Security Management - Sharing Rules

Sharing Rules

Use Sharing Rules to allow access to the users on specific modules.

Sharing Rules are used to configure data sharing rules across users in a role hierarchy. In BzCRM, the default access for CRM records is set to public, which enables everyone to see all the records in CRM.

Basic Rules

  1. Admin has full access to all records (Read ONLY fields can only be modified by the system).
  2. Record owners and superiors have full access as long as THEIR profile permits.
  3. Profiles RESTRICT privileges granted by Sharing Rules, at a user level.

Using Sharing Rules

  1. Public Mode - Grant Access privileges for Public using Public Sharing. Use Custom sharing rules to allow Write access to users belonging to groups or having roles.
  2. Private Mode - Use Private sharing to block public access. Use Custom sharing rules to extend Read access to users belonging to groups or having roles.

Sharing Rule Type

Sharing Rules enables you to configure following permissions across users in BzCRM.

S1. No. Properties Description
1 Private Users can only access records assigned to them and records that are assigned to users with roles in their lower hierarchy.
2 Public Read only Everyone can access everyone else’s records but cannot modify and delete the records.
3 Public Read, Create/Edit Everyone can access everyone else’s records and can also edit and modify but cannot delete the records.
4 Public: Read, Create/Edit, Delete Everyone can view, modify and delete everyone else’s records.

Configuring Organization-Wide Sharing Rules

Follow few simple steps to configure sharing rules

  1. Hover on icon and click Settings
  2. Click Sharing Rules under User Management
  3. Click radio buttons to configure new set of sharing rules
  4. Click Apply New Sharing Rules to update changes
Note! Please make sure you click on “Apply New Sharing Rules” button after making modifications. If not, your changes will not be reflected.

Setting Up Custom Sharing Rules

Custom sharing rules are used to allow subordinates to perform operations on superiors’ records. In other words, you, as a user of higher hierarchy, can grant access to your subordinates to access your records, though the module is made private. This can also be achieved by setting up Sharing Rules to Public, but the intention here is to only grant access to selected group, role, role and subordinates that are below you in the Role hierarchy.

For instance, Sales Manager is above Sales Rep in a Role Hierarchy. As sharing rules are set to private, Sales Manager can view Sales Person’s records but not the other way around. Sales Manager wants to give access to his records to his Sales Person. Now setting sharing rules to Public will let everyone view Sales Manager’s records. Setting up custom sharing rules gives Sales Manager the flexibility to exclusively grant access to Sales Person role.

Follow few simple steps to define custom sharing rules

  1. In Sharing Rules view, click drop-down under ‘Advanced Sharing Rules’ tab

  1. Click Add Custom Rule button

  1. In the pop-up window, define custom sharing rules and click Save.

Field Description
Leads of Select a value to specify whose records should be accessed (Superior)
Can be accessed by Select a value to specify who will be accessing the records of superior (Sub ordinate)
With permissions Select privileges that users have on records

Similarly, you can configure custom sharing rules to share data with a role, roles and subordinates, and group.

  1. You have to define custom sharing rules for every module, individually.
  2. Profiles control Read and Write action along with an option to Import/Export records.
  1. When showing touchpoints, and calculating Engagement score, sharing rules are ignored for the sake of completeness and accuracy. Metadata of all activities such as Time & duration (in case of call/meeting), and Subject (in case of email) are shown in Touchpoints. Details such as Email Content, or Call recording, or Event Notes are not accessible unless the user has permission.
  2. Sales insights and Support Insights sections in Vtiger do not respect “Field level restrictions” in the Profile. Though the fields such as Amount, Sales Stages, etc., are restricted in Profiles, the users who are given access permission to Sales and Support Insights can view these fields.