Managing Access Control for Large Teams
EZOfficeInventory caters to companies of all sizes, from small firms with a few employees to Fortune 500s. As employees and departments expand, there is a need to enforce group-based access control to better manage asset visibility and utilization within the organization. There are two ways to achieve this:
- Separate EZOfficeInventory Accounts: Create separate accounts when each department and its employees are independent. For every account, you can have different policy settings and run independent reports. This works well when there is no sharing of items or employees across departments.
- Use Security Domains feature: This is a corporate feature that allows the management of departments and divisions from a single EZOfficeInventory account. Storing data in a single account enables aggregate reporting and consistent settings across all departments. If you’re interested in utilizing this feature, email us at firstname.lastname@example.org.
In order to enable this feature of ‘Advanced Access Control’, go to Settings → Company Settings → Policy → Access Control, and select ‘Advanced’. Now save your settings. You will see that there are three ways to restrict access to users: by groups, by locations and by both groups and locations.
Restricting access by group
This will allow members of certain user listings to only view items in groups they have access to. Let’s say you have three departments at your company; Library Support, Accounts, and Operations. Each department works independently, however, there is limited sharing of assets across the departments.
To start off, you need to create a User Listing under the More tab. A Default User Listing already exists and contains all item groups. Employees associated with the Default User Listing will be able to see all items.
Note: At present, there are no members in any user listing so no staff user or admin can see any items.
You now need to create a user listing to enable employees of different departments to access relevant items. Let’s start by creating a User Listing named Library Support for employees in this department. Click on ‘Add New User Listing’ and create the new Listing.
Once you’ve selected your groups for this listing, click on ‘Done’. This creates the User Listing.
Next, click on Users –> Add Or Remove Users to add employees to this listing.
This is how the Library Support User Listing will now look:
In this example, Raymond, Samwise and Terry can only see assets and inventory items in the Books, Office Equipment and EBooks groups. They do not have access to items in other groups.
Raymond is the supervisor for the Library Support User Listing. This means he’s an administrator but only for the users and groups in her User Listing. Within the Library Support User Listing, he can run reports, add assets, print labels, and add or remove employees.
In the same way, you can add listings for your Accounts and Operations departments. As an administrator, you can edit a member to change their role and/or User Listing. With User Listings enabled, you can choose either of the following roles: Administrator, Supervisor and Staff User.
- A new User Listing needs to be created for each access control group.
- Users can belong to at most a single User Listing.
- Any number of asset groups can belong to a User Listing i.e. items can be shared across departments.
- Staff users have visibility to only those items that belong to one of the groups in their User Listing.
- Supervisors are like admins but only for their own User Listing. They do not have access to items and members outside their User Listing.
- Administrators are not associated with any User Listing and have full access to all items and users.
- Users not associated with a User Listing only see assets checked out to them.
- Default User Listing contains all groups.
Restricting Access by Location
You can restrict access by locations instead of groups when setting up User Listings. Make sure to have this setting checked from Settings → Company Settings → Access Control. Here, select to restrict access ‘By Locations’.
Now, you can either create a new User Listing or assign locations to an existing one.
Let’s assign locations to ‘IT Support’. Go to More → User Listings (‘Access Control’ needs to be enabled from Settings –> Company Settings –> Access Control for User Listings to show up in the dropdown) and select the ‘IT Support’ User Listing.
Next, go to Locations –> Add Or Remove Locations.
After adding your locations, this is what your IT Support User Listing should look like:
In the above example, all members in the user listing ‘IT Support’ can access items in the locations Brooklyn and New York.
Restricting access by groups and locations
In case you have multiple offices in different locations, you may want employees to only access relevant items at their location only. For example, you want people in the NY office to only have access to items grouped under ‘Cameras’ in New York.
To enable restrictions by groups and location, make sure to check the setting: Settings → Company Settings → Policy → Advanced → Restrict Access → Both Groups and Locations.
After enabling the settings, update the groups and locations set for your User Listings by going to Members → User Listings.
In the above example, the 7 users in the User Listing ‘NY Folks’ can see everything in the 2 groups selected AND at the 4 locations selected. For example; the group ‘Cameras’ has some items at the NY office and some at CA. NY Folks will only see the cameras at NY as long as the group is under the Groups tab on their User Listing.
We have also enhanced the Add/Remove button to update users, groups or locations. You can now select multiple groups in one go by using Ctrl+Click keys on your keyboard. To select a range of groups, click on the first one and then Shift+Click on another to select all groups in between. The same is true for users and locations.
Using Arbitration within User Listings
Arbitration (access control) in User Listing enables administrators to approve of all items checked in/out by a user in the specified User Listing. Access these from the Gear Icon –> Company Settings –> Arbitration in a User Listing.
When Arbitration is enabled in a User Listing, all items reserved by members of the Listing will need to be approved by the Admin.
If Arbitration is enabled outside a User Listing, all items reserved by Users that aren’t part of any Listing will have to be approved by the Admin.
Staff User settings based on User Listings
You can enable Staff Users to take certain actions based on the User Listing(s) they belong to. These actions include:
- Creating items
- Scheduling and starting maintenance on items
To configure Staff User settings specific to each User Listing, go to User Listings –> User Listing Name –> Settings. Check the options illustrated below and hit ‘Save Settings’.
Note that default Company Arbitration settings will apply to a User Listing if Arbitration settings specific to the User Listing have not been enabled.