Managing Access Control for Large Teams
EZOfficeInventory caters to companies of all sizes, from small firms with a few employees to Fortune 500s. As employees and departments expand, there is a need to enforce group-based access control to better manage asset visibility and utilization within the organization. There are two ways to achieve this:
- Separate EZOfficeInventory Accounts: Create separate accounts when each department and its employees are independent. For every account, you can have different policy settings and run independent reports. This works well when there is no sharing of items or employees across departments.
- Use Security Domains feature: This is a corporate feature that allows the management of departments and divisions from a single EZOfficeInventory account. Storing data in a single account enables aggregate reporting and consistent settings across all departments. If you’re interested in utilizing this feature, email us at firstname.lastname@example.org.
In order to enable this feature of ‘Advanced Access Control’, go to Settings → Company Settings → Policy → Access Control, and select ‘Advanced’. Now save your settings. You will see that there are three ways to restrict access to users: by groups, by locations and by both groups and locations.
Restricting access by group
This will allow members of certain user listings to only view items in groups they have access to. Let’s say you have three departments at your company; IT Support, Accounts, and Operations. Each department works independently however there is limited sharing of assets across the departments.
To start off, you need to create a User Listing under the More tab. A Default User Listing already exists and contains all item groups. Employees associated with the Default User Listing will be able to see all items.
Note: At present, there are no members in any user listing so no staff user or admin can see any items.
You now need to create a user listing to enable employees of different departments to access relevant items. Let’s start by creating a User Listing named IT Support for employees in this department. Click on ‘Add New User Listing’ and create the new Listing.
Next, add employees in this department using the Add Users button.
This is how the IT Support User Listing will now look:
In this example, Emily, Emma, Mike and Ted can only see assets and inventory items in the Accessories, Computers and Smart Phones groups. They do not have access to items in other groups.
Emily is the supervisor for the IT Support User Listing. This means she’s an administrator but only for the users and groups in her User Listing. Within the IT Support User Listing, she can run reports, add assets, print labels, and add or remove employees.
In the same way, you can add listings for your Accounts and Operations departments. As an administrator, you can edit a member to change their role and/or User Listing. With User Listings enabled, you can choose either of the following roles: Administrator, Supervisor and Staff User.
- A new User Listing needs to be created for each access control group.
- Users can belong to at most a single User Listing.
- Any number of asset groups can belong to a User Listing i.e. items can be shared across departments.
- Staff users have visibility to only those items that belong to one of the groups in their User Listing.
- Supervisors are like admins but only for their own User Listing. They do not have access to items and members outside their User Listing.
- Administrators are not associated with any User Listing and have full access to all items and users.
- Users not associated with a User Listing only see assets checked out to them.
- Default User Listing contains all groups.
Restricting Access by Location
You can restrict access by locations instead of groups when setting up User Listings. Make sure to have this setting checked from Settings → Company Settings → Policy → Advanced → Restrict access → By Locations.
You now need to create a new User Listing (if you haven’t already) or assign locations to the existing User Lists. Let’s say we want to assign locations to our existing User Listing, ‘IT Support’. Go to More → User Listings (‘Access Control’ needs to be enabled from Settings –> Company Settings –> Access Control for User Listings to show up in the dropdown) and select the ‘IT Support’ User Listing.
Once you’ve selected the User Listing, go to the Locations tab and click on Add or Remove Locations.
After adding your locations, this is what your IT Support User Listing should look like:
In the above example, all members in the user listing ‘IT Support’ can access items in the locations Brooklyn and New York.
Restricting access by groups and locations
In case you have multiple offices in different locations, you may want employees to only access relevant items at their location only. For example, you want people in the NY office to only have access to items grouped under ‘Cameras’ in New York.
To enable restrictions by groups and location, make sure to check the setting: Settings → Company Settings → Policy → Advanced → Restrict Access → Both Groups and Locations.
After enabling the settings, update the groups and locations set for your user lists by going to Members → User Listings.
In the above example, the 7 users in the User Listing ‘NY Folks’ can see everything in the 2 groups selected AND at the 4 locations selected. For example; the group ‘Cameras’ has some items at the NY office and some at CA. NY Folks will only see the cameras at NY as long as the group is under the Groups tab on their User Listing.
We have also enhanced the Add/Remove button to update users, groups or locations. You can now select multiple groups in one go by using Ctrl+Click keys on your keyboard. To select a range of groups, click on the first one and then Shift+Click on another to select all groups in between. The same is true for users and locations.
Using Arbitration within User Listings
Arbitration (access control) in User Listing enables administrators to approve of all items checked in/out by a user in the specified Listing.
When Arbitration is enabled in a User Listing, all items reserved by members of the Listing will need to be approved by the Admin.
If Arbitration is enabled outside a User Listing, all items reserved by Users that aren’t part of any Listing will have to be approved by the Admin.
Staff User settings based on User Listings
You can enable Staff Users to take certain actions based on the User Listing(s) they belong to. These actions include:
- Creating items
- Scheduling and starting maintenance on items
To configure Staff User settings specific to each User Listing, go to User Listings –> User Listing Name –> Settings. Check the options illustrated below and hit ‘Save Settings’.
Note that default Company Arbitration settings will apply to a User Listing if Arbitration settings specific to the User Listing have not been enabled.
Share your queries
Sign up today for a free 15-day trial or request a demo. For more assistance, drop us an email at email@example.com. You can also share your ideas on our Community Forum or visit our blog for detailed support posts.