x Want to participate? Join the group to interact
  • State Not Answered
  • Replies 9 replies
  • Subscribers 74 subscribers
  • Views 550 views
  • Users 0 members are here
Browse Forums
Announcements
106
topics
32
replies
General Discussion
6k
topics
18k
replies
CRMWingman

Territories and data hiding

Posted By

On Sage 200 you can set up mutiple integrations between CRM and different 200 companies. A customer has a live 200 database and a test 200 database. I have CRM configured at the moment to connect to the test system while I install and configure it. The default territory is set to Test Data which is a child territory of Worldwide. There is another child territory of Worldwide called Live Data which will be the integration to the live company. Both integrations have been set up and connected and the data comes across perfectly and syncs back and forth to the correct 200 system. No problems so far.


Now, the admin user is Worldwide territory. My testing user is Test Data and the other users in CRM are Live Data. If I make one of the live users an admin, they can suddenly see all the Test Data territory data as well as their own. Under Security Policies, everything is set to no. Under Security Profiles, there are 2 defined. The standard out of the box unrestricted one and the only users that have access to that are admin, my test user and the one customer user defined as admin. The other profile is a copy but with delete rights removed. All other users are in that profile.

Why then, if the customer admin user is set as an admin, can they see records that are not in their territory? The admin guide states that the territory acts as a silent filter. Basically if the records aren't in your territory, you shouldn't be able to see them. It doesn't say that you won't be able to see them, unless you're an admin user. It just says they will not be visible to the user.

This is 7.3SP1.2.

  • 0

    Lee

    What version of the integration are you using between Sage 200 and CRM? Are you using the new Connector?

    I suspect that we may need to clarify the documentation. Admin users are basically the unrestricted Olympian Gods that walk amongst us. If you want limited Demi-Gods, then you need to set up a Info Manager with additional Admin rights.

  • 0

    No, this isn't the new connector.

    And I have to admit the documentation on territories/security profiles and the black art of territory profiles is very difficult to follow because it doesn't explain itself very well.

    I thought the idea of territories is to hide data from users? All I am trying to do here is really get rid of the test data and hiding it in a different territory is about the only option. The reasons being:

    CRM has no mass delete

    If I do the work on a test system I can release a component and I can, with some jiggery pokery, get the workflows copied across but this customer has a large amount of work in a lot of interactive dashboards and I didn't relish the idea have doing all that development, and then having to redo it in the target end system because dashboards don't get put into the CRM component.

    As the 200 system has been in use since September, and CRM is a relatively new project, there was no reason I couldn't work on it, on what would become the end 200 CRM server.

  • 0

    System administrators work in a completely different manner. For example, logged in as a none system admin not in the top level territory, and running a trace on a find, you see something like:

    select count(*) as fcount from vSearchListCompany WITH (NOLOCK) WHERE (comp_secterr is null OR (Comp_PrimaryUserId=7) OR (comp_ChannelId=2) OR (comp_ChannelId=3) OR (comp_ChannelId=4) OR (comp_ChannelId=1) OR (comp_CreatedBy=7) OR (comp_secterr>=-1616831346 AND comp_secterr=-1616831346 AND comp_secterr=621857998 AND comp_secterr=621857998 AND pers_secterr=-1616831346 AND pers_secterr

    Then for an admin user in the same territory:

    select count(*) as fcount from vSearchListCompany WITH (NOLOCK)


    Not 100% sure why this is how it works, but I guess one question to ask is, why do they need to be a system admin, and not an info admin with the correct rights?

  • 0

    Well ultimately it is their system and in the 10 years I've been delivering CRM systems to people I've never yet come across one that is happy to have a "less than admin" user rather than at least one admin user.

  • 0

    Just telling you how it works.

    >>I've been delivering CRM systems to people I've never yet come across one that is happy to have a "less than admin" user rather than at least one admin user.

    I was asking if you have to set up the user you are having the issue with as an admin, I am not saying nuke the admin user...

  • 0

    No, I didn't mean that. I meant that I set the user up and they have asked for their sponsor their side to be an administrator on CRM. What I try and do is to have the admin account left alone so we can at least login and support them. However, with the advent of concurrent users this isn't so much a big deal now as it isn't really taking a licence up.

    If I can find another way of removing the data that would be great.

  • 0

    When I do mine I integrate CRM with just the test company, let the users play around and I can still do tweaks and changes.

    Then when it comes to live, I run a script that truncates key tables - but leaves all the workflows, users, templates etc. and then configure CRM to then integrate with the live company.

    I have always known System Admin users to completely ignore the security settings in Territory area. So strongly advise customers to limit the number of users who they allow to be System Admin.

  • 0

    Yeah. I have done that in the past, but I must admit, I like to try and keep things supported and there isn't a supported method of getting rid of large quantities of data unfortunately. I find the lack of mass delete a real limitation.

    In the past I have just traced a delete, then written a SQL cursor to cycle through the company ID's to delete all related records.

  • 0

    I agree there is a real pain of no mass delete (commonly asked about this when clearing down old Leads).

*Community Hub is the new name for Sage City