Need a little help understanding how to configure your company's security settings?
We're about to show you a working example of a company called TipTop Cleaners. In this case study, we guide you through TipTop Cleaners' security requirements, and show you how they set up their security profiles, security groups, and group profiles to make the best use of Compleat.
While your company will likely require a slightly different setup to TipTop Cleaners, this case study will give you a clear picture of the decision-making behind creating an effecive security setup in Compleat.
Check out How Security Works to find out more.
Security requirements
TipTop Cleaners have two separate trading entities, which they've set up in Compleat as Company A and Company B.
There are three departments at TipTop Cleaners: Sales, Operation, and Finance.
Sales and Operations need to be restricted to specific cost centres and account codes when raising transactions in Compleat. Finance should have access to all codes.
Users with the Operations and Finance departments need access to both Company A and Company B in Compleat, but there are separate sales teams for each company, so those sales teams need to be restricted to the relevant company.
TipTop Cleaners want to use four layouts (forms) to capture data in Compleat:
- Purchase Order of Goods (POG)
- Purchase Order of Services (POS)
- Direct Invoices (DI)
- Credit Notes (CR)
It's not as complicated as it sounds - we promise! Keep reading to see how TipTiop Cleaners easily configured their security settings to meet their needs.
Security profiles
Here's how TipTop Cleaners configured structured security profiles in Compleat.
Notice how they use our recommend security profile naming conventions.
| Security profile descriptions | Company | Layout |
| Security Profile for Operations - A - (POG) | A | POG |
| Security Profile for Operations - A - (POS) | A | POS |
| Security Profile for Operations - B - (POS) | B | POG |
| Security Profile for Operations - B - (POS) | B | POS |
| Security profile for Sales - A - (POG) | A | POG |
| Security profile for Sales - A - (POS) | A | POS |
| Security profile for Sales - B - (POG) | B | POG |
| Security profile for Sales - B - (POS) | B | POS |
| Security profile for finance - A - (POG) | A | POG |
| Security profile for finance - A - (POS) | A | POS |
| Security profile for finance - A - (DI) | A | DI |
| Security profile for finance - A - (CR) | A | CR |
| Security profile for finance - B - (POG) | B | POG |
| Security profile for finance - B - (POS) | B | POS |
| Security profile for finance - B - (DI) | B | DI |
| Security profile for finance - B - (CR) | B | CR |
Finance needed more security profiles than Sales and Operations.
This is because Finance also needed access to the Direct invoice (DI) and Credit note (CR) layouts given that they're the department that processes them. Sales and Operations only be enter requisitions and therefore don't need that level of access.
TopTop Cleaners created separate security profiles for the Finance, Sales and Operations departments because they all needed to be restricted to different cost centres and account codes when entering a transaction. If all three departments needed to access all codes, TipTop Cleaners would have simply created a single security profile per layout, per company.
Security groups
The number of security groups you need is determined by 2 main criteria:
- How many companies you have
- How you've structured and grouped your security profiles
You need to create at least one security group per company, which can only contain security profiles linked to the same company. However, if you've created multiple groups of security - for example, for restricting code access for each department within the organisation - then you'd need to create a security group per company, per department.
Here's how TipTop Cleaners set up their security groups. On the left are the security profiles they set up, and on the right are the security groups that they grouped them into. Notice that within each security group, there's no more than one security profile being applied to the same layout.
| Security profile | Security group |
| Security profile for Operations - A - (POG) | Security group for Operations - A |
| Security profile for Operations - A - (POS) |
| Security profile for Operations - B - (POG) | Security group for Operations - B |
| Security profile for Operations - B - (POS) |
| Security profile for Sales - A - (POG) | Security group for Sales - A |
| Security profile for Sales - A - (POS) |
| Security profile for Sales - B - (POG) | Security group for Sales - B |
| Security profile for Sales - B - (POS) |
| Security profile for Finance - A - (POG) | Security group for Finance - A |
| Security profile for Finance - A - (POS) | |
| Security profile for Finance - A - (DI) | |
| Security profile for Finance - A - (CR) |
| Security profile for Finance - B - (POG) | Security group for Finance - B |
| Security profile for Finance - B - (POS) | |
| Security profile for Finance - B - (DI) | |
| Security profile for Finance - B - (CR) |
Group profiles
There are two main criteria that dictate how many group profiles you should create, and how you should structure them:
- How your security groups are structured
- Whether users need access to a single company, or multiple companies
In the case of TipTop Cleaners, users in the Operations and Finance departments needed access both both Company A and Company B in Compleat. However, there are separate sales teams for each company, so those teams need to be restricted to their relevant company.
TipTop Cleaners' solution was to create a single group profile for Operations, containing both of the Operations security groups (A & B). An operations user linked to the Operations group profile will then be granted access to both Company A and Company B.
| Security group | Group profile |
| Security Group for Operations - A | Group Profile for Operations |
| Security Group for Operation - B |
They did the same for the Finance department.
| Security Group for Finance - A | Group Profile for Finance |
| Security Group for Finance - B |
However, because some Sales users just needed access to Company A, and others just needed access to Company B, they only needed to create a group profile for Sales (A) linked to the security group for Sales (A). This means that any users linked to this group profile only have access to Company A.
| Security Group for Sales - A | Group Profile for Sales (Company A) |
They then created a group profle for Sales (B).
| Security Group for Sales - B | Group Profile for Sales (Company B) |
Security overview
Here's TipTop Cleaners' security setup from top to bottom. Each user in the organisation got assigned to one of the group profiles on the right.
| Security profile | Security group | Group profile |
| Security Profile for Operations - A - (POG) | Security Group for Operations | Group Profile for Operations |
| Security Profile for Operations - A - (POS) | ||
| Security Profile for Operations - B - (POS) | Security Group for Operations | |
| Security Profile for Operations - B - (POG) |
| Security Profile for Sales - A - (POG) | Security Group for Sales - A | Group Profile for Sales (Company A) |
| Security Profile for Sales - A - (POS) |
| Security Profile for Sales - B - (POG) | Security Group for Sales - B | Group Profile for Sales (Company B) |
| Security Profile for Sales - B - (POS) |
| Security Profile for Finance - A - (POG) | Security Group for Finance - A | Group Profile for Finance |
| Security Profile for Finance - A - (POS) | ||
| Security Profile for Finance - A - (DI) | ||
| Security Profile for Finance - A - (CR) | ||
| Security Profile for Finance - B - (POG) | Security Group for Finance - B | |
| Security Profile for Finance - B - (POS) | ||
| Security Profile for Finance - B - (DI) | ||
| Security Profile for Finance - B - (CR) |