How to set security by constituency
  1. Click Admin, Security
  2. Click New Group. 
  3. While Security by Constituency is highlighted, click Options.
  4. Mark the Allow access to only selected constituent codes checkbox to limit access to only constituents with codes you select. Click Select Constituent Codes... to specify the desired codes. Specify View or Edit rights.
  5. Mark the Restrict access from selected constituent codes checkbox to prevent user access to constituents with certain codes. Click Select Constituent Codes... to specify the desired codes. Specify Cannot View or Cannot Edit.
  6. Click OK to save your changes and return to the New Group screen.
 

How does security by constituency work?


If the user is a member of only one security group:
 
  • The Allow access to only selected constituent codes is marked:
  • The user can edit or view only those records with a constituency code that is selected.
  • If the constituent has no constituent codes, the user cannot view him. The constituent does not appear in the search.
  • If the constituent has multiple constituency codes and at least one of the constituent codes is selected in the Allow access to only selected constituent codes, the user can view or edit the constituent.
  • If the constituent with the code has a relationship to another constituent without the code, and you search on the constituent without the code, the relationship is pulled into the search. However, you cannot access the relationship record nor the constituent record. The relationship record does not appear on the Relationships tab.
 
  • The Restrict access from selected constituent codes is marked:
    • The user can edit or view only those records without the constituency code that is selected. If the user searches for a constituent with the constituency code, the constituent does not appear in the search.
    • If the constituent has multiple constituency codes and at least one of the constituent codes is selected in the Restrict access from selected constituent codes, the user cannot view or edit the constituent.
    • If the constituent has no constituency codes, the user can view or edit the record.
    • If the constituent with the code has a relationship to another constituent without the code, you cannot see the relationship on the Relationships tab, and you are not able to access the relationship's constituent record.
 
  • Both options are marked:
    • The user cannot access constituents with no constituent codes.
    • The user cannot access constituents with the constituent code selected in Allow access to only selected constituent codes if the constituent also has a constituent code that is selected in the Restrict access from selected constituent codes and Cannot View is selected. (If Cannot Edit is selected but Cannot View is not, the user can access but not change the constituent record.)
 


If the user is a member of multiple security groups:

 
  • If the Allow access to only selected constituent codes is marked, the least restrictive rights prevail. For example, Can View and Can Edit is marked for only the Volunteer constituent code in security group A. Security group B does not have Security by Constituent marked. If a user is in both groups, the user will have rights to view and edit constituents with any constituent code.


    In another example, Can View and Can Edit is marked for only the Volunteer constituent code in security group A. Can View and Can Edit is marked for only the Board Member constituent code in security group B. If a user is in both groups, the user will have rights to view and edit constituents with a constituent code of Volunteer or Board Member.

     

  • If the Restrict access from selected constituent codes is marked, the most restrictive rights prevail. For example, Cannot View and Cannot Edit is marked for only the Volunteer constituent code in security group A. Security group B does not have Security by Constituent marked. If a user is in both groups, the user will have rights to view and edit constituents with any constituent code except Volunteer.


    In another example, Cannot View and Cannot Edit is marked for only the Volunteer constituent code in security group A. Cannot View and Cannot Edit is marked for only the Board Member constituent code in security group B. If a user is in both groups, the user will have rights to view and edit constituents with any constituent code other than Volunteer or Board Member.


    Note: If a constituent has multiple constituent codes, if any of them is either Volunteer (both examples or Board Member (second example only), the user will not have rights to view or edit that constituent. another constituent without the code, you cannot see the relationship on the Relationships tab, and you are not able to access the relationship's constituent record.