Fields upon Fields of Security

26 Jul 2016

There are many reasons why you might not want every one of your users to have access to all of the information you want to hold in your OpenCRM system. With very little effort, you can control access and prevent users from seeing certain modules or even certain records, but sometimes you need to be even more granular.

Sometimes you need to control the information in an individual field.

With OpenCRM, you can do just that.

If there are fields that you only want to be accessible certain individuals, the first thing you will need to do is to make sure that all the users who SHOULD be able to see that field are assigned to a Profile separate from anyone who SHOULDN’T have access. For those of our readers who haven’t come across Profiles before, we have an FAQ that explains it all…in great detail.

Once you’ve got a list of all the Profiles for users who shouldn’t have access to a field, all you will need to do is untick that field from the “Field Accessibility” setting for their Profiles.

And that’s it, they will be able to see the record as normal, but just have no access to those fields you’ve unticked.

Another thing you might want to do for particularly sensitive information is to create a custom field using one of our two newest custom field types: Password and Encryption fields.

Both fields are fully encrypted in the database, meaning your “data at rest” is protected. A Password field will show up as a series of *s on the edit and consult screen, although can be “unmasked” with a simple click on consult. The encryption field will appear as a fully normal text field.

These two fields will be available for all OpenCRM systems of Version 3.9.5, which is due out in the next week or so.