How does collaboration category based permissions work?

In Mira users with system administration privilege assign access to different modules of the system for other users (“module based permissions“). This means that you can limit access to e.g. fundraising information by only giving access to the fundraising module to relevant users. Access to fundraising information both on an aggregated level and for persons and organisations is only available for users who have access to the fundraising module.

 

Limit access to sensitive information through our Collaboration category based permissions-module.

But limiting functionality is sometimes not enough and you would like to limit access to sensitive information. With the add-on module collaboration category based permissions you can now limit the visibility of all activities to a limited set of users. It works like this:

  • In Mira, persons, organizations, queries, activities, events and other items can be classified by one or more collaboration categories. With this add on module, you can limit access to activities (contact notes and tasks) based on collaboration categories
  • When creating an activity you can specify that this activity should only be shown for users with access to at least one of the collaboration categories set for the activity.
  • Users with system administration privilege can assign access to collaboration categories.
  • For users that do have access to an activity with restricted visibility, the activity is shown with special markup to show / inform that this activity is not visible for all users.

Note that…

  • By default, activities does not have the checkbox Show only for users with access to at least one of these collaboration categories set, and are therefore visible for all internal users.
  • Activities (Contact notes) created by email CC/BCC are not by default classified with any collaboration category and therefore do not have limited access / visibility.
  • The GDPR regulates that, in most cases, a registered person (“data subject”) is entitled to know what information is stored about him/her. In most cases, it is not recommended to document information that you are not comfortable to share with that person. This applies both to information in a CRM-system and information stored outside the CRM-system. Also, freedom of information laws (Sv. “offentlighetsprincipen”, no/fi) applies to most information documented by public authorities.

FAQs

Can I restrict access to other types of information also, such as events and queries?

Currently this add on module allows you to restrict the visibility of activities (contact notes and tasks), but not restrict access to other categories of information. We are planning to extend this functionality to events and event registrations and queries / query membership if there is a demand for this. Let us know if this would be useful for you!

FAQ: Can I limit access to persons and organizations in the same way?

We do not plan to make it possible to limit access to persons and organizations. The foundation of a CRM-system is to share information and fully hiding persons and organizations defeats that purpose.

In most cases it is not sensitive that a person exists the system, but it is certain information about that person that is sensitive. Also, completely hiding a person or organization creates the risk of another user without access to that person/organization creates a duplicate which creates another set of problems.

By controlling access to modules, you can limit access to much information. With the fundraising module it is also possible to store extra fundraising contact information that is only visible for users with access to the fundraising module. And with the add on module Restricted visibility by collaboration category you can also hide sensitive activities for a person or organization.

Was this article helpful?

Related Articles