Setting up Partitioning Based on Security Profile

Data Partitioning by security profile allows a JustWare administrator to restrict users that are part of a certain security profile from accessing certain kinds of data. This can be accomplished using the following steps.

Important:

If a user is a member of multiple security profiles for which the data partitioning has different access levels for the same set of data, the user's least restrictive security profile will be enforced. For example, if a user is a member of multiple security profiles and is denied access to a particular set of data in one profile but is allowed access to this same set of data in another profile, the user will be allowed access to this set of data.

In the Administrative Tools group of the Explorer toolbar, click System Administration.

Click Security | Data Partitioning.

The Data Partitioning Tool will open. Security Profile Partitioning will be available in the Security Profile Partitioning snap-in.

In the Security Profile snap-in, select the existing security profile whose users you would like to restrict from accessing case and name information.

The snap-ins below will populate with restrictions set up for that security profile.

Tip: To add a security profile to the Security Profile snap-in, you must create the security profile in the Security Profiles code table. See "Security Profiles" for more information.

Select the View All Private Case Notes check box to allow members of the selected security profile to view all private case notes entered in JustWare cases. It is recommended that you check this box for your administrator or supervisor security profiles.

The persons specified in the Created By and Taken By fields of Notes record rows are always allowed to see private notes for those cases.

Tip: You can set the ability of all case-involved people marked active to view private notes through the Allow All Active Case Involved People to View Private Case Notes setting in the application parameters.

In each of the snap-ins below, add rows and select which types of data the selected Security Profile will be restricted from viewing. Each snap-in (with the exception of the Sealing snap-in) contain the following fields to allow you to configure the profile:

Field	Description
Excluded Code Type	Select the code type from the drop-down list to restrict members of the selected security profile from viewing data of that code type anywhere in JustWare. To create a code type for partitioning (one that is not in the drop-down list) you must add that code type to the related code table. For example, to make a new case status available in the Excluded Case Status drop-down list, add the case status to the Case Status code table.
Show Cases In Involvements and Search Results (only available in the Case Status and Case Type snap-ins)	Select the check box to indicate that the security profile that is restricted from viewing the content of cases will still be able to see that the case exists in case involvements and search results. However, the user will still be prohibited from opening the case.
Notes	Type any related notes in this free-text field.

Field

Description

Excluded Code Type

Select the code type from the drop-down list to restrict members of the selected security profile from viewing data of that code type anywhere in JustWare.

To create a code type for partitioning (one that is not in the drop-down list) you must add that code type to the related code table. For example, to make a new case status available in the Excluded Case Status drop-down list, add the case status to the Case Status code table.

Show Cases In Involvements and Search Results (only available in the Case Status and Case Type snap-ins)

Select the check box to indicate that the security profile that is restricted from viewing the content of cases will still be able to see that the case exists in case involvements and search results. However, the user will still be prohibited from opening the case.

Notes

Type any related notes in this free-text field.

Use the snap-ins below to configure which types of data will be restricted from the selected Security Profile.

The following snap-ins are available for security profile partitioning:

Snap-in	Description
Case Status	Partition access to cases of particular case statuses.
Case Type	Partition access to cases of particular case types.
Name Type	Partition access to names of particular name types. Note: Only codes marked to Allow Partitioning in the Name Type code table will be available for partitioning.
Address Type	Partition access to addresses (related to names) of particular address types. Note: Only codes marked to Allow Partitioning in the Address Type code table will be available for partitioning.
Email Type	Partition access to email addresses (related to names) of particular email types. Note: Only codes marked to Allow Partitioning in the Email Type code table will be available for partitioning.
Phone Type	Partition access to phone numbers (related to names) of particular phone types. Note: Only codes marked to Allow Partitioning in the Phone Type code table will be available for partitioning.
Correspondence Type	Partition access to correspondences (related to cases and names) of particular correspondence types.
Document Type	Partition access to documents (related to cases and names) of particular document types.
Event Type	Partition access to events (related to cases and names) of particular event types.
Sealing	Partition access to the ability of sealing and viewing sealed cases and rows. Click here to learn more about configuring sealing. Sealing cases and rows will restrict viewing access to those items depending on your Security Profile permissions. Due to the sensitive nature of sealed data, there are multiple permissions configuring how a user can interact with sealed data. If no configuration is applied to a Security Profile, users will not see or be able to seal any data. Some of the permissions are dependent on having others. For example, you cannot select the Unseal (Cases) checkbox if you haven't selected the See Sealed Exists and Open Sealed Cases checkboxes. The permissions are divided into two sections, Cases and Rows. Cases Seal Cases: Gives the selected Security Profile the permission to seal a case. A Sealed checkbox will be visible on the case for any user that belongs to a Security Profile with this permission. See Sealed Exists: Gives the selected Security Profile the permission to see that sealed cases exists. Users with this permission will see sealed cases in search results but will be restricted from opening any sealed cases. Open Sealed Cases: Gives the selected Security Profile the permission to open and work with sealed cases. Unseal: Gives the selected Security Profile the permission to unseal a sealed case. Rows Seal Rows: Gives the selected Security Profile the permission to seal individual rows on a case. Rows in the following snap-ins can be sealed: Events, Correspondences, Tasks, Filing Cabinet, Charges, Charge Involvements. View Sealed Rows: Gives the selected Security Profile the permission to see and work with sealed rows. This does not include being able to see sealed documents in Document Search Results. Open Sealed Documents: Gives the selected Security Profile the permission to open a document on a sealed Filing Cabinet row and from Document Search Results. Unseal: Gives the selected Security Profile the permission to unseal a sealed row.

Add partitioning records to the other snap-ins available.

Save the session.