Section 3: Configure Data Permissions

Data Permissions control which specific records users can see, often based on dimensions like Department or Location, or relationships like "only see your own documents". They work in conjunction with User Groups (specifically 'Visibility' type groups).

Use Case Example: Allow users in the "Sales Team Visibility" group to only see Customer records and Sales Invoices related to the "Sales Department".

Steps:

1. Navigate to Data Permissions:
   • Click the company menu (top right) > Settings.
   • Click Data permissions in the left sidebar.
2. Create or Edit a Data Permission:
   • To Create: Click Create. Give it a descriptive Name (e.g., "Sales Dept Visibility").
   • To Edit: Find an existing permission and click the edit icon (pencil).
3. Assign to User Group(s):
   • In the User groups field, select the 'Visibility' type User Group(s) this rule should apply to (e.g., "Sales Team Visibility").
4. Define Resource Access Rules:
   • Click Add permission.
   • Give access to: Select the resource type you want to control visibility for (e.g., Transaction, Customer).
   • Select option: Choose the access level:
     • All: See all records of this type (use carefully).
     • Own: See only records assigned directly to the user.
     • Related: Base visibility on another related resource (most common for granular control).
5. Configure "Related" Access (Example):
   • If you chose Related, click If has access to.
   • Select the controlling resource (e.g., Department).
   • Click Select option for the controlling resource. Choose how the user must relate to it:
     • All: If the user can see any Department record (less common for filtering).
     • Own: If the user is assigned to the Department record (requires assignment setup).
     • Related: (Can be nested) If the user has access based on another relationship.
     • Specific Values (Most Common): Click Select option and choose Values. Then select the specific Department(s) (e.g., "Sales Department") that users in the assigned group should see transactions/customers for.
6. Add More Rules: Add more permission rules within this Data Permission definition to control access to other resources (e.g., add another rule for Purchase Order visibility based on the same Department).
7. Save: Click Save (when creating) or Update (when editing).
8. Test: Log in as a user assigned to the relevant User Group and verify they can only see the intended records based on the Data Permission rules.

What Happens Next?

Data Permissions provide fine-grained control over record visibility. Regularly review these alongside User Groups.

Next Section: Review Security Best Practices

---

Related How-To Guides:

• Data Permissions
• User Groups in Zudello (Visibility type groups)