Control Who Sees What

Restrict access to objects and fields with user profiles, and share records using role hierarchy and flexible sharing rules

Access Control In Mapsly

Mapsly provides a flexible, layered data sharing design found in many modern CRMs that allows you to expose different data sets to different sets of users, so users can do their job without seeing data they don’t need to see. Use:

  • User profiles to specify the objects and fields users can view or modify;
  • User role hierarchy and Record sharing rules to specify the individual records that users can view or modify.

Access control settings are not automatically inherited from your CRM, and must be adjusted in Mapsly separately to meet your access control requirements.

Object-Level Security (User Profiles)

A User profile defines:

  • which objects are visible for a user;
  • for every visible objects:
    • whether a user can only view or also modify records that the user owns (available access options: View, Modify),
    • whether a user can view records that s/he doesn’t own and can modify them (available options: Hide, View or Modify);
    • whether a user can access all fields of the object based on the access level to a record, or if some fields must be hidden or stay read-only (available options: Inherit [from record], View-only or Hide).

A user is granted owner-level access for a record only if the user’s External User ID matches the record’s Owner. In other words, all of the following conditions must be true:

  • The record’s object has an Owner field.
  • The value of the Owner field is not null or empty.
  • The logged in Mapsly user is either linked to a CRM user via Single Sign-On or has their External User ID field filled in manually by an Administrator.
  • The User’s External User ID matches the records Owner.

If any of the these conditions are false, the user is granted non-owner level access, unless additional permissions are granted by their place in the Role hierarchy or sharing rules.

Record Sharing

Record sharing grants users of a certain Profile view-only or owner-level access to records that they don’t own provided that their Profile enables access to the object. A user’s field-level access to shared records is determined by the user’s Profile:

  • for owner-level sharing offered by the Role hierarchy and Sharing rules with Modify-level: the user can see or modify fields as defined in his/her owner-level access to this object of the user’s Profile;
  • for view-only sharing offered by Sharing rules with View-only level: the user can see see all views marked as View or Modify in his/her the owner-level access to this object in the user’s Profile.

In other words, a user’s field-level access is always defined by his/her Profile’s owner-level access to the object, with the only exception when records are sharing by a Sharing rule with View-only level, in which case all non-hidden fields become read-only.

Since Record sharing is based on record ownership, it works only for objects with an Owner field.

User role hierarchy

Once you’ve specified object-level and field-level access, the first way you can give wider access to records is with a role hierarchy. Similar to an organization chart, a role hierarchy represents a level of data access that a user or group of users needs. Role hierarchies don’t have to match your organization chart exactly. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs.

The role hierarchy ensures that users higher in the hierarchy always have owner-level access (as defined for the object by their Profile) to the records owned by people lower in their hierarchy.

It is not possible to use Role hierarchy to share records in the View-only mode with people higher in the hierarchy – for this particular purpose use Profiles.

Currently, Mapsly does not offer automatic record sharing based on a record’s territory and the user’s place in the territory management hierarchy. If you need to automatically share records based on their territories and your CRM territory management processes, you will need to incorporate it into Mapsly role hierarchy and sharing rules.

Record sharing rules

Sharing rules let you make automatic exceptions to global sharing settings for particular user profiles based on a record’s field values, to give users access to records they don’t own or can’t normally see in accordance with the non-owner access level defined in their Profile. Sharing rules, like role hierarchies, are only used to give additional users access to records – they can’t be stricter than your profile settings or global sharing settings.

Sharing rules can be used to grant owner-level access to users of a Profile, or view-only access. You can define one sharing rule for each of these access levels.

A sharing rule is defined by a formula using Mapsly formula builder, and can contain one or multiple logical conditions, including nested ones, linked by AND/OR operators. Each condition is a comparison of a record’s field value with a constant operand.