Policies and guidelines for managing CRM User permissions and access controls
Where supported standard roles will be created for each new Portal:
- Sales | Standard
- Sales | Admin
- Service | Standard
- Service | Admin
- Marketing | Standard
- Marketing | Admin
- Super Admin
Note actual roles may differ per client, but should reflect the above roles.
All new users should be added to relevant roles on creation.
Super Admin Access
Super Admin Access for Production Portals is STRICTLY limited to users with an absolute necessity.
Super Admin Access will be removed on Portal launch from any team members who do not require this functionality.
Super Admin Access should be limited for clients, and a security discussion must be held with any client who requires Super Admin access to ensure that they understand the risk of this role and adopt security best practice.
Internal H&D team members with Super Admin access will have to undergo security training and pass a test administered by H&D ICT.
Super Admin WILL NOT be granted to a user without at least 2 Factor Authenticator enabled and where possible Single Sign-on enforced.
Restricted Access Requirements
Restricted Access Credentials are credentials that only users who EXPRESSLY NEED them should have access to at any point.
These credentials are business-critical and, if a security breach should occur, could potentially damage, delete or muddy data, download potentially dangerous apps, compromise the clients brand, put the client at risk of legislative penalties or bring down an account entirely.
To mitigate the risk of a breach anyone with Restricted Access Credentials is REQUIRED to have 2 Factor Authenticator enabled and if possible Single Sign-on Enforced.
Restricted Access Credentials include:
- Super Admin
- Bulk delete
- Edit property settings
- Marketing Write and Publish Access
- App Marketplace Access
- Accounts Access
Changing Client Permissions
Client User Credentials are set as part of a Client Onboarding and are designed to minimise risk to the platform. Client User Credentials should not change unless ALL of the following occur:
- Verbal request has been confirmed with at least one of the client owner/s of the portal
- Project Manager or Success Manager agrees to the change in credentials.
- The User is fully aware of how to safely use the new functionality and any potential risks.