Understanding Rights
There are three general ways to provide access to information and functionality in TeamConnect:
- Assigning rights
- Setting user type
- Assigning object views
Using this Section
- Read Understanding Rights to get an overview of how rights work in TeamConnect. Review the examples provided to apply the concepts to scenarios you might use.
- Use specific procedures to navigate to application pages for assigning rights. For example:
- Refer to the appendixes for detailed descriptions of available rights. For example:
- For more information, see Creating or Editing Users, Changing Group Default Object Views.
Types of Rights
Rights are used to assign access to view and work with:
- Records
Categories, custom fields, custom blocks, forms - TeamConnect features or areas
- Tools
Rights are also divided into three groups:
- Rights for End-users—Majority of these rights affect viewing and working with records, categories, and custom fields. This group also includes rights to areas, such as Preferences.
- Rights for Administrators—These rights affect viewing and working with user and group accounts, the Admin Settings area, and logs.
- Rights for Solution Developers—These rights affect customizing and managing Custom Tools, Global Navigation toolbar, Home Pages, Lookup Tables, Miscellaneous Settings, Object Definitions, Portal Panes, Routes, and viewing and working with System Settings (from the Designer area of the application).
Rights for End-Users
The rights grouped under the User Rights list view (from a user record's System Rights page) refer to rights that are expected to be assigned to a group of end-users.
- Records:
- Account
- Appointment
- Contact
- Document
- Expense
- History
- Invoice
- Task
- Project
- Categories, custom fields, custom blocks, or forms for the record types listed above
- TeamConnect features or areas:
- User Preferences
- Scheduled Actions
- Tools (for more information, see Assigning Group Tool Rights)
Note: Users can also set access rights for individual records.
TeamConnect Legal Matter Management Records
- Advice & Counsel
- Cost Center
- Dispute
- Transaction
Rights for Administrators
- Records:
- Groups
- Users
- TeamConnect features or areas:
- Admin Settings—System settings that are available from the Admin tab.
- Logs—The Logging area includes system loggers, system appenders, audit loggers, and audit appenders.
Rights for Solution Developers
When assigning rights to a group of solution developers, you will typically assign rights to view or work with TeamConnect features or areas:
- Administer Custom Tools—Allows management of custom tools.
- Global Navigation—Allows customization of the global navigation toolbar and links that display under the toolbar.
- Home Pages—Allows management and customization of home pages in TeamConnect after logging in.
- Lookup Tables—Allows management and customization of system lookup tables, custom lookup tables, and multi-currency lookup tables in TeamConnect.
- Miscellaneous Settings—Allows management of custom fields that should be considered part of a user's system preferences. Custom fields added to the Designer application, Miscellaneous Settings page correspond to fields that display on a user's Preferences area, Other Settings page. Also includes rights to override record edit locks and to override system search results limits.
- Object Definitions—Allows management of system and custom object definitions (record types).
- Portal Panes—Allows management and customization of applets that are available for user home pages. Portal Panes can be information-driven, for example, containing TeamConnect search views or RSS feeds. In addition, Portal Panes can be functionality-driven, for example, containing links to frequently used areas, such as workflow approval or record creation wizards.
- Routes—Allows management and customization of the part of a workflow approval rule where approvers, reviewers, process managers, and email notifications are defined.
- System Settings—From the Designer application, these are TeamConnect system settings that apply to all users, including Rule Execution, Default Object Views, Authentication Plug-In (default and custom plug-ins), and Clear Cache Properties. These rights also allow access to manage system appenders and audit appenders.
Access Rights to TeamConnect Designer
If you assign any of the following rights to a group (from a group record's System Rights page), its members will be able to access the Designer area of TeamConnect by clicking a Setup link from the upper right corner of TeamConnect:
- Any rights resulting from the Setup Rights view.
- Any rights resulting from the Administer Custom Tools view.
- Any rights resulting from the Global Navigation view.
- Any rights resulting from the Home Pages view.
- Any rights resulting from the Lookup Tables view.
- Any rights resulting from the Custom Lookup Tables view.
- Any rights resulting from the Multi-Currency view.
- Any rights resulting from the Miscellaneous Settings view.
- Any rights resulting from the Object Definitions view.
- Any rights resulting from the Portal Panes view.
- Any rights resulting from the Routes view.
- Any rights resulting from the Global Navigation view.
- Any rights resulting from the System Settings view (under the Setup rights list).
A second browser window will open with the Designer area of the application. The initial browser for the User area of the application will remain open.
Rights related to Solution Developers are described in the appendix, Rights for Solution Developers.
Tips
- If a user is a member of multiple groups, the rights that the user inherits are cumulative. The user inherits all rights assigned to all groups.
- Categories only apply to rights for record types that end-users work with, but not to rights for administrators. For example, when assigning rights to work with user records, you do not need to assign rights to associated categories.
- There are additional rights dependencies that may result in users not able to view expected data. Such data may display as "SECURED". See each record type's rights in the appendix, Rights for End-users, for more information.
- For example, if you do not give the user or group at least the Read right to Contact, the user or group is unable to add or see appointment attendees, vendors in invoices, contacts associated with tasks and expenses, task and project assignees, and so on, even if the group or user has all the appropriate rights to Appointment, Task, Invoice, and project records.
- Similarly, if you do not give at least the Read right to a custom object, the user or group is unable to see or select the records of this custom object as parents in other custom object records, as posting criteria in accounts, or see custom fields of type Custom Object with this object, and so on.
- Pre-population rules do not check the current user's rights when they trigger the creation or update of object records. For example, a user without rights to create an account could create a project and automatically trigger a pre-population rule that creates an associated account. You should test and review your templates and pre-population rules to make sure that they comply with your organization's security policies.
Rights for System Record Types
This section describes commonalities among rights to view and work with system record types (records that are provided standard with TeamConnect).
From a group's System Rights page, if you select a record type from the View drop-down list, the page will be updated with a list of rights for that record type.
Each record type's rights can be broken down into two groups:
- Basic rights—Include the minimal rights required to view or work with a group of records. These rights include:
- View records—Allows searching, viewing, and printing records.
Allows access to the list page for a record type, advanced search page for a record type. Allows access to General and Workflow pages for contact records.
For example, if you assign the View Contact Records right to a group, group members can view the Contact List page, Advanced Contact Search page. In addition, group members can open contact records and view the records' General and Workflow pages. For example, see Example for Assigning Rights to View Contacts. - Edit records—Allows editing, searching, viewing, and printing records.
Allows access to the list page for a record type, advanced search page for a record type. Allows access to General and Workflow pages for expense records. For example, see Example for Assigning Rights to Edit Contacts. - Create records—Allows creating and printing records.
Allows access to the list page for a record type, advanced search page for a record type. Allows access to General and Workflow pages for expense records. For example, see Example for Assigning Rights to Create Contacts. - Delete records—Allows deleting, searching, viewing, and printing records.
Allows access to the list page for a record type, advanced search page for a record type. Allows access to General and Workflow pages for expense records. For example, see Example for Assigning Rights to Delete Contacts.
For Edit, Create, and Delete record rights, a group must also have View record rights. The corresponding ability to search, view, and print records results.
- View records—Allows searching, viewing, and printing records.
- Additional rights—Allow access to view or work with additional pages that belong to the record type, for example, the Security page. These rights typically vary per record type. In addition, these rights require that the View records and/or Edit records rights for the record type have also been assigned.
For example, if the Expense Post right is assigned to a group, group members can post expenses. This right applies to certain record types but not all.
Note: There may be exceptions for each record type's rights to General pages or other page. Refer to the appendix, Rights for End-users, for details.
Records Linked From Other Records
Certain records, such as Documents and Histories, appear as pages that belong globally to other records. For example, if a group has rights to work with Documents, then from any system object record (Contact, Expense, Account, Appointment, etc.), a group member will see a page link for Documents associated with that record.
Certain records appear as pages that belong to specific other records. For example, the following list displays records that appear as page links for other records:
- Document—If rights are assigned for Document records, a Documents page link will be available from all system object records.
- History—If rights are assigned for History records, a History page link will be available from all system object records.
- Account—If rights are assigned for Account records, an Accounts page link will be available from Project (custom object) records.
- Expense—If rights are assigned for Expense records, an Expenses page link will be available from Project (custom object) records.
- Task—If rights are assigned for Task records, a Tasks page link will be available from Project (custom object) records.
- Attendee—If rights are assigned for User, Groups, or Contact records, an Attendees page link will be available from Appointment records.
- Appointment—If rights are assigned for Appointment records, an Appointments page link will be available from Project (custom object) records.
Tips and Warnings
-
Administrator rights, such as rights to view or work with User Accounts, are assigned at the record type level but do not have associated categories and custom fields.
- Assigning rights to the Documents record type affects user access to the Documents sub-page of all records. Also note that assigning the Create Document records right (to upload documents to a record) requires assigning the View Document records right. For additional information on operations that are available with the Create Document records right, see Document Rights.
- If rights are assigned for a group, including Create and Edit record rights, it is likely that Create, Edit, and Delete rights to sub-pages and sections that are part of that record type will also be assigned.
- Certain records, such as invoices, tasks, and expenses, require additional operations such as:
- Post
- Void
- Assign Task
- You can also set rights for individual records.
Prerequisites for Rights to System Record Types
There are commonly repeating prerequisites to assigning rights. Descriptions follow for basic record rights and well as rights to sections or pages associated with a record type.
Requirements for Basic Record Rights
The following list describes the dependencies between basic rights for records. Rights like View Contact records and Create Contact records do not have any prerequisite rights.
- View records—No additional rights required.
- Edit records—Requires View records.
For example, if Edit Contact records rights are assigned, View Contact records rights must also be assigned. - Create records—Requires View records.
- Delete records—Requires View records.
For example, if Delete Contact records rights are assigned, View Contact records rights must also be assigned.
Requirements for Additional Rights to Records
The following list describes the dependencies between rights for additional record pages, such as the Security page. Generally rights for additional record pages require the corresponding View record right. For example, to assign View Expense Security, View Expense records must also be assigned.
- View Record section/page—Requires the corresponding View records right.
For example, if View Contact security rights are assigned, View Contact records rights must also be assigned. - Edit Record section/page—Requires the corresponding View records right, Edit records right, and View Record section/page right.
For example, if Edit Contact security rights are assigned, View Contact records, Edit Contact records, and View Contact security rights must also be assigned.. - Create Record section/page—Requires the corresponding View records right, Edit records right, and View Record section/page right.
- Delete Record section/page—Requires the corresponding View records right, Edit records right, and View Record section/page right.
Rights Impacts on Related Records
For system record types, user access to certain record pages (such as Documents, History) depends on rights set at the Document record rights and History record rights level.
For custom objects (projects/matters), user access to record pages (such as Involved) depend on rights set within the custom object record rights.
Rights for Categories and Custom Fields
Generally rights are assigned to a category as a prerequisite to assigning rights to its associated custom fields, sections, and forms. Access to categories and custom fields also require access to the related record type. Users looking to set or configure Group Rights should view the following pages for further detail: Hierarchy Overview of Group Rights, Assigning Group Category and Custom Field Rights, Example for Assigning Rights to Contact Categories and Fields.
Types of Category Rights
By default, each record type has two categories, the base category and a Default category. Typically, a TeamConnect Certified Professional will add additional categories for your company. These custom categories will have corresponding rights.
Each category for a record type has the corresponding rights:
- View Category
- For the base category, allows viewing the Categories page or section of the record.
- For the Default category or custom categories, allows viewing the selected category from the Categories page or section.
- Add Category—Allows adding the category for the record.
- For tasks, expenses: allows selecting a default category. This requires both add and remove rights.
- Remove Category—Allows Removing the category for the record.
- For tasks, expenses—allows changing a default category. This requires both add and remove rights.
- View All Custom Fields
- Allows user complete view rights for all subfields on the category. If this is not checked, users will not be able to add Edit All Custom Fields, as View rights are a precursor to editing.
- Edit All Custom Fields
- Allows user complete edit rights for all subfields on the category.
Individual Fields
For example, for contacts, the corresponding base category rights are View Contact category, Add Contact category, and Remove Contact category.
If a custom category, Contractor, were added for contacts, the corresponding category rights would be: View Contractor category, Add Contractor category, and Remove Contractor category. See Example for Assigning All Rights to Contacts Pages and Fields and Example for Assigning Rights to Contact Categories and Fields for examples on assigning rights to categories and custom fields.
Tips
- For accounts, contacts, invoices, projects, appointments, documents, involved's, and histories— the base View Category right allows viewing the selected category from the Categories page or section.
- For tasks, expenses—the base View Category right allows viewing the selected category from the Category drop-down list on the General page.
- The list of categories in the Categories drop-down list in the Categories block displays only those categories to which the user has the Create rights.
Types of Custom Field Rights
Each custom field that is associated with a record type's category has the corresponding right:
- View Custom Field—Allows viewing the custom field, form, or section.
- Edit Custom Field—Allows entering, changing, deleting field values in the custom field, form, or section.
For example, for expenses, the corresponding base category's custom field rights are View Contact custom fields and Edit Contact custom fields.
If a custom category, Contractor, was added for contacts, and a custom field, Private Investigator, was added, then the corresponding custom field rights could be: View Contractor custom fields and Edit Contractor custom fields.
Differences in Category Functionality
There are several groups of objects that have different functionality on their record screens in the user interface. These groups of objects are:
- Account, Contact, Invoice, Project (custom object)—Record screens of these objects have a Categories system block where the user, depending on his or her rights, can work with the appropriate categories.
In the Categories drop-down list of the Categories block, the user can see all categories for which he or she has Create rights; these are the categories that the user can add. Below the data entry fields, the user can see all the existing categories that are added to each record. Depending on his or her rights, the user might be able to delete these categories. - Task and Expense—Record screens of these objects do not have a separate Categories block. Instead, they have a Default Category field in the General block where the user, depending on his or her rights, can work with the appropriate categories.
By selecting a category in this field, the user does the following:
- Adds this category to the record.
- Deletes the previously selected category.
- Appointment, Document, History, and Involved—The record screens of these four objects do have a separate Categories block like most system objects. Yet they also have the Default Category field in the General block, which results in the following functionality:
- Depending on their rights, users can add the appropriate category and set it as the default by selecting it in the Default Category field.
- However, by selecting a new default category, the user does not delete the previous default category from the record. It can be deleted only by using the Categories block.
Tips
- Rights for adding categories allow users to select or activate a category for the specified record type. Generally the active categories act like filters to provide or restrict access to related custom fields. Categories are created by solution developers with the exception of the primary and default categories, which are provided for every record type.
- Rights for removing categories allow users the ability to deactivate a category for the specified record type. Afterward, the result for the user is that any related custom fields for that category will be hidden from the Details page or Details section. Categories can only be deleted from the system by solution developers.
- Solution Developer Rights to work with Categories and Custom Fields only apply to rights for records (except users and group).
Prerequisites for Rights to All Categories and Custom Fields
There are commonly repeating prerequisites to assigning rights. Descriptions follow for rights to all categories and well as rights to custom fields for a record type.
Requirements for Rights to All Categories
The following table describes the dependencies between rights to access all categories for a record type.
Dependencies for Rights to all Categories for a Record Type
Rights |
Also Requires ___ Right |
Example |
---|---|---|
View Record all categories |
View Records |
For example, if the View Contact all categories right is assigned, the View Contact Records right must also be assigned. |
Add Record all categories |
View Records Edit Records View Record all categories |
For example, if the Create Contact all categories right is assigned, the following must also be assigned:
|
Remove Record all categories |
View Records Edit Records View Record all categories |
Requirements for Rights to All Custom Fields
The following table describes the dependencies between rights to access all custom fields for a record type.
Dependencies for Rights to all Custom Fields for a Record Type
Rights |
Also Requires ___ Right |
Example |
---|---|---|
View Record all custom fields |
View Records View Record all categories |
For example, if the View Contact all custom fields right is assigned, the following must also be assigned:
|
Edit Record all categories |
View Records Edit Records View Record all categories |
Prerequisites for Rights to Single Categories and Custom Fields
There are commonly repeating prerequisites to assigning rights. Descriptions follow for basic record rights and well as rights to sections or pages associated with a record type.
Requirements for Rights to Individual Categories and Custom Fields
The following generally apply to all record types that are standard with TeamConnect:
- When assigning view or edit rights to a custom field, the corresponding rights to the related category are also required.
- Update rights to custom field requires view rights to custom field and view rights to related category.
The following table describes the dependencies between rights to access an individual category for Account, Contact, Invoice, Project (custom object).
Dependencies for Rights to a Category for a Record Type
Rights |
Also Requires ___ Right |
Example |
---|---|---|
View Record category |
View Records |
For example, if the View Contact Employee category right is assigned, the View Contact Records right must also be assigned. |
Add Record category |
View Records Edit Records View Record category |
For example, if the Create Contact Employee category right is assigned, the following must also be assigned:
|
Remove Record category |
View Records Edit Records View Record category |
The following table describes the dependencies between rights to access a custom field for a record type.
Dependencies for Rights to a Custom Field for a Record Type
Rights |
Also Requires ___ Right |
Example |
---|---|---|
View Record custom field |
View Records View Record category |
For example, if the View Contact Full-time custom field right is assigned (associated with the Employee category), the following must also be assigned:
|
Edit Record custom field |
View Records Edit Records View Record category |
Categories can be created with parent-child hierarchies.
The following table describes the dependencies between rights for categories with parent-child relationships for a record type. For the example column, assume that categories have been added to the Contact object definition.
Dependencies for Rights to Categories with parent-child relationships for a Record Type
Rights |
Also Requires ___ Right |
Example |
---|---|---|
View Record category (child) |
View Records View Record category (parent) Add Record category (parent) Remove Record category (parent) |
For example, if the View Contact all categories right is assigned, the View Contact Records right must also be assigned. |
Add Record category (child) |
View Records Edit Records View Record category (child) View Record category (parent) Add Record category (parent) Remove Record category (parent) |
For example, assume that a solution developer has created a parent category, External, for Contacts. Also assume that a child category, External Court, was created for Contacts. Assigning the Add External > Court category right requires assigning the View External > Court category, Add External category, and View External category rights. |
Remove Record category (child) |
View Records Edit Records View Record category (child) View Record category (parent) Add Record category (parent) Remove Record category (parent) |
Rights for Custom Record Types
Individual records of custom objects are collectively called Projects in the standard TeamConnect documentation. Depending on the number of custom objects defined for your organization, there are several sets of these rights, each group listed under the object's name in the View drop-down list on the Rights and Category Rights pages in user and group accounts, for example Claim, Policy, and Matter. Every time a new custom object, and embedded custom object, is created, a new set of rights are automatically added to the list.
Each set of rights for custom object records includes the following object-level and category-level rights:
- To the custom object itself—Refer to Project/Matter Rights.
- To the custom object's Involved object—Refer to Project/Matter Involved Rights.
Rights for TeamConnect Features or Areas
TeamConnect areas include Admin Settings and System Settings. Rights to areas generally include view rights to the related pages and edit rights to change values from related pages. The table below provides a summary of rights to TeamConnect areas that can be assigned and the resulting user features.
Rights to Team Connect Areas
Rights |
Related Functionality |
---|---|
View |
Viewing related pages |
Edit |
Entering, changing, or deleting values from related pages |
For example, if the View Admin Settings records right is assigned to a group, group members can view the Admin Settings pages and configured values. In addition, group members can view the Logging pages for system logs and audit logs.
For example, if the Edit Admin Settings records right is assigned, group members can edit the Admin Settings pages. In addition, group members can edit system logger levels, clear system and audit logs.