When Adding a New User or Editing A User Profile, there are three key settings that govern a users access to areas in your database such as the Setup area and how they can view and edit account information.
These three settings are:
Authority - which you can set to either SysAdmin or User.
CRM Authority - which you can set to Manager, Super User, or User.
Access To Tables - which you can set to Security Officer, Update, View Only, or No Access.
Although the options for these settings are already described in the topics for Adding a New User and Editing A User Profile, this topic is provided to help simplify how to decide which basic settings you should use.
First off, there are two primary modules to the system:
Setup Area
CRM Area
The Setup Area is where nearly all the settings for your database are configured and edited, it is accessed by clicking on the Setup link at the top of the system screen. The CRM Area is the module that you first see when you log into the system, it displays your views and gives you access to account and contact information - the area where the vast majority of all the use of the system is performed.
You will need at least one user who will have Administrator level authority, the settings for an Admin level user would be:
Authority - set this to SysAdmin.
CRM Authority - set this to Manager.
Access To Tables - set this to Security Officer.
It's necessary for at least one user to have this level of authority or otherwise when the time comes that you want to make a change to a database setting, you won't have anyone with the authority level to make the change! So remember to keep someone setup with this level of authority. (When your database is first setup by the system and the default UserId is sent to the creator of the database account, the Admin UserId is already setup with the above authority levels.)
Decision #1: Do you need a user to have access to the Setup area? If you don't need to have a user create custom fields, write custom reports, change user settings, create email templates, or add or change options in drop down list fields, then there's two settings you should implement for these types of users:
Authority - set this option to User.
Access To Tables - set this option to No Access.
When the setting for Access To Tables is set to No Access, the Setup link - that normally appears in the top row of the system screen - will be removed. Users with No Access won't even see the Setup link on their screen.
Decision #2: What level of viewing and editing access do you want your users to have for account information? Account information would include notes, contacts, opportunities, and activities - essentially any information pertaining to an account.
If you want a user to be able to see all the account information AND be able to edit any of the information, then set the CRM Authority level setting to Manager.
If you want a user to be able to see all the account information, but NOT be able to edit any account information that is not specifically assigned to the user, then set the CRM Authority level setting to SuperUser.
If you want a user to ONLY see and edit account information that is specifically assigned to the user, then set the CRM Authority level setting to User.
These settings can be updated at anytime without affecting
the data in your database. We find most administrators keep close control
of the security levels of their users - mostly with strict settings to
start with, then if the need arises, they can upgrade a users authority
level later.
These same settings apply with the Territory
functionality. The
Territory settings simply limit the same type of access (or non-access)
described above to the records in designated territories.