Setting Up Record Partitioning
To set up partitions:
- From any Admin screen, select App Settings > Privileges. The Privilege Scheme Search screen opens.
- Do one of the following:
— To set up partitions for an existing privilege scheme, click the scheme to open the Privilege Scheme record, and then click Edit.
— To set up partitions for a new privilege scheme, click Add New.
The Editing or Adding New Privilege Scheme screen opens. - In the Scheme Definition tab, in the Name field, enter a name for the scheme.
- In the Default Privileges area, click Manage Partitions. The Manage Partitions window opens.
- Do any of the following:
— To add a partition, click Add New. A new row appears. Enter the name of the partition, and then click the Save icon to save the partition.
— To edit the name of a partition, click the Edit icon, and then enter a new name. Click the Save icon to save your changes.
— To delete a partition, click the Delete icon. The partition is deleted. - Click Close to close the Manage Partitions window.
- In the Default Partition Privileges area, grant or deny default privileges for the partitions. See the section "Granting privileges for partitions" below.
- Select the Agency Privileges, Group Privileges, or User Privileges tab.
- Click the Add icon, and then select the specific agency, group, or user.
- To edit partition privileges for the entity, click Edit Partitions. The Partitions window opens.
- Grant or revoke partition privileges for the entity. See the section "Granting Privileges for Partitions" below.
- Repeat steps 2-5 for each tab.
- If needed, finish creating or editing the privilege scheme. See the article "Adding a Privilege Scheme."
- Click Save and Close to save the privilege scheme and return to the Privilege Scheme record.
- To activate and use the privilege scheme, click Activate Now. The privileges and partitions are activated and affect all users. See the article "Adding a Privilege Scheme."
Granting privileges for partitions
Privileges for partitions work similarly to privileges for modules. Privileges can be granted to specific agencies, groups, and users, in addition to the default privileges for all users.Users who are marked as administrators in their User Profile records always have full access to all partitions. Because of this, administrators also have access to the Change History drawer, which shows all changes made to records.
If your agency chooses not to use partitions, then all users have access to the Change History drawer as well, because it is understood that no one is prohibited from seeing any records. If your agency chooses to use partitions, then, by default, only admins can see the Change History drawer. However, if Access and View privileges are granted to all partitions for a non-admin user, then that user can view the Change History drawer on records.
It is recommended to set the Default level to revoke all privileges to all partitions, and then use the Agency and Group levels to grant most privileges. For exceptional scenarios, use the User level to grant privileges to specific users.
When all privileges to a partition are revoked, a user cannot see any record in the partition on the Search screen results, and cannot search for records in the partition. If records in the partition are referenced by other records (which are not in the partition, and are therefore visible), then the reference displays only the record key. For example, NAM-123.
For each partition, the following privileges can be granted:
It is recommended to set the Default level to revoke all privileges to all partitions, and then use the Agency and Group levels to grant most privileges. For exceptional scenarios, use the User level to grant privileges to specific users.
When all privileges to a partition are revoked, a user cannot see any record in the partition on the Search screen results, and cannot search for records in the partition. If records in the partition are referenced by other records (which are not in the partition, and are therefore visible), then the reference displays only the record key. For example, NAM-123.
For each partition, the following privileges can be granted:
- Access: Allows the user to see the records in the partition, including the details of the record on the Search screen, and on records that reference the partitioned record. For example, if a Name record is partitioned, but a Vehicle record is not, and the Vehicle record references the Name record as the owner, then with Access privileges to the partition, users are able to see who owns the vehicle, but they are not able to open the Name record.
- View: Allows the user to access the View screen for records in the partition, as well as the specific relationships of involvements to the records, rather than just the record key. Nothing in the partition is hidden from users with View privileges.
- Assign: Allows the user to assign and unassign records to the partition.
- Edit: Allows the user to edit records in the partition.
- Delete: Allows the user to delete records in the partition.
- Export: Allows the user to export records in the partition.
- Email: Allows the user to email records in the partition. Not all record types can be emailed.
- Click the symbol in the column for the privilege. A list of options appears.
- To grant a privilege, click the Grant button for the privilege. To revoke a privilege, click the Revoke button. The symbol is changed to reflect the privilege status.
- Click the Gear icon for the partition. A list of options appears.
- To grant all privileges, click Grant All. To revoke all privileges, click Revoke All. The symbols are changed to reflect the privilege status.