Controlling Access to Privileged Attribute Data
If you've set up Vendor Templates, you'll have learned that there is a hierarchical structure. A Template should contain one or more Attribute Groups and each Attribute Group should contain one or more Attributes. In certain cases, there might be vendor data that you want to associate with a vendor record, but that is sensitive in nature. In such a situation, you might want to limit the number of people who have access to this information. In Vendorful, you can do this by storing such Attributes in Attribute Groups that are set as privileged.
Setting up the Attribute Group
If you click your way over to a Vendor Template that you want to use to store some privileged information, you'll see an existing list of Attribute Groups. You'll note that there is a pencil icon next to the name of the Group. Clicking this will pop up a dialogue box that allows you to set the Group to privileged. In the example below, we've set up a new group called "Privileged Information." (Note: you can call your privileged Groups anything you'd like. We simply chose this name because it was self explanatory.)
Clicking the pencil pops up the following dialogue box:
By selecting the checkbox next to "Privileged Group," you will have set this Attribute Group to be privileged. This will be indicated, once you save, by an icon depicting a person and a lock.
Any of the Attributes that are part of this Group will have restricted access. In the following section, we will cover how to give specific Stakeholders access to these Attributes.
Configuring Stakeholder Access
When drilling down to a vendor record, you will see a menu item entitled "Stakeholders and Roles." If you click this and then click on Stakeholders, you will arrive at an interface where you can add, remove, and configure Stakeholders for this vendor. There is a specific icon that conveys that ability for a Stakeholder to see privileged Attribute Groups: By selecting this icon for a Stakeholder, that Stakeholder will be able to see the privileged Attribute Groups for that vendor. Bear in mind, that Stakeholders are assigned on a per-vendor basis as are their permissions. So it's possible that someone can be a Stakeholder for Vendor One and Vendor Two and have access to privileged data for one vendor and not the other. In the following example, the Stakeholder named Bob Stanley does not have permission to access privileged data while Peter Kelly does.
Now, if Peter Kelly were to click the Attributes tab, he would see the following:
The last Attribute Group on that list, Privileged Information, would not be visible to Bob who would simply see the first three groups:
- Basic Attributes
- Diversity
- Financial Documentation
Vendor Attributes
This is the meat and potatoes of Vendor Templates. This is the view where we will choose exactly what information we would like to record about the vendor as well as setting the fields which we would like the vendor to fill out about themselves.
The main part of this view shows the current state of the Group and which Attributes are currently added to it. Again, clicking on the name of the Attribute will allow you to edit it, and clicking the "x" will remove the Attribute from the Group. You can also click and drag each Attribute to rearrange them within the group.
Note: The same rules that applied to Groups also apply to these Attributes. Attributes are shared across Groups so any change you make to an Attribute here will affect other Groups which use the same Attribute.
On the left side of the view is the Attribute list. Any Attributes that have been created will appear in this list and can be added to the current group by clicking the double arrow icon or can be edited by clicking the Attribute name. New Attributes can be created by clicking the "Add Attribute" button at the top of this list. Let's take a look at the fields that are available when creating or editing an Attribute.
Name: The name of the Attribute. This is what will be used to label the Attribute when the template is being filled out.
Type: This is the field that dictates how this piece of information is collected. There are a few options here:
- Short Text: A text input that you expect to be 1 sentence or less.
- Number: Any sort of number input.
- Long Text: A text input that is suitable for longer entries of text like descriptions.
- Selection: This input allows you to provide a set of options that can be selected. There is also a toggle to allow for multiple selections.
- Document: This input allows for uploading documents.
- Date/Date Time: These inputs accept dates or dates and time respectively.
- Checkbox: This is a simple checkbox to be used for Yes/No questions.
Expiration: This field allows you to set a time when the answer for the Attribute expires and needs to be updated. This can be set to expire periodically or you can select "Per Value" to allow the user to input the expiration date when filling out the template.
Visibility: This field sets the permissions that vendors have for editing or even seeing the Attribute.
- Editable: This allows the vendor to edit the Attribute. Use this for information you would like to get from them.
- Read-only: The vendor will be able to see this, but only you and your team will be able to edit it.
- Hidden: This type of Attribute will be visible and editable by you and your team but will be hidden from the vendor. You can use this to keep track of things like "Is the vendor a preferred vendor?" and other information you would like to keep track of about the vendor, but not allow them to see.
Interaction with Manage All Vendors Permission
Users who have the global "Manage All Vendors" permission can also see privileged data. We generally recommend that this permission be delegated sparingly.