System and object level security
The NexJ application provides security models that enable you to control user access to data records across the system. In NexJ Admin Console, you can also apply view and edit security to certain objects, such as custom fields, to allow or restrict user access to an object.
Data access management models
The NexJ application provides security models that enable you to restrict user access to data records.
- Hierarchical Access Model
- Coverage Access Model
- Group Security Model
Hierarchical Access Model
The Hierarchical Access Model is a security model that restricts user access to data records by organizational hierarchy. A user's position in the hierarchy determines which data they can access. The Hierarchical Access Model applies to contacts, companies, households, and to their related opportunities and activities. Your development team can enable the Hierarchical Access Model during deployment.
A household is an entity that represents a group of contacts who belong to the same family.
Configure the Hierarchical Access Model to restrict access to contacts, companies, and households in the hierarchy for your users.
The following diagram shows an example of a hierarchy that is supported by the Hierarchical Access Model. Users that are assigned to the highest levels of the hierarchy will have the most access to data records.
The Hierarchical Access Model provides users with access to:
- Contacts, companies, and households in their hierarchy
- Opportunities associated with the contacts, companies, and households that they have access to through the hierarchy
- Activities associated with the contacts, companies, and households that they have access to through the hierarchy and activities that they have been assigned in the Assign To field
The following table shows examples of the data access provided by the Hierarchical Access Model for a sales representative, branch manager, and executive user.
Data access examples of using the Hierarchical Access Model
User examples: | The user can access: |
---|---|
Sales representative who works with 10 contacts on a daily basis |
|
Branch manager who leads a team of sales representatives and advisors at a branch |
|
Executive who is responsible for the overall performance of an entire division |
|
Enabling the Hierarchical Access Model disables the Security tab for contacts, companies, households, and their related opportunities and activities in NexJ CRM. For other application subject areas, the Security tab will continue to be available.
Configuring the Hierarchical Access Model
You can configure the Hierarchical Access Model in NexJ Admin Console. Your development team must have enabled the model before deploying the NexJ application.
To configure the Hierarchical Access Model in NexJ Admin Console:
- In NexJ Admin Console, navigate to the Organization Security page to define your organizational hierarchy. The following hierarchy levels are supported:
- SubFirm level for users that can include executives
- Division level for users that can include executives
- Branch level for users that can include branch managers
- Rep Code level for users that can include financial advisors, sales representatives, and relationship managers
In the Rep Code field, enter the alphanumeric code for restricting access to contacts, companies, and households.
A rep code is assigned to a contact, company, or household to make it accessible only to the user and to other users higher in the hierarchy. Rep codes make it easier to share data access if required. For example, an advisor may be temporarily assigned another advisor's rep code so they can manage their colleague's contacts while they are on vacation. Contacts do not inherit rep codes from companies or households. Users will need to assign rep codes individually to contacts when adding new contacts. Contacts, companies, or households that do not contain rep codes can be accessed by all users.
Navigate to the User page and select the Data Entitlements tab for each user to assign users to the sub-firm, division, branch, or rep code level of the hierarchy. The position of users within the hierarchy determines user access to contacts, companies, and households. Click the Select button for Rep Codes, Branches, Divisions, and SubFirms to open the respective dialogs and make your selections.
You may assign multiple Rep Codes, Branches, Divisions, and SubFirms to a user.
Your organizational hierarchy is defined and users are assigned to the hierarchy.
Users can assign their rep codes to a new contact in NexJ Customer Relationship Management to restrict access to the contact. Users can filter their list of contacts by rep code on the Contacts workspace.
Coverage Access Model
The Coverage Access Model is a security model that restricts data access by coverage group. Users receive view and edit access to contacts, companies, households, and their corresponding opportunities and activities by being part of a coverage team. The Coverage Access Model is always enabled.
A coverage team is a collection of all the individual users and coverage groups who receive view and edit access to entities and collaborate on their corresponding opportunities, activities, and events.
The Coverage Access Model provides users with access to:
- Contacts, companies, and households for which they are members of a coverage team
- Opportunities and activities associated with the contacts, companies, and households that they have access to through a coverage team
Group Security Model
The Group Security Model is a security model that enables users to apply public, group, and private view and edit security settings to contacts, events, leads and opportunities, call records, and activities. Subject areas include contacts, events, leads and opportunities, call records, and activities. The Group Security Model is provided with NexJ CRM.
Users can define the following view and edit security settings for subject areas:
Public
All users that can log in to NexJ CRM have access to the data record.
Group
Only selected user groups have access to the data record.
Private
The data record is available only to the current user who changed the security setting to private and to the following users:
- Record owners and coverage team members of a contact or opportunity
- Users specified in the Assign To field in an activity
If you enable the Hierarchical Access Model then you disable the Security tab for contacts, companies, households and their related opportunities and activities, which are secured using the Hierarchical Access Model. For other application subject areas, the Security tab will continue to be available.
Security levels for objects
Across the NexJ Admin Console, there are several places where you can modify the security levels for objects, such as a campaign or custom field type.
A campaign is a coordinated set of predefined activities for achieving a marketing-related goal, such as a fundraising campaign.
You can configure these objects so that only a specific user or user group can view and edit them, or you can allow everyone access. You can define the following view and edit security levels in NexJ Admin Console:
Public
All users can view or edit the object.
Group
Only users who are members of the user group that you specify can view or edit the object.
Private
Only you can view or edit the object.
Related links