With FreeAgent CRM Access Control List (ACLs) you have the option to limit the access your team members have in your Apps, based on their Roles, in two different levels:
- Field - Limits write or read access to a specific field.
- Record - Limits create, delete, update, or read access to the records.
You can use conditions to further specify when a role should have limited access to those operations.
Edition Qualifier: This feature is available in all FreeAgent Editions.
User Permissions: Only Administrators can use this feature.
In this tutorial, we will cover the following topics:
Navigate to Access Control List
Open the menu and go to 'Admin Settings' to display the available options, then click App Setup to display even more options. Then select your desired app and click on 'Access Control List'. You can also use the search function to get there faster, just start typing 'Access Control List'.
Create a New Access Control List (ACL)
To get started, click the 'Add New Access Control List' button. Here is a detail of the information needed to create an ACL.
| Field | Description |
| App | Select the App for which you want to create the ACL. |
| Type |
Field - The Access level will apply at the field level (selected field*). Record - The Access Level restriction will apply at the record level. |
| Field* | Select the field from those on the list. |
| Operation - Field type |
'Write' means that the selected roles can edit the values for that field. 'Read' means that the selected roles will be able to see the values but can't edit them. |
| Operation - Record Type |
When the conditions are met (if any), the selected roles will be able to perform one of the following operations:
|
| Access Role | Select the roles that should be able to perform the operation. |
Next, if needed, you can create Conditions. These are especially useful when you expect the ACL to work only when certain circumstances occur.
Conditions
It is also possible to create conditions for the Access Control List. These rules are inclusive, meaning that all the rules you specify need to occur for the ACL to work. Just click 'Add Conditions' to create your own set of rules.
The operators will vary according to the type of field selected. Here is the list of those available:
| Operator | Description | Availability (field type) |
| Is, Is Not |
The selected value is included (IS) or excluded (IS NOT) from the filter results.
|
|
| <=, >= |
Less Than or Equal To; Greater Than or Equal To, will return records that fall above or below the selected value. |
|
| Between |
This will return all the records that fall between a given range of numbers or a range of dates. |
|
| Period |
Returns the records for a specified period, such as Last Week or This Month. |
|
| Relative |
From X to X days, months, or years. |
|
| After / Before |
All the records that fall before or after the specified date. |
|
Special Considerations
There are some things to keep in mind when creating ACLs.
- Only the selected roles will be able to perform the selected operation. If the role is not part of the list, they won't be able to perform it..
- Conditions shouldn't be added when the ACL Type is Record and the operation is 'Create'. Since the record doesn't exist yet, there is no information available to match the fields used in the conditions.
- Once you create an ACL of type Record for any operation, it is required that you create ACLs for the other operations. If you only add one for 'Create', the other operations are not going to be available for any team member.
Examples
Enable two owners for a single record when the Access Level of the Users is Individual.
With Individual access type, team members only have access to the records they own, but what happens if a single record is managed by 2 team members?
To make this happen, you will need to:
- Create a Reference field for Team Members for the secondary owner.
- Disable 'Enforce Individual Access' in the App configuration.
- Create 2 ACLs as described below.
The first ACL we are going to create is for the current owner, to make sure that all the required roles can update the records they own. For this, we will use the Owner field (out-of-the-box). This is what the ACL should include:
| Field | Value |
|
App |
Select your App. |
| Type | Record |
| Record Operation | Update |
| Role | Select all your Roles. |
For the Condition, we want to specify that only the team member in the owner field can have access to Update, so we add the following rule:
| Field | Operator | Value |
| Owner | Is | Current User |
Now, we need to create another ACL that will enable the 'secondary user' to have access to update the record as long as they are the secondary owners.
Now, let's create the ACL.
| Field | Value |
|
App |
Select your App. |
| Type | Record |
| Record Operation | Update |
| Role | Select all your Roles. |
For the Condition, we want to specify that only the team members with the specified Role that are assigned as owners on the secondary owner field have access to Update, so we add the following rule:
| Field | Operator | Value |
| Secondary Owner | Is | Current User |
With these two ACLs in place, only the team members that are either the owner or the secondary owner will have access to update the records from the select roles.
If a role is listed in the ACL, the team members assigned to it will be able to update the records.
If team members are neither the owner nor the secondary owner, they will be able to see the Record, but the 'Edit' button is simply not going to be available for them.
If these are the only ACLs you have in your App, don't forget to create ACLs for the other 3 operations (create, read, and delete) or else no one on your team is going to be able to perform them.
Limit the Record Creation Access to a Single Role
If within your company there is a group or single team member in charge of the record creation and you want to make sure that no one else can create records, whether it is to avoid duplicates, or to make sure they are assigned to the right person, or for whatever reason, you can limit the access to the creation of records through ACLs.
Here are the details needed for the ACL:
| Field | Value |
|
App |
Select your App. |
| Type | Record |
| Record Operation | Create |
| Role | Select the Role that should have access to create Records. |
If this is the only ACL you have in your App, don't forget to create ACLs for the other 3 operations (read, update, and delete) or else no one on your team is going to be able to perform them.
Handling Access of Sensitive Record Information
Establishing an ACL is a great way to limit access of certain sensitive information within a record while still allowing other team members to work with that record. This will function at the Field level, so each Field that contains sensitive information will require its own ACL.
Create an ACL, choose the Field you wish to restrict access to. As a reminder, 'Read' and 'Write' are the two Field Operations available for the 'Field' type. In the 'Access Roles' dropdown you will be able to select which Roles can see and edit this specific Field.
The dropdown will populate with the standard FreeAgent Roles, however you can edit and create Roles. Click here to learn more: Roles