What is it?
Generally, content visibility and view permissions are handled via the Entity-Specific Permissions. However, ITONICS provides two more granular features to restrict visibility: You can restrict the visibility of all content (the Visibility Tab) or the visibility of content parts on a content card (e.g., all the information of a specific project or trend or parts of information on such projects or trends).
Please note: Both features need to be activated by ITONICS and are entity-specific, i.e. they must be activated for each individual entity. Please contact your Customer Success Manager for further assistance.
Note: If only individual elements of an entity are to be accessible to speific users or user groups that do not have general authorization to view the entity, providing and requesting content-specific permissions is the correct approach.
How does it work?
The Visibility Tab
Sometimes it is necessary to restrict the visibility of complete content cards for a particular user or user group who has global view authorization for the entity. By the Visibility tab, the visibility of one particular content card, e.g., a specific trend or idea campaign, can differ from other content cards, although they are of the same entity type.
The Visibility tab is displayed next to the General Information tab when you create or edit an element.
You can choose from two different options to grant visibility access.
- Choose to Invite all users if you want to give all users access to the element with the respective system permissions. This is checked by default.
- Note: If a user has no permission to see the entity type, they will not see this element. If you check the box Send notification to the invited users, a warning message will appear to prevent you from mistakenly sending out notifications to a large number of users when creating a campaign element.
- Select Other if you want to restrict the visibility of this element. Now only the Application Owner and those added via the search field Search Users/Groups/Roles/Contexts can see the item. You can add single users and user groups, roles, and contexts (often: Business Units).
When using this feature in combination with the Parent-Child feature, you will be able to inherit the visibility restriction from this parent element to all children that are added from this parent element.
To use this feature the Visibility tab has to be activated on the child entity as well by your Customer Success Manager.
Please note:
- Any information on the Visibility tab cannot be exported or added via the Import Feature. However, if you want to import elements that are initially only visible to the application owners, you need to import them as a Draft. The upload of ratings for elements with the Draft status is not possible directly but must be performed separately via the Rating Import function later.
- If the Visibility tab has been activated after elements already exist, each element must be edited to ensure that the correct visibility is configured and triggered by the system and to make the elements visible to the required users (roles, groups, contexts).
The Confidential tab
In contrast to the Visibility tab, the Confidential tab can be used to place specific attributes of an entity in a specific tab and restrict the visibility to this tab. This way, confidential information such as KPIs or financial data will be only seen by the allowed user roles.
To create a Confidential tab, you will first need to add a new tab within the Create/Edit and View Configuration.
To add a new Confidential Tab, go to the Settings Wheel > Entity Configuration > Entity Configuration [1]. Then click on the Edit (Pencil icon) next to the Entity you want to edit [2].
Select the View Configuration (if specific content should be viewed only by defined users/roles/groups, [3]) and click the Add Tab button [4]. Within the view configuration, you can define which users/roles/groups are allowed to view the information within this tab.
Select the Form Configuration (if the confidential tab should be part of the create or edit mask) and click the Add Tab button [4]. Within the form configuration, you can define which users/roles/groups are allowed to create/edit the information within this tab.
Please note that you need to create three tabs if you want to define specific visibility rules for the create, edit, and view configuration. These are three different forms whereas for each a specific design and access rights can be defined (e.g., confidential information in the create form can be made accessible to the role power user and confidential information in the view form can be made accessible to the role viewer).
To add content to the confidential tab, either move attributes from the right list of unused attributes into the view zone of the new tab by drag and drop [5] or move an already placed attribute from an existing tab (e.g., details) into the right zone of not displayed attributes, switch to the by you newly created confidential tab, and use drag and drop to place it under the confidential tab.
The attributes are the fields that have been created in the field configuration.
If you now want to restrict access to a tab, find the "Access To" search field when you click the pen icon of the respective tab. Name the user/user roles/groups to whom you want to give access to this tab. If no user is selected, all users who have the respective Create/Edit/View permission can view this tab.
Please note: The Confidential tab information can be exported or used for import only by the users authorized for this tab.
Note that you can also set confidentiality for the static Relation tab for either the create or edit form if you intend to, i.e., display the relation tab on the initial create action for first-time users to reduce complexity. Be aware that if the Relation tab is restricted for the create form for specific users, roles, groups, or contexts, then the respective users will not be able to “Create elements with relations” from the Explorer. Vice versa, if restricted for the edit form, the “Find relations” option will be disabled in the detail page for the respective users.