Record Security

To limit which information users can access, admins can choose which records their security group can work with based on selected criteria such as fund or constituent code in the database view.

Funds indicate how you intend to use money received through giving and can be used to limit which gift information users can access. For example, say you have a fund intended for gifts from major donors. Without fund security, anyone could view the gifts applied toward the fund and information about their donors. However, if you limit access to the fund, only those with rights to its information can view details about its gifts, such as in lists or records.

To limit a security group's access to specific gifts based on their funds:

  1. In the database view, select Admin, Security.

  2. From the tree-view, choose the security group, and select Open.

  3. Under Group Privileges, select Gift security by fund and Options.

  4. Choose which funds the group cannot view or edit.

  5. Select OK and Save and Close.

Constituent codes define a constituent's relationship with your organization and can be used to limit which records users can access. For example, say Brad Pitt is a boardmember and major donor at your organization. Without constituent code security, any volunteer could find his address, phone number, and personal details. However, if you limit access to the Board Member and Major Donor codes, only users who have rights to those codes can view Mr. Pitt's information, saving you — and him! — a lot of headache.

To limit a security group's access to specific constituents based on their constituent codes:

  1. In the database view, select Admin, Security.

  2. From the tree-view, choose the security group, and select Open.

  3. Under Group Privileges, select Security by constituency and Options.

  4. Choose which constituent codes to allow or restrict the group to access.

  5. Select OK and Save and Close.

Note: When a custom field or action includes a constituent a user doesn't have rights to, the constituent's name appears as Someone restricted.

When you secure constituents based on constituent code, you can allow or restrict the security group's access to them.

Allow permissions enable a user to view only records that contain an allowed constituent code. Members of multiple security groups are limited by all their groups' permissions. For example, if you are a member of a security group with allow permissions for the Volunteer constituent code, you can only view records with that code. If you're also a member of another security group with no allow permissions, you can still only view records with the Volunteer constituent code.

Note: Admins! In the database view, members of multiple groups aren't limited by every groups' permissions. If you're a member of a group with no allow permissions, you can access any record in the database view regardless of your other groups' allow settings.

Restrict permissions prevent a user from viewing records with restricted constituent codes. Members of multiple groups are limited by all of their groups' permissions. For example, if you are a member of a security group restricted from records with the Board member constituent code, you can only view records without that code. If you are also a member of another security group with no restrictions, you can still only view records without the Board member code.

Note: Restrict permissions override everything else. For example, if you're a member of a group that allows a constituent code and another that restricts it, you can't view records with that code.