In an earlier blog post, we discussed how to set up custom security roles so users can send ClickDimensions emails. While that article covered the actual privileges needed to send emails, CRM also allows for these privileges to be assigned at certain access levels that determine the specific records of that entity where users can perform the privileges.
CRM’s security model includes five different access levels that can be used when assigned privileges.
None Selected – The user cannot perform the privilege at any level.
User – The user can perform the privilege on any records they own.
Business Unit – The user can perform the privilege on their own records and any records owned by anyone in the same business unit as the user.
Parent: Child Business Units – The user can perform the privilege on their own records, any records owned by anyone in the same business unit as the user or records owned by anyone in a business unit under theirs in the business unit hierarchy.
Organization – The user can perform the privilege on any records in that CRM environment regardless of who owns them.
Using access levels can help organizations limit who users can send emails to or limit which email templates can be used to send emails.
For example, in the security role screenshot below, users have organization level access for the read privilege of the email send entity. This means they can read all email send records no matter who owns them.
Users also have the Append and Append To privilege at the business unit access level. Remember that the Append privilege lets records of that entity be appended to another record while the Append To privilege lets records of that entity have records appended to it.
The Append privilege at this level means that users with this security role setting can append an email send record to other records in CRM (such as email templates and campaigns) as long as the email send record was created by them or another user in their business unit.
The Append To privilege at this level means that users can append any related records to the email send that are owned by them or someone in their business unit, such as marketing lists, accounts, leads and contacts.
This set up may be useful for organizations that only want users sending emails to marketing lists that belong to their own business unit.
However, it is also important that the proper access level be applied to the marketing list entity as well. It is necessary to also have the Append privilege at the business unit access level so that only marketing lists owned by someone in the user’s business unit can be appended to an email send record.
This set up can also be expanded if an organization would like to limit their users to only sending email templates that are owned by someone in their business unit and associating email sends to campaigns that are owned by someone in their business unit.
Once they have the Append privilege at the business unit level for the email send entity, they will need to set the Append To privilege at the business unit level for both the email template and campaign entities.
Access levels can further customize the privileges that users can have on specific records in CRM, and applying them to ClickDimensions entities can ensure emails are processed and sent according to an organization’s guidelines.