Team access rules (TAC) allow administrators to set access rules for users, their team members, other teams and everyone else in the organisation. With 3 levels of accessibility you can set the level of visibility users will see. These 3 levels are:
Find and read - users can find and read a record
Find only - users can find the record but will see "Access restricted"
No access - will not see a record
To configure team access rules:
Navigate to Administration via the switcher
Click on teams and edit an existing team
Click on Access rules and configure your settings to match your organisation's workflow.
Here are some rules that will help you set team access rules:
If the user is in the team AND either:
The owner of the record, or
The creator of the record
Then they get Find and read access, otherwise
Check if the user is a supervisor of this team, if so grant Find and read, otherwise
Check any specific rule that applies to this user, if so use that rule, otherwise
Check if the user is a member of:
this team, or
a member of other teams that there are rules for, then
use the most permissive rule found (Find and read over Find only over No access)
Otherwise, use the "everyone else" rule.
Things to think about:
Team members:
The author and team supervisor are automatically assigned Find and read access.
Depending on the team sensitivity, you can then assign any other access level to the rest of the team
Organisation wide settings:
Everyone else: This is where you ascertain how much access the rest of the users have to your records. Consider: (might be good as a decision tree)
Do you want everyone to be able to read your records?
If yes - Select Find and read
If not, do you want people to see that a record was created?
If yes - select Find only
If no - Select No access
Are there any exceptions to the general rule that should be granted to teams or individuals?