Security Settings
Organization Admin can set some data security related rules, such as setting contacts visible to members, watermarks, encryption rules and password-free verification, and so on.
I. Set Contacts Visible to Members
Organization Admin can set which contacts are visible to members.
Set Rules
It is possible to set the following two kinds of rules:
Restricted from viewing contacts in other departments
Selected members can only view contacts in their department (including members and department structure). Organization Admin can also set whitelists and add members from other departments.
Restricted from viewing all contacts
Selected members cannot view all contacts in the organization, including members and department structure. Organization Admin can add some members to whom the contacts are visible.
Use Case
Example 1:Restricted from viewing contacts in other departments
Ross (in the R&D Dept.) and members of the Sales Dept. can't view contacts in other departments, but they can view members of the Personnel Dept. and Lan, the accountant in the Finance Dept.
Create a rule
Select Ross and Sales Dept. in [Only the contacts of this department can be viewed].
Add Personnel Dept. and Yao in [Additional visible members].
(It should be noted that the Finance Department that Lan belongs to is hidden, so Lan is only viewable in [All Contacts].)
Whitelist
If you choose to restrict a department or o-role, and select somne members to be whitelisted, then the whitelisted members are not restricted by the rules.
For example, if Super Admin belongs to the Sales Department, then Super Admin should be whitelisted, otherwise Super Admin will also be restricted from viewing.
Example 2: Restricted from viewing all contacts
If your agents joined the organization, they become colleagues and can chat and view contacts, which is generally not allowed. You can set a rule to restrict these agents from viewing pthers' contacts.
Create a rule
Select agents by o-role in [Restrict viewing of everyone]. If there are some agents that are not to be restricted, you can set a whitelist.
Add members visible to the agents in [Additional visible members], except these members, other contacts are not visible to the agents.
If hide some contacts
In [Contacts], if you view members by all or by department, the quarantined contacts will not be visible.
In posts or discussions, if you want to select and mention a member, the quarantined contacts will not be visible.
When adding members, the quarantined contacts and departments will not be visible.
Priority of Rules
1. For single member and the department they belong to
Rules for single members are prioritized over rules for their departments.
For example, if in Rule 1, Ross can view the Personnel Department, while in Rule 2, the Personnel Department is not visible to Ross's department.
In such case, Ross can view the Personnel Department.
2. For superior and subordinate departments
Setting 1: only the superior department is selected, not the subordinate department
As in the above rule, only the R&D Department is checked , then the R&D Department has the same permissions as the sub-departments, which means that the sub-departments can view the same contacts as the R&D departments. Members of Group 1, Group 2, and R&D Department are only able to view the contacts of these three departments.
Setting 2: Both superior and subordinate departments are selected
As above, both R&D Department and Group 1 are checked, then Group 1 follows its own rules.
Members visible to R&D: [R&D Department, Group 1, Group 2]
Members visible to Group 1: [Group 1]
Members visible to Group 2: [R&D, Group 1, Group 2]
3. If a member belongs to more than one department
If one of the departments to which the member belongs is not restricted, the member is not restricted.
For example, if Ross belongs to both Sales and Marketing Departments, and the Sales Department is restricted but the Marketing Department is not, Ross can still view all contacts.
If the departments to which the member belong are all restricted, the visible range is the union of rules.
Rule 1: The Sales Department can view the Personnel Department and Lily.
Rule 2: The Marketing Department can view R&D Department.
So the final visible range for Ross is [Personnel Department, R&D Department, Lily].
II. Set Watermark
In order to protect enterprise information, you can enable watermarks on the organization management page, in views and worksheets.
1. Enable/Disable
Super Admin clicks the profile photo and goes to [Org Admin] > [Organization] > [Security] to enable or disable the watermark.
2. Watermark Display
The watermark is the current user's name and the last four digits of mobile phone number, or the name and email prefix if no phone number is bound.
3. Where watermarks to be shown
The watermark is not showed on all pages, but on the following pages:
All pages of background management of the organization
Pages that display user data in the application
Homepage
The page of adding records
The page of editing records
View (page of record lists)
Custom page
User management page (including external portal management page)
Workflow lists
There is not a watermark on the pages for configuring forms and workflows in the application.
Show watermark when previewing and downloading files
III. Set Encryption Rule
Some of the business data are relatively private and may need to be encrypted, such as customer account, ID number, phone number, mailbox, password, etc.
This feature is only available in the Ultimate Edition.
Before encrypting the fields, configure the encryption rules first.
New Encryption Rule
Entrance to Create Rule:
New Rule:
Encryption rules include encryption methods and keys. The same encryption method can be added multiple times.
There are 3 encryption methods: AES128, AES192, AES256.
Rules Management
A default encryption rule is automatically created for each organization (encryption method is AES, and the key is randomly generated). Super Admin in the organization can create more encryption rules (set encryption method and key).
- Encryption rules created by the system cannot be modified or deleted.
- Default encryption rules can be set.
- Encryption rules can be turned on or off.
For a single encryption rule, you can modify the name, or view the fields that this rule acts on.
IV. Password-free Verification
In the approval and custom buttons, you can set password-free verification, after verifying the password, you can operate verification-free within one hour.
If turned on, users can check [Free verification within one hour] for custom buttons and approval configurations in the organization where login password verification is required.
If turned off, for custom buttons and approval configurations in the organization where login password verification is required, users are required to verify their passwords each time.
Have questions about this article? Send us feedback