Security Domains
Security Domains control which Users can access which Contacts. Every Contact must be in one, and only one, Security Domain.
By default Messenger provides two 'Security Domains' that can be used by your users; The 'Shared' Security Domain, that can be accessed by all users, and each user has a personal Security Domain where they can store contacts that only they can access.
What about Address Books?
If you have been a customer for a while you might be wondering what happened to Address Books, because Security Groups seem similar. We have more information on that subject for you here
We strongly recommend that you limit your use of Security Domains until you are completely comfortable with their behaviour, otherwise you may find yourself getting confused, especially if you start mixing Contacts from different Security Domains in Groups. Consider this example:
- User Bob has created a 'VIPs' Security Domain that only he can access. This is for high-profile people who should not be visibile to other users.
- User Bob creates a VIP Contact called Donald and puts him into the 'VIPs' Security Domain
- User Bob adds VIP Contact Donald to an existing Group called 'Tsunami Alerts' which is in the normal 'Shared' Security Domain
- When User Mary, who has no access to Bob's 'VIPs' Security Domain, views the membership of the 'Tsunami Alerts' group she will not see Donald.
- When User Mary tries to compose a message to 'Don' the autocompleter will not include Donald in the search results.
- When User Mary sends a message to the 'Tsunami Alerts' group it will not be sent to Donald.
- Only when User Bob sends a message to the 'Tsunami Alerts' group will it be sent to everybody, including Donald.
When defining a Security Domain you must also select the Contact Properties that are appropriate for Contacts in this Domain.
If you decide you don't want a Security Domain, you can use the 'Merge' function to move its Contacts into another Security Domain.
Granting Access
Access to the Contacts within a Security Domain can be granted to Users individually, or more conveniently for large organisations, a Group of Users.
Access permissions are as follows:
| Access | Meaning |
|---|---|
| Viewer | User can only view the Contacts |
| Editor | User can edit the Contacts |
| None | User has no access to the Contacts, even if they may be a member of a Group that does have access |
An Access that is suffixed with (Default) tells you that no explicit Permission has been defined for the User, and that this is the default Access for the User that has been automatically determined based on the Groups they are a member of, and their Role.
Company Admin and Group Admin Users have Editor access to most Security Domains.
Access can be Granted when editing a normal User, or from the 'Accesses' tab when editing a Security Domain. In this screen shot we can see that Johnny B. Good is already an Editor of the Security Domain, and that we are about to add Peter Jones as a Viewer, and Sally Wills as an Editor. We just need to click 'Add Access'.
A Complicated Example
Some customers wish to tightly control who can access certain Contacts. Here's one approach that provides this flexibility in a manageable manner.
- Decide how you want to categorise your Users. Perhaps in a Movie Magazine business you would have 'Sales', 'Marketing' and 'Editorial'.
- Create a Group for each of those User categories in the 'User' Security Domain, and copy Users into their appropriate Groups
- Decide how you want to categorise your Contacts. Perhaps in a Movie Magazine business you would have 'Artists', 'Freelance Writers' and 'Advertising Agencies'.
- Create a Security Domain and Group for each of those Contact categories, and move Contacts into their appropriate Group.
- Grant the User Groups access to the appropriate Security Domains. eg:
- 'Sales' might have Viewer access to 'Advertising Agency'
- 'Marketing' might have Editor access to 'Advertising Agency', and Viewer access to 'Artists'
- 'Editorial' might have Editor access to 'Freelance Writers' and 'Artists'
- Now when you create a User, simply put them into their appropriate Group(s) and they will automatically get access to all appropriate Contacts.
- Now when you create a Contact, simply put them into their appropriate Group.
Going forward you can also easily change access for entire Groups of Users, rather than having to update many individual Users.
As an aside, notice that you can now also send a message to all 'Marketing' staff, because they have their own Group.
Granting Access to Groups, not Users
Granting Access to Groups, not Individual Users, gives you far more flexibility when controlling access to Contacts.