sales Manager, and one subordinated role for Person 1 and 2, called Sales Men. All roles are based on the Sales profile.

In addition, we need another subordinated role for the secretary, called Secretary Sales based on the Secretaryprofile that reports to the Sales manager.

Global Access Privileges:

We need to set the global privileges for Leads to Public Read Only.

[Important]Important

Always remember: If you make changes to the sharing rules you must hit the [Recalculate] button to make your changes valid!

Since the role of the Sales manager is superior to the role of Person 1, 2 the Sales manager has all CRUD privileges to the data of Person 1 and Person2. If Person 1 or Person 2 create a Lead the owner gets assigned. If Person1 is assigned as owner of a Lead, Person 1 and the Salesmanager can access and modify this Lead. If the ownership is changed to any one member of the team (Person 1 or Person 2) then only this person and the Sales manager can access the Lead. The secretary has read only privileges to all Lead data.

Prev   Next
Customer Portal Home Example II

© 2004-2011 crm-now GmbH, Berlin, Germany