Managing Access Control for Large Teams
EZOfficeInventory caters to companies of all sizes, from small firms with a few employees to fortune 500s. As employees and departments increase, there is a need to enforce group based access control to better manage asset visibility and utilization within the organization. There can be two ways to achieve this:
- Have Separate Accounts: Create separate accounts when each department and its employees are independent. For every account, you can have different policy settings and run independent reports. This works well when there is no sharing of items or employees across departments.
- Use Security Domains feature: This is a corporate feature that allows management of departments and divisions from a single EZOffice account. Keeping a single account enables aggregate reporting and a single consistent setting across all departments. If you’re interested in utilizing this feature, email us at firstname.lastname@example.org
In order to enable this feature of ‘Advanced Access Control’ first go to Settings → Company Settings → Policy → Access Control, and select ‘Advanced’. Now save your settings. You will see that there are three ways to restrict access to users: by groups, by locations and by both groups and locations.
Restricting access by group
This will allow members of certain user listings to only view items in groups they have access to. Let’s say you have three departments at your company; IT Support, Accounts, and Operations. Each department works independently however there is limited sharing of assets across the departments.
To start off you need to create a User Listing under the Members tab. A Default User Listing already exists and contains all item groups. Employees associated to the Default User Listing can therefore see all items. Note: At present there are no members in any user listing, therefore no staff user or admin can see any items.
You now need to create a user listing to enable employees of different departments to access relevant items. Let’s start by creating a User Listing named IT Support for employees in this department. Click on ‘Add New User Listing’.
Once you have created the User Listing for IT Support, add employees in this department using the Add Users button.
After adding employees and groups, this is how the IT Support User Listing looks.
In this example Emily, Emma, Mike and Ted can only see assets and inventory items in Accessories, Computers and Smart Phones groups. They do not have access to items in other groups.
Emily is the supervisor for IT Support User Listing. This means she is an administrator but only for the users and groups in her User Listing. Within the IT Support User Listing; she can run reports, add assets, print labels, and add or remove employees.
In the same way you can add listings for your Accounts and Operations departments. As an administrator, you can edit a member to change their role and/or User Listing. With User Listings enable, you can choose either of the following roles: Administrator, Supervisor and Staff User.
- A new User Listing needs to be created for each access control group
- Users can belong to at most a single User Listing
- Any number of asset groups can belong to a User Listing i.e. items can be shared across departments
- Staff users have visibility to only those items that belong to one of the groups in their User Listing
- Supervisors are like admins but only for their own User Listing. They do not have access to items and members outside their User Listing
- Administrators are not associated to any User Listing and have full access to all items and users.
- Users not associated to any User Listing only see assets checked out to them
- Default User Listing contains all groups.
Restricting Access by Location
You can restrict access by locations instead of groups when setting up User Listings. Make sure to have this setting checked from Settings → Company Settings → Policy → Advanced → Restrict access → By Locations.
You now need to create a new User Listing if you haven’t already or assign locations to existing User Lists. Let’s say we want to assign locations to our existing User Listing ‘IT Support’. Go to Members → User Listings and select the user list ‘IT Support’.
Once you’ve selected the User Listing, go to the Locations tab and click on Add or Remove Locations.
After adding your locations this is what your IT Support User Listing should look like:
In the above example all members in the user listing ‘IT Support’ can access items in the locations Brooklyn and New York.
Restricting access by groups and locations
In case you have multiple offices in different locations, you may want the employees to only access relevant items at their location only. For example you want people in the NY office to only have access to items grouped as camera in New York.
To enable restrictions by groups and location make sure to check the setting: Settings → Company Settings → Policy → Advanced → Restrict Access → Both Groups and Locations.
After enabling the settings, update the groups and locations set for your user lists by going to Members → User Listings.
In the above example, the 7 users in the User Listing NY Folks can see everything that is in the 2 groups selected AND at the 4 locations selected. For example; a group Cameras has some items in NY and rest at CA. The ‘NY Folks’ will only see the Cameras at NY. Cameras group must be in the Groups tab on the ‘NY Folks’ User Listing.
The Add/Remove button to update users, groups or locations has been enhanced. You can now select multiple groups in one go by using Ctrl+Click keys on your keyboard. To select a range of groups, click on the first one and then Shift+Click on another to select all groups in between. Same is true for users and locations.
Using Arbitration within User Listings
Arbitration (access control) in User Listing enables the administrator to approve of all items checked in/out by a user in specified User Lists.
When Arbitration is enabled in a User Listing, then all items reserved by members of User Lists will need to be approved by the Admin.
If Arbitration is enabled outside a User Listing then all items reserved by users who are not part of any User Lists will have to be approved by the Admin.
Read more about Arbitration: http://blog.ezofficeinventory.com/flavors-of-arbitration-setting-up-access-control/
Share your queries
Sign up today for a free 15-day trial or request a demo. For more assistance, drop us an email at email@example.com. You can also share your ideas on our Community Forum or visit our blog for detailed support posts.