WorkSpan provides a robust, multi-layered data sharing security design, built on Attribute-Based Access Control (ABAC) Technology, that allows you to show different data sets to different users, within your company and in your partner’s organization.
WorkSpan allows you to fully control data access by controlling people's ability to view, edit or delete an object, or even specific fields and content within an object. This capability meets the needs of users and companies that must restrict access for a variety of reasons including compliance, safeguarding proprietary information, and establishing accountability.
WorkSpan overcomes enterprise boundaries and enables easier workflows between multiple parties while ensuring enterprise-level data security.
Configure company level authentication and session login policies for users in your organization , and integrate with Single Sign-On (SSO) providers to administer access centrally for your enterprise.
During the data-model design, you secure data fields to be private so that only your company’s users can see those fields and partners cannot access your confidential data. This privacy setting is also available on Metrics that you configure for measuring the outcomes of a partnership or a partnering motion. You can set shared metrics for joint accountability with the partners, or set them to be private for metrics that are only relevant for your business or based on your private fields.
With WorkSpan’s flexible and tiered access governance model, you can easily configure right access to the right users across organizations. You can configure automatic access for users in a partner program or a shared plan or a solution, or even at an individual record level.
Each user is granted a specific Access Level on the record - Owner, Collaborator, Viewer or Participant, that determines if the users can create, edit, delete or view specific sections and related records for that object. The access level also governs if the user can approve or decline fund requests and claim requests.
- Learn more about Understanding Access Levels
Configure access policies for your partner programs, plans and other shared objects, and automatically grant access at scale to users for the objects within that hierarchy. For example - configure a policy so all Owners of Sales Plan are automatically granted Collaborator access on Opportunities within that plan, so they can edit opportunities created by any company in the plan.
- Learn more about Policy-Based Access Management
There may be scenarios where you need to grant individual access. For example - if you are adding a partner to a partner program, or you are adding a 3rd partner to an ongoing opportunity, an explicit Share action will invite users from that company to the object. Users with the Owner access on the object configure who has sharing permissions on that object.
In addition, you can also make your objects discoverable to users in a company or a partner program. These objects are listed on the Discover tab on the object landing pages and the users can request to join the object. Object owners must approve the request before the user gets access to the object.
- Learn more about Object Security, Sharing and Discoverability Settings
You can also share reports, and set an access level that controls whether the user sees the complete data-set in that report or the data is filtered only to the data that the user has explicit access to. The latter setting is recommended when sharing with partners.
- Learn more about Reports Security
When you integrate your company’s systems such as a CRM with WorkSpan, you can set policies to restrict view access to this data as well. As an example, you can ensure that a user only sees CRM opportunities that are tagged with a specific partner and/or region.
- Learn more about Staging Visibility
Company administrators can also audit access and grant/update access centrally, and further ensure that the users within their company have the requisite data access, and quickly make updates when users leave or change roles in the organization.
- Learn more about these capabilities in the Overview of the Users Section