Every team is different. But every team needs to make sure that the data that's important to them is secure. Whether it's a donor's telephone number or a patient's medical notes it's critical to make sure that data can only be accessed by the right people.
That's why we've built a new roles and permissions system into the core of Beacon. Now you have complete control over what users can access, right down to the field level - and it's pretty straightforward to configure.
Lets take a quick look at the important features of your new roles and permissions system.
You can create different roles within your organisation and add users to these roles. This means that you can give your different teams access to different parts of Beacon and it's easy to manage who is a member of which teams.
You can restrict access to entire features within Beacon. You can restrict access to your donation forms to make sure nobody changes important settings. Or you can make reports read only for people who need to review them but don't need to update them.
You can control which users have access to the different record types within your Beacon database. And within each record type you can control who has access to different fields. The interface makes it easy to see which permissions you have granted for different records and their fields.
This means that you could create a new field on a person record called "private notes" and only make it available to managers. Other users would never see this field.
There are two layers of security to enforce the permissions that you set up. First, permissions are propagated through Beacon in real time and they restrict what users can do in the interface. In the example below we can see two browsers which could be on two different machines. The admin on the left is changing some permissions and you can see how they're reflected immidiately for the user on the right. Pretty neat. Very secure.
Secondly, the Beacon database checks a user's permissions before returning any data. If a user doesn't have permission to view something it's not just hidden in the interface - the database doesn't allow access at all. This two layer approach means that you can be confident that your permissions are strictly enforced.
Every user has a new default role created in their account and all existing members have been added to this role. This means that everyone's accounts behave exactly as they did before. Your new roles and permissions system is live and ready to try now. Log in to try it out.
We've also written comprehensive documentation on how to use your new system. You can read the documentation here, and I strongly recommend that you do!
As usual, I'm really keen to hear what you think! Fire off an email to firstname.lastname@example.org or click the intercom button in the bottom right corner of this page to get in touch.