Security considerations
Roles and sharing
A security role is a set of permissions that you can assign to your users on Cloud. Each role enables your staff to do one or more of the following things:
-
view content
-
update existing content
-
create new content
-
delete content
-
share content with other users
Your users can access information based on the roles that have been assigned to them. You can apply these roles very broadly, creating a security architecture that requires very little maintenance. Alternatively, you can assign these roles more selectively, providing you better control over who can access each file or activity on Cloud.
Assigning a system-wide role
This is the broadest way to grant access to content on Cloud. On a user's profile, you can grant security roles for all relevant content across the entire organization.
For example, Abco Smith has the Settings Admin role and the Viewer role applied as system-wide roles.
The Settings Admin role enables Abco to ready and modify the Settings page. The Viewer role lets him to see the details for all entities in his organization, and he can also view all files and activities for those entities.
Sharing entities
If you do not want a user to view all content in an organization, you can instead grant access to information on a client or departmental basis. When you share an entity, you grant a security role for the entity itself and for all files or activities under that entity.
For example, Jenkins Smith has been assigned the Editor role on the client entity Diamond Jewelers.
When Jenkins accesses Cloud, he will be able to see the client entity for Diamond Jewelers. With the Editor role, he can edit the details for this entity, and he can also create and edit files and activities under this entity.
Sharing files and activities
If you know that users should not have access to all content under an entity, you can instead grant access to each file or activity individually. This enables you to have very specific control over the information that your users can access.
For example, Carl John is working on the audit for Superior Furniture. His manager will assign him some files for this client, but she does not want John to have access to all client files.
First, she assigns Carl the Entity Access role on Superior Furniture. This enables Carl to see the entity, but it doesn't grant access to any files or activities under the entity.
Next, she shares the VarianceAnalysis.xlsx file and she assigns the Owner role to Carl.
Carl now has access to this file on Cloud. With the Owner role, he can view, edit, or even delete the file, and he can share this file with other Cloud users.
Limited content
Normally, when you create new activities or add files to Cloud, users with a system-wide role for this type of content will be able to access these new items by default. Users who have roles on the entity for the new activities or files will also be able to access them.
You can choose to further restrict access to any files, activities, or entities by making them Limited. Limited content is only visible to the owner and staff members with the Admin role. The owner can share the content by granting roles to other staff members as normal, but it will not be visible to any other users.
Limited content has a small lock icon in the name field.