Access to customer-level data

You can provide access to customer records by defining authorization levels and data restrictions in the Security Groups application. You can define the levels of access to security groups with different customer-level information.

The customer-level objects that can be restricted according to customer, and their restriction conditions, are defined in the Customer Objects application. The level of customer authorization determines the level of access to these objects. Customer-level data provides information that directly refers to a customer or is indirectly associated with a customer. Customer-level data restrictions work within the larger set of application restrictions and with other object, attribute, and collection restrictions to form the overall security profile of a security group and its users. A person record can list other customers to which the person has access, in addition to the person's employer. If the person is an employee of the service provider and can access all of the customers of the provider, that user's person record would list all of the customers.

Some customer-level data is unrestricted because it is not associated with a customer. For example, assets that belong to the service provider, instead of its customers, do not have customer associations. Any users can see these assets if they belong to a security group that allows access to unrestricted data.