Manage who can see and do what with enhanced user access controls

Are you happy with the level of control you have over your organisation’s data? Do you know who can access what data? Can you lock down the data which people can see, and what they can do with that data? With Affinity, now you can.

The importance of data security

The hype over GDPR may appear to have abated somewhat, but do not be deceived or lulled into a false sense of security (pun intended). GDPR’s underlying principles of data security are as important and relevant as ever. In fact, for any regulated industry such as Approved Housing Bodies within the Irish social housing sector, data security is more critical than ever, and it is only going in one direction.

Data security is a wide topic, from collecting data, how this is stored, who can access it and for what purpose, tracking and auditing data usage, and managing how this is then securely deleted over time.

However, from our perspective in the Affinity team we are primarily concerned with how the data is stored securely, and how we provide your organisation with the appropriate controls to restrict who can see this data, and what they can do with it.

User access controls – what does that mean?

The technical term for controlling which users can access what data is, unsurprisingly, “user access control”. We deal with scores of Approved Housing Bodies right across the Irish Republic, spanning all three tiers. From the smallest Tier 1 housing associations with a handful of part-time staff to the largest Tier 3 AHBs with scores of users across multiple departments, managers require some way to restrict access to data and features between staff with different roles.

A Tier 1 body with 2 or 3 staff may not be too concerned with who can see what, as they may share workloads and roles. However, a finance manager in a Tier 3 body, with a team of 10 people reporting to them daily, will naturally expect to be able to tailor user roles within the system to match the constraints and restrictions that staff have in the real-world working environment.

Don’t be alarmed, it’s not as complicated as it may sound. The system comes pre-configured with three easy-to-understand access roles out of the box, and if you’re already using Affinity then you can continue to use these with no extra effort. But, you will now have so much more control at your fingertips.

Think in terms of roles and users

In real life we usually think in terms of users within a team, and what their specific roles are within the organisation as a whole. A finance manager is a senior trusted role with full access across pretty much any accounting data, but may have no need to access work orders or tenant correspondence. A housing officer will have access to lots of day-to-day property and tenant data, but does not require access to financial reports.

Affinity employs this same familiar idea of users and roles, in pretty much the same way as it works already. Each user in the system is assigned a particular role, and it is that role which determines what they can (and cannot) see and do.

As your team grows, you can assign multiple users to the same role, confident that they can only access the same data and perform the same functions as each other. If the role evolves and you need to further restrict what they can do, or relax some constraints to open up their system access, you just make a change to the role and all associated users will have their access updated immediately.

You can now go even further and define your own custom roles, and tweak what these roles can see and do, to match your own organisational structure and requirements. Do you want someone to be able to add, edit and delete transactions, but have no access to work orders? Simple.

This is all underpinned by an enhanced, comprehensive network of “privileges” associated with these roles.

A role has a set of customisable privileges

Affinity has a detailed set of system privileges under the hood, which you now have fine-grained control over via the Admin Settings area. Only if you have the appropriate privileges of course!

These privileges span the full spectrum of data stored within the system (e.g. tenants, suppliers, work orders, banking, reporting) as well as what you can do with each of these data sets (e.g. read-only, add new records and edit existing ones, and delete entries).

The core privileges are:

• Read-only or view access
• Create (add new records)
• Update (modify existing records)
• Delete (remove data)

A simple-to-use grid layout allows you edit a role (or create a new one) and then tick boxes to enable or disable the different types of access to the various data areas, e.g. read-only access to work orders, no access to financial reporting, and the ability to add and edit suppliers, but not delete them.

Naturally, being able to assign roles and maintain the privileges associated with a role is a privilege in itself, and as you would expect you can restrict this type of management function to only the highest or most trusted roles. We have it all taken care of.

Rolling out the user access controls

We are currently in the process of rolling this major new functionality out to all of our clients during October and November. It is the culmination of several months of work during the summer, and we need to release it to accounts of various sizes in a controlled manner.

If you haven’t already seen this on your live Affinity account, rest assured it will be available within the next few weeks.

In the meantime, if you have any questions on how it works, or how to achieve your own specific user control requirements, please get in touch with us via your support desk. We’ll be more than happy to help you tighten up and improve your data access and security.

Photo by Jon Moore on Unsplash