Understanding Account Restrictions
Liferay’s account restrictions enhance your control over data visibility, ensuring users can access only the information associated with their specific accounts. When enabled, these restrictions limit the visibility of object entries according to the user’s account membership. This approach is ideal for organizations representing distinct customer entities that must interact with shared applications, such as accounts for specific clients, distributors, or geographic customer groups.
Additionally, accounts can be linked to Liferay organizations to provide structured access across divisions. This setup allows administrators to establish account hierarchies that streamline the management of users in different organizational units.
Account Restrictions for Clarity’s Ticketing System
To implement a ticketing system, Clarity may use account restrictions to ensure each customer can view only their tickets. Each customer is represented by an account, and every ticket is associated with the account of the customer who creates it. Only users linked to a given account can view tickets associated with that account. This setup not only enables personalized support for each customer, but also enhances privacy and security between separate customers.
In addition to using account restrictions to determine individual customer access to object data, Clarity can define organizational roles to structure account access based on characteristics like geographic location. Unlike their customers, Clarity’s internal support team should not be restricted to tickets from a single account. Instead, the support team may be divided into a US organization and an EU organization. Users in the US organization can only access tickets from accounts of US-based customers, while users in the EU organization can only access tickets from accounts of EU-based customers. This kind of organizational hierarchy, when used in conjunction with account restrictions, enhances visibility and response time by making data available to the appropriate users.
Best Practices for Account Restrictions
As with object permissions, follow the principle of least privilege for account restrictions. By granting the minimum necessary access to a given account, you can improve data security. Simplify data management for organizations with complex structures by automatically segmenting object entries based on associated accounts. Rather than configuring permissions for individual users, use account restrictions to reduce the complexity of managing access across multiple teams, departments, or geographic divisions.
Conclusion
Account restrictions in Liferay provide a powerful mechanism for segmenting data access, ensuring users can view and interact only with data associated with their specific accounts and organizations. This feature is essential for secure, structured data management in complex organizational setups like a customer support ticketing system. By implementing account restrictions thoughtfully, administrators can create a secure and efficient environment that supports both data privacy and operational needs. Next, you’ll learn more about auditing objects in Liferay.
Capabilities
Product
Education
Contact Us