Rights for End-Users

The rights grouped under the User Rights list view (from a user record's System Rights page) refer to rights that are expected to be assigned to a group of end-users.

• Records:
  • Account
  • Appointment
  • Contact
  • Document
  • Expense
  • History
  • Invoice
  • Task
  • Project
• Categories, custom fields, custom blocks, or forms for the record types listed above
• TeamConnect features or areas:
  • User Preferences
  • Scheduled Actions
• Tools (for more information, see Assigning Group Tool Rights)

Note: Users can also set access rights for individual records.

TeamConnect Legal Matter Management Records

•  Advice & Counsel
• Cost Center
• Dispute
• Transaction

Rights for Administrators

• Records:
  • Groups
  • Users
• TeamConnect features or areas:
  • Admin Settings—System settings that are available from the Admin tab.
  • Logs—The Logging area includes system loggers, system appenders, audit loggers, and audit appenders.

Rights for Solution Developers

When assigning rights to a group of solution developers, you will typically assign rights to view or work with TeamConnect features or areas:

• Administer Custom Tools—Allows management of custom tools.
• Global Navigation—Allows customization of the global navigation toolbar and links that display under the toolbar.
• Home Pages—Allows management and customization of home pages in TeamConnect after logging in.
• Lookup Tables—Allows management and customization of system lookup tables, custom lookup tables, and multi-currency lookup tables in TeamConnect.
• Miscellaneous Settings—Allows management of custom fields that should be considered part of a user's system preferences. Custom fields added to the Designer application, Miscellaneous Settings page correspond to fields that display on a user's Preferences area, Other Settings page. Also includes rights to override record edit locks and to override system search results limits.
• Object Definitions—Allows management of system and custom object definitions (record types).
• Portal Panes—Allows management and customization of applets that are available for user home pages. Portal Panes can be information-driven, for example, containing TeamConnect search views or RSS feeds. In addition, Portal Panes can be functionality-driven, for example, containing links to frequently used areas, such as workflow approval or record creation wizards.
• Routes—Allows management and customization of the part of a workflow approval rule where approvers, reviewers, process managers, and email notifications are defined.
• System Settings—From the Designer application, these are TeamConnect system settings that apply to all users, including Rule Execution, Default Object Views, Authentication Plug-In (default and custom plug-ins), and Clear Cache Properties. These rights also allow access to manage system appenders and audit appenders.

Access Rights to TeamConnect Designer

If you assign any of the following rights to a group (from a group record's System Rights page), its members will be able to access the Designer area of TeamConnect by clicking a Setup link from the upper right corner of TeamConnect:

• Any rights resulting from the Setup Rights view.
• Any rights resulting from the Administer Custom Tools view.
• Any rights resulting from the Global Navigation view.
• Any rights resulting from the Home Pages view.
• Any rights resulting from the Lookup Tables view.
• Any rights resulting from the Custom Lookup Tables view.
• Any rights resulting from the Multi-Currency view.
• Any rights resulting from the Miscellaneous Settings view.
• Any rights resulting from the Object Definitions view.
• Any rights resulting from the Portal Panes view.
• Any rights resulting from the Routes view.
• Any rights resulting from the Global Navigation view.
• Any rights resulting from the System Settings view (under the Setup rights list).

A second browser window will open with the Designer area of the application. The initial browser for the User area of the application will remain open.

Rights related to Solution Developers are described in the appendix, Rights for Solution Developers.

Tips

• If a user is a member of multiple groups, the rights that the user inherits are cumulative. The user inherits all rights assigned to all groups.
• Categories only apply to rights for record types that end-users work with, but not to rights for administrators. For example, when assigning rights to work with user records, you do not need to assign rights to associated categories.
• There are additional rights dependencies that may result in users not able to view expected data. Such data may display as "SECURED". See each record type's rights in the appendix, Rights for End-users, for more information.
  • For example, if you do not give the user or group at least the Read right to Contact, the user or group is unable to add or see appointment attendees, vendors in invoices, contacts associated with tasks and expenses, task and project assignees, and so on, even if the group or user has all the appropriate rights to Appointment, Task, Invoice, and project records.
  • Similarly, if you do not give at least the Read right to a custom object, the user or group is unable to see or select the records of this custom object as parents in other custom object records, as posting criteria in accounts, or see custom fields of type Custom Object with this object, and so on.
• Pre-population rules do not check the current user's rights when they trigger the creation or update of object records. For example, a user without rights to create an account could create a project and automatically trigger a pre-population rule that creates an associated account. You should test and review your templates and pre-population rules to make sure that they comply with your organization's security policies.

Rights for System Record Types

This section describes commonalities among rights to view and work with system record types (records that are provided standard with TeamConnect).

From a group's System Rights page, if you select a record type from the View drop-down list, the page will be updated with a list of rights for that record type.

Each record type's rights can be broken down into two groups:

• Basic rights—Include the minimal rights required to view or work with a group of records. These rights include:
  • View records—Allows searching, viewing, and printing records.
    Allows access to the list page for a record type, advanced search page for a record type. Allows access to General and Workflow pages for contact records.
    For example, if you assign the View Contact Records right to a group, group members can view the Contact List page, Advanced Contact Search page. In addition, group members can open contact records and view the records' General and Workflow pages. For example, see Example for Assigning Rights to View Contacts.
  • Edit records—Allows editing, searching, viewing, and printing records.
    Allows access to the list page for a record type, advanced search page for a record type. Allows access to General and Workflow pages for expense records. For example, see Example for Assigning Rights to Edit Contacts.
  • Create records—Allows creating and printing records.
    Allows access to the list page for a record type, advanced search page for a record type. Allows access to General and Workflow pages for expense records. For example, see Example for Assigning Rights to Create Contacts.
  • Delete records—Allows deleting, searching, viewing, and printing records.
    Allows access to the list page for a record type, advanced search page for a record type. Allows access to General and Workflow pages for expense records. For example, see Example for Assigning Rights to Delete Contacts.
    For Edit, Create, and Delete record rights, a group must also have View record rights. The corresponding ability to search, view, and print records results.
• Additional rights—Allow access to view or work with additional pages that belong to the record type, for example, the Security page. These rights typically vary per record type. In addition, these rights require that the View records and/or Edit records rights for the record type have also been assigned.
  For example, if the Expense Post right is assigned to a group, group members can post expenses. This right applies to certain record types but not all.
  
  Note: There may be exceptions for each record type's rights to General pages or other page. Refer to the appendix, Rights for End-users, for details.

Records Linked From Other Records

Certain records, such as Documents and Histories, appear as pages that belong globally to other records. For example, if a group has rights to work with Documents, then from any system object record (Contact, Expense, Account, Appointment, etc.), a group member will see a page link for Documents associated with that record.

Certain records appear as pages that belong to specific other records. For example, the following list displays records that appear as page links for other records:

• Document—If rights are assigned for Document records, a Documents page link will be available from all system object records.
• History—If rights are assigned for History records, a History page link will be available from all system object records.
• Account—If rights are assigned for Account records, an Accounts page link will be available from Project (custom object) records.
• Expense—If rights are assigned for Expense records, an Expenses page link will be available from Project (custom object) records.
• Task—If rights are assigned for Task records, a Tasks page link will be available from Project (custom object) records.
• Attendee—If rights are assigned for User, Groups, or Contact records, an Attendees page link will be available from Appointment records.
• Appointment—If rights are assigned for Appointment records, an Appointments page link will be available from Project (custom object) records.

Tips and Warnings

• Administrator rights, such as rights to view or work with User Accounts, are assigned at the record type level but do not have associated categories and custom fields.

• Assigning rights to the Documents record type affects user access to the Documents sub-page of all records. Also note that assigning the Create Document records right (to upload documents to a record) requires assigning the View Document records right. For additional information on operations that are available with the Create Document records right, see Document Rights.
• If rights are assigned for a group, including Create and Edit record rights, it is likely that Create, Edit, and Delete rights to sub-pages and sections that are part of that record type will also be assigned.
• Certain records, such as invoices, tasks, and expenses, require additional operations such as:
  • Post
  • Void
  • Assign Task
• You can also set rights for individual records.

Rights for Categories and Custom Fields

Generally rights are assigned to a category as a prerequisite to assigning rights to its associated custom fields, sections, and forms. Access to categories and custom fields also require access to the related record type. Users looking to set or configure Group Rights should view the following pages for further detail: Hierarchy Overview of Group Rights, Assigning Group Category and Custom Field Rights, Example for Assigning Rights to Contact Categories and Fields.

Types of Category Rights

By default, each record type has two categories, the base category and a Default category. Typically, a TeamConnect Certified Professional will add additional categories for your company. These custom categories will have corresponding rights.

Each category for a record type has the corresponding rights:

• View Category
  • For the base category, allows viewing the Categories page or section of the record.
  • For the Default category or custom categories, allows viewing the selected category from the Categories page or section.
• Add Category—Allows adding the category for the record.
  • For tasks, expenses: allows selecting a default category. This requires both add and remove rights.
• Remove Category—Allows Removing the category for the record.
  • For tasks, expenses—allows changing a default category. This requires both add and remove rights.
• View All Custom Fields
  • Allows user complete view rights for all subfields on the category. If this is not checked, users will not be able to add Edit All Custom Fields, as View rights are a precursor to editing.
• Edit All Custom Fields
  • Allows user complete edit rights for all subfields on the category.

Individual Fields

For example, for contacts, the corresponding base category rights are View Contact category, Add Contact category, and Remove Contact category.

If a custom category, Contractor, were added for contacts, the corresponding category rights would be: View Contractor category, Add Contractor category, and Remove Contractor category. See Example for Assigning All Rights to Contacts Pages and Fields and Example for Assigning Rights to Contact Categories and Fields for examples on assigning rights to categories and custom fields.

Tips

• For accounts, contacts, invoices, projects, appointments, documents, involved's, and histories— the base View Category right allows viewing the selected category from the Categories page or section.
• For tasks, expenses—the base View Category right allows viewing the selected category from the Category drop-down list on the General page.
• The list of categories in the Categories drop-down list in the Categories block displays only those categories to which the user has the Create rights.

Types of Custom Field Rights

Each custom field that is associated with a record type's category has the corresponding right:

• View Custom Field—Allows viewing the custom field, form, or section.
• Edit Custom Field—Allows entering, changing, deleting field values in the custom field, form, or section.

For example, for expenses, the corresponding base category's custom field rights are View Contact custom fields and Edit Contact custom fields.

If a custom category, Contractor, was added for contacts, and a custom field, Private Investigator, was added, then the corresponding custom field rights could be: View Contractor custom fields and Edit Contractor custom fields.

Differences in Category Functionality

There are several groups of objects that have different functionality on their record screens in the user interface. These groups of objects are:

• Account, Contact, Invoice, Project (custom object)—Record screens of these objects have a Categories system block where the user, depending on his or her rights, can work with the appropriate categories.
  In the Categories drop-down list of the Categories block, the user can see all categories for which he or she has Create rights; these are the categories that the user can add. Below the data entry fields, the user can see all the existing categories that are added to each record. Depending on his or her rights, the user might be able to delete these categories.
• Task and Expense—Record screens of these objects do not have a separate Categories block. Instead, they have a Default Category field in the General block where the user, depending on his or her rights, can work with the appropriate categories.
  By selecting a category in this field, the user does the following:

1. Adds this category to the record.
2. Deletes the previously selected category.

• Appointment, Document, History, and Involved—The record screens of these four objects do have a separate Categories block like most system objects. Yet they also have the Default Category field in the General block, which results in the following functionality:
  • Depending on their rights, users can add the appropriate category and set it as the default by selecting it in the Default Category field.
  • However, by selecting a new default category, the user does not delete the previous default category from the record. It can be deleted only by using the Categories block.

Tips

• Rights for adding categories allow users to select or activate a category for the specified record type. Generally the active categories act like filters to provide or restrict access to related custom fields. Categories are created by solution developers with the exception of the primary and default categories, which are provided for every record type.
• Rights for removing categories allow users the ability to deactivate a category for the specified record type. Afterward, the result for the user is that any related custom fields for that category will be hidden from the Details page or Details section. Categories can only be deleted from the system by solution developers.
• Solution Developer Rights to work with Categories and Custom Fields only apply to rights for records (except users and group).

Rights for Custom Record Types

Individual records of custom objects are collectively called Projects in the standard TeamConnect documentation. Depending on the number of custom objects defined for your organization, there are several sets of these rights, each group listed under the object's name in the View drop-down list on the Rights and Category Rights pages in user and group accounts, for example Claim, Policy, and Matter. Every time a new custom object, and embedded custom object, is created, a new set of rights are automatically added to the list.

Each set of rights for custom object records includes the following object-level and category-level rights:

• To the custom object itself—Refer to Project/Matter Rights.
• To the custom object's Involved object—Refer to Project/Matter Involved Rights.

Rights for TeamConnect Features or Areas

TeamConnect areas include Admin Settings and System Settings. Rights to areas generally include view rights to the related pages and edit rights to change values from related pages. The table below provides a summary of rights to TeamConnect areas that can be assigned and the resulting user features.

Rights to Team Connect Areas

For example, if the View Admin Settings records right is assigned to a group, group members can view the Admin Settings pages and configured values. In addition, group members can view the Logging pages for system logs and audit logs.

For example, if the Edit Admin Settings records right is assigned, group members can edit the Admin Settings pages. In addition, group members can edit system logger levels, clear system and audit logs.