home

MinistryPlatform

RealmRealm AccountingMinistryPlatformeGivingPDSACSConnectShepherdGrowth MethodHeadMasterRefresh WebsitesTrust CenterGo MethodMissionInsite
RealmRealm AccountingMinistryPlatformeGivingPDSACSConnectShepherdGrowth MethodHeadMasterRefresh WebsitesTrust CenterGo MethodMissionInsite

What would you like to know more about?

Show Contents

thumbnailMinistryPlatform

Security Roles

Security Concepts

Roles-Based Security

Users inherit their security rights based on their Security Roles. You can apply a Security Role to a User, and Users belong to Security Roles. One User can have an infinite number of Security Roles, and one Security Role can have an infinite number of Users.

Layered Security

Because Users can have multiple Security Roles, think of each role as a layer. The User's access to information in the system is based on the sum of all of the roles assigned to their record.

Additive Security

You must grant access to certain information. SPoCs can hide items from Users so they have no way to know the item exists until you apply a Security Role that can access that information to the User's record. For example, most Users don't know there is a Background Checks Page until they receive a Security Role that can view that Page.

You must add the following entities to a User before they can interact with them:

  • Pages
  • Sub-pages
  • Reports
  • Tools
  • Explicitly Secured Actions

Gain Highest Level of Access

When a User has multiple roles impacting any of the above entities, they gain the most access afforded to them by any Security Role. For example, if a User has a Security Role where they can only view or read records on the Contacts page, but they also have a Security Role where they can edit records on the Contacts page, they can edit records on the Contacts page. The User receives all permissions of both roles.

Each Role can access specific Tools and Reports, if needed. Roles can also grant access to specific Tools and Reports. You don't need to grant rights to any new Page to use a role to give access to specific Tools or Reports.

Restrictive Security

Once a User has access to information, you may need to restrict some of that information. By default, when you grant rights to a Page, you give all Users with that role the right to all views, fields, and records on that Page. Restrictive security allows a supervisor to fine-tune what the Users with that role see on the Page. You must restrict the following entities to remove them from view:

  • Specific records on a Page, such as a celebrity's Contact record on the Contact page.
  • Specific Page Views on a Page, such as Major Donors on the Donors page.

When you have a role that restricts an entity in the database, that role is always restricted from that entity regardless of their other roles.

MinistryPlatform
portal

Last updated: July 12, 2024