Access scopes

Learn how to limit profile access for staff

ClΓ‘udia Duarte avatar
Written by ClΓ‘udia Duarte
Updated over a week ago

It's sometimes necessary to exert strict control over access to data, which potentially includes access to profile data. For that reason, we conceived a solution to limit profile access for staff: access scopes. πŸ”


In this article

(click to jump to topic)

What's an access scope?

In Full Fabric, an access scope is a tool for restricting staff access to profiles, which works identically to building a segment. It's a means of defining who exactly sees and/or utilises whose information, either for security reasons or to provide a simplified view of Full Fabric that's easier to navigate (in the sense of there being less data to wade through). Typically, a staff user with an access scope can only access the profiles that satisfy the criteria stipulated in the access scope; however, access scopes may be solely applied to campaigns, in which case they merely restrict who the concerned staff users can send emails to.

As has already been mentioned, access scopes use the same mechanism and set of rules as segment builders, therefore offering the same level of variety and precision. You can require that a profile only be made visible or "emailable" to a given staff user or group of staff users if:

RULE

EXAMPLE OF VALUE

Profile β‡’ is in β‡’

MSc in Finance Class of April 2023

Profile β‡’ has evaluation

No value necessary

Profile β‡’ is tagged with β‡’

Seems no longer interested

Profile β‡’ is owned by β‡’

Bob Sacamano

Profile β‡’ attended β‡’

Meeting with TBS President

Just to give a few examples. To be clear, when you add segment rules to an access scope, you're doing so to dictate which profiles a coworker is permitted to view or email, not (directly) which profiles are forbidden to them. Their purpose is to represent the criteria for including or excluding profiles from said coworker's access scope.

  • If a profile fulfils the criteria ➞ access to it is permitted;

  • If a profile does not fulfil the criteria ➞ it's excluded from the access scope (or, to put it another way, restricted).

Accordingly, the profiles displayed in the access scope are those that the holder can view or contact:

Segment rules are a vital component of an access scope. In their absence, the access scope is powerless to decide which profiles to admit and which ones to refuse, which renders it useless.

Access scopes can be put in place for individuals or entire teams, as will be explained further ahead. By default, staff users do not have permission to create access scopes, and it's normally reserved for users with Admin rights. If you're interested in being given permission, please contact us.

What is the difference between access scopes and team permissions?

Staff role permissions determine what someone is able to do, while access scopes determine which profiles someone is able to see or email. So while they can function in a complementary manner, they're unrelated.

To illustrate this, suppose that we create an access scope for an evaluator – let's call him Ernest Pettigrew – defining that Ernest is only allowed to see profiles currently in the lifecycle state applicant::under_evaluation, as those are all he needs to perform his duties. Upon the access scope being created, Ernest finds that nothing's changed in terms of interface: the usual tabs, tools and widgets are all still there. However, when he searches for a profile not included in his access scope, he'll get the message No results, although the profile does exist:

Likewise, when he enters a class, it's like no other candidates exist except for those in state applicant::under_evaluation:

The same principle applies to forms, events, segments and so on. In short, Pettigrew can only see the profiles and respective data encompassed by his access scope.

When it comes to institution-level access scopes and campaigns, there's a subtle distinction that's important to bear in mind: a staff user may not be able to see the full list of profiles in the audience segment in case some of them are excluded from his or her access scope – nevertheless, the campaign will still be dispatched to everyone that matches the rules of the audience segment. πŸ“¨ Campaign-level access scopes, which we'll discuss next, obviously behave differently.

When should an access scope be applied only to campaigns?

As previously stated, it's possible to only apply an access scope to campaigns, thereby limiting who someone can send campaigns to. This option is intended for staff members or teams with particular responsibilities or procedures that require them to have access to all profiles but be able to email only a subset of them.


For instance, if you had alumni who were interested in going back to school and you didn't want your sales representatives to contact them prematurely – that is, until the aforementioned alums were actually associated with a new programme and class as prospects or applicants – it would make sense to set up an access scope narrowing your sales team's ability to send campaigns to profiles with prospect and applicant lifecycle states.

Campaign-level access scopes are, in essence, a safeguard against written communication via Full Fabric, so you should implement them whenever you spot the need to prevent a staff member or team from sending campaigns to certain people.

How can I set up an individual access scope?

To create an individual access scope, please refer to the following instructions:

1) Open a staff profile

2) Navigate to the tab Advanced

3) Switch to the tab Access scope

4) Lastly, answer the question Apply access scope everywhere or only to campaigns? by ticking Only to campaigns or Apply everywhere (the default setting)

For guidance on how to build an access scope segment, please read this article.

How can I set up a team-wide access scope?

If an access scope is supposed to be shared between every staff member of a team, instead of creating multiple individual access scopes, which is laborious, you can simply create one access scope for the whole team. To do so:

1) Tap the gear on the upper right-hand corner and select User management

2) Navigate to the tab Teams

3) Press the gear next to a team of your choosing

4) Switch to the tab Access scope

5) Lastly, answer the question Apply access scope everywhere or only to campaigns? by ticking Only to campaigns or Apply everywhere (the default setting)

As noted above, if you wish to obtain guidance on how to build an access scope segment, you should read this article.

*

You have reached the end of this article. Thanks for reading! πŸ€“ If you have any questions or comments on the topic at hand, or if you enjoy reads like this and have article requests, let us know. Also, please leave a rating below. Your feedback is highly appreciated! πŸ’–


PUBLISHED: September 5, 2022
​LAST UPDATED: March 4, 2023 at 7:00 a.m.

Did this answer your question?