Detailed Guide to Sensitivity
The Sensitivity feature allows the user to restrict access to certain information within the ChilliDB system based on Types (Categories) or according to custom-selected User Roles.
At the moment, this feature can be applied to Contacts, Notes, and Membership Packages.
This article covers different levels of sensitivity, how the various areas of ChilliDB are affected by sensitivity settings, and managing sensitivity.
Table of Contents
Finding Information if the Record is Sensitive
Bypassing Sensitivity Settings
Levels of Sensitivity
The ChilliDB system currently offers three levels of sensitivity:
1. No sensitivity – the record can be viewed or modified by any logged-in user as long as that user has the security ticket to view or modify the record.
2. Sensitivity based on Type – the record can only be viewed or modified by those User Roles defined at the Type level.
At this level, the Type will contain selected User Roles that can access (view or modify) the record associated with the type. This is managed through the Reference Data - Create and Maintain screen when creating or editing the Categorisation.
Where a record has no sensitivity settings applied and then those settings have changed for the Type, the record will automatically apply the Sensitivity based on the Type. This is because the Sensitivity based on Type will override the “No sensitivity” condition.
3. Sensitivity based on selected User Roles – the record can only be viewed or modified by the User Roles defined to access that specific record.
Even though some User Roles contain the security ticket to view or modify the record, they won’t be able to access the record if the User Roles are not included in the allowed User Role list for that specific record. This is managed through the Manage Sensitivity screen, which is accessible when viewing the record via the Quick Action called “Manage Sensitivity” or when creating or editing a record via a link in the Sensitivity field. This will only appear if the User has the security ticket “Sensitivity Modify”. This ticket can be granted via 'System - Users - Maintain roles and Tickets', choosing the appropriate role from those available, searching for 'Sensitivity', and then selecting the appropriate ticket(s).
Sensitivity based on selected User Roles will override sensitivity rules based on Type. The user can also enable all User Roles to access the record. This will ensure the record will stay accessible to all User Roles even though the Sensitivity settings for the record Type have changed.
Finding Information if the Record is Sensitive
When the records have Sensitivity settings applied, a user whose User Role does not have access via the Sensitivity tickets experiences the following conditions:
The user is not able to access the record display page. The page indicates that the record is sensitive and redirects the user back to the home page.
Some of the links in the system, such as in the Search pages, show the Sensitive records in a different colour. The default colour is orange; however the user can customise this colour setting at the system level. The links are also disabled from clicking and a tooltip is displayed to notify the user that sensitivity rules apply to the record.
The address details, phone, fax, email, and other details, such as gender, date of birth, job title and department, which are specific to the Contact record, are hidden from the export and print list when doing Export All or Print All from the search results grid.
Sensitive Contacts are not included in the Bulk Update for Contacts. When selecting the sensitive Contacts to be included in the Bulk Update, a warning message is shown to notify that the sensitive Contacts will not be included in the Bulk Update process.
Custom fields and the Contact communication details for phone, fax, and email are hidden when refining the Contact recipients of the message upon performing the “Send Message” Quick Action from some screens like Contact Search, Contact tab in Organisation Display screen, Distribution List Display screen, and Membership Display screen.
When viewing notes from screens such as Contact note listings and Note searches, all custom fields and the details field are hidden
Within the Refine Message Recipient screen, the sensitive Contact name is shown in a specific colour. The default colour is orange; however the user can customise this colour setting at the system level. Since the communication details are hidden, the sensitive Contact shows the “Not Available” message in the Communication Address area.
The Refine Message Recipient screen also shows the warning message to indicate how many sensitive Contacts are shown in the recipient list and notify the user that those sensitive Contacts will not be included when sending the message. Furthermore, these sensitive Contacts are not included in the Send Message screen.
The sensitive Contacts do not appear on the search result when the user tries to search for the message recipient from the Find Recipient popup screen (accessible from the Send Message screen by clicking Find link).
When sending a message to a Distribution List, any sensitive Contacts contained in the Distribution List are not included as the message recipients. A notification message appears on the Send Message screen to notify that the sensitive Contacts contained in the Distribution List will not be included in the message.
The Contact communication details for phone, fax, and email are hidden when they are displayed in the Members or Unsubscribed Members tabs within the Distribution List Display screen.
The Contact communication details for phone, fax, and email are hidden when assigning the Contact’s communication item to the Distribution List upon performing the “Subscribe to Distribution List” Quick Action from some screens like Contact Search and Contact tab in Organisation Display screen. The communication items are still shown in the Communication address area however the details of those communication items are marked as “** HIDDEN **”.
Within the Subscribe to Distribution List screen, the sensitive Contact name is shown in a specific colour. The default colour is orange; however the user can customise this colour setting at the system level.
The Subscribe to Distribution List screen also shows a warning message to indicate how many sensitive Contacts are shown in the subscriber list.
The phone, fax, and email of the sensitive Contact are hidden from the Event Attendee list screen which is accessed from selecting the “Show/Export Full Attendee List” Quick Action item or by clicking the “Show List” link on the Session tab under “Registrations/Attendance count” column within the Event Display screen.
The phone, fax, and email as well as the address details of the sensitive Contact are also hidden from the export list and print list when doing Export All or Print All from the Event Attendee list screen above.
The Contact communication details for phone, fax, and email will be hidden when assigning the Contact as Member of a Membership package which manages the Distribution List. The communication items will still be shown in the Address field however the details of the communication item will be marked as “**HIDDEN **”.
The drop down list which is showing available communication for the Contact is also disabled and the rule for automatic communication subscription into a Distribution List is used in here to automatically select the preferred communication item to be assigned into the Distribution List managed by the Membership Package.
As for a user whose User Role is included in the Sensitivity settings, they experience the following conditions:
The user is able to view the record. A padlock icon is displayed on the top right corner of the panel next to the Online Help icon to indicate that the record applies sensitivity settings.
Bringing the mouse icon over the padlock icon shows a tooltip with information regarding the level of sensitivity applied to the record as well as the User Roles which are allowed to view/modify the record.
Clicking the padlock icon shows the Sensitivity Display popup screen showing the same information in the padlock icon tooltip.
When a user has the security token/ticket to modify the sensitivity settings, they are able to see the “Manage Sensitivity” Quick Action from the record display screen, or have the Sensitivity field shown as a hyperlink from the record maintenance screen.
Clicking on the “Manage Sensitivity” Quick Action or the Sensitivity field hyperlink will enable the user to manage the sensitivity settings of the record.
The user is able to modify the record, send a message to the sensitive Contact, export/print the sensitive Contact, or view the communication details of the sensitive Contact as if the sensitivity settings were not applied.
The Reporting Views will ignore the sensitivity rules and will only indicate if the record contains sensitivity settings or not by showing the information within the field called “Is Sensitive”. The field returns a value of true or false.
The Web Service will ignore the sensitivity rules at this stage, and will update it in the future to include the flag to indicate the record contains sensitivity settings or not (similar to the “Is Sensitive” field in the reporting views).
As the current Outlook plug-in relies on the web service, the plug-in will also ignore the sensitivity rules at this stage.
Managing Sensitivity Settings
The user will be able to manage the sensitivity settings where their User Role contains the SENSITIVITY MODIFY ticket.
The sensitivity setting itself is managed by selecting the “Manage Sensitivity” Quick Action from the record display screen (this is after the record has been created), or else through the Sensitivity field hyperlink from the record maintenance screen (this is when creating a new record or modifying an existing record).
As for managing the settings for the Sensitivity based on Type, the user can create or modify the settings from the Reference Data - Create and Maintain screen by creating a new Type or modifying an existing Type.
Bypass Sensitivity Settings
The user can have a special privilege to treat all sensitivity rules as nothing (bypassing the sensitivity rules) by assigning a special ticket called “SENSITIVITY OVERRIDE” to the User Role.
By assigning that ticket to the User Role, the users associated with that User Role are able to view and modify any records in the system regardless of any sensitivity settings applied to the records.
Frequently Asked Questions
1. How do I overwrite a record when Type based sensitivity is applied?
You can modify the Sensitivity settings of the Type from the Reference Data - Create and Maintain screen to include additional User Roles.
Another way is to assign the “SENSITIVITY OVERRIDE” ticket against your current User Role so you can bypass the sensitivity rules for the sensitive record.
2. What happens if a new Role has been created and I would like to associate this new Role to the Sensitivity settings of a Type?
You can modify the Sensitivity settings of the Type from the Reference Data - Create and Maintain screen to include your current User Role.
If your User Role has “SENSITIVITY OVERRIDE” ticket, then you will be able to view the record and then modify the sensitivity settings of that record to set it to be based on user selected User Roles and then include your new Role in the User Roles list.
3. What happens if a Role which is included in the Sensitivity Settings is expired?
You will be asked to assign an existing User Role as a replacement for the expired Role. Any sensitivity settings belonging to the old User Role will not be deleted and will be marked as “[EXPIRED]”.
4. Can I filter sensitive records in my reporting view?
You can filter records based on the information if the record contains sensitivity or not. However, you cannot filter sensitive records that have been designated as such based on specific User Roles.
5. Can the sensitive Contacts be restricted through the Web Service?
The current web service does not allow the user to restrict the sensitive contacts.
6. Can the sensitive Contacts be restricted within the Outlook plug-in?
The current Outlook plug-in does not allow the user to restrict the sensitive contacts.
7. What is the precedence of sensitivity rules?
Below is the order of precedence from the lowest importance to the highest importance within the sensitivity rules:
(Lowest) No Security > Restricted based on Type > Restricted based on selected User Roles > Visible to Everyone (Highest)
Note: The highest order of precedence can override the lower one.
8. What are the Rules for determining which email address, fax number, or mobile numbers to use for refining the send message recipients? Are they impacted if that Contact is sensitive?
All sensitive Contacts do not receive any messages from restricted users. This means the user is prevented from sending messages to these contacts. The sensitive Contacts shows the communication details as “Not Available” and do not include the sensitive Contacts into the To/Cc/Bcc fields when they are transferred from Refine Message Recipients screen.
9. What are the Rules for determining which email address to use for auto-subscription to Distribution List? Are they impacted if that Contact is sensitive?
All sensitive Contacts mark the communication details like email addresses, fax numbers, and mobile numbers as “** HIDDEN **”. However, the users are still able to allocate specific communication item to be assigned to the Distribution List based on the communication item type.
When adding a member into a Membership Package and the membership package maintain distribution lists, the auto-subscription rules for subscribing communication item into Distribution List will apply.