Data-based security for the community model

Limits access to users, groups, producer organizations, and producer codes.

PolicyCenter also has data-based security for the community model that limits the current user’s access to users, groups, producer organizations, and producer codes. Most internal users have limits on their access to users, groups, organizations, and producer codes. These limits are defined by the security zones associated with the user. The security zone is a field defined for each group and organization. The security zones for a user are the security zones for all the groups that the user is assigned to. The security zone for a producer code is the security zone for the organization that the producer code belongs to. The following illustration shows this data-based security.

For example, user Bob belongs to the All Insurance Insurer organization. Internal user Bob belongs to two groups that are in the Eastern and Western security zone, respectively. The Able Agency organization is in the Western security zone. The users in this agency organization are external users. Because Miles is an external user, he can access the users and producer codes in the Able Agency organization. Miles cannot access the Las Vegas Branch, even though it is in the Western Security zone. Because Bob and Able Agency are in the Western security zone, Bob can find the Able Agency organization, the user Carol, and the Agency producer code in a search. On the other hand, because Dave is in the Eastern security zone, he cannot access the Able Agency organization, its producer code, or users.

These restrictions by security zone apply when an internal user is searching for either internal or external groups, users, producer codes, or organizations.

An internal user who has been granted the View All Users permission can access any user, group, producer code, or organization, regardless of security zone.

Access for external users is further restricted. An external user can only see their own organization and the users, groups and producer codes that belong to their own organization. The security zone field for a group or organization is also read-only for external users. Consequently, a delegated administrator for an external organization is not able to view or modify anything related to other organizations. The delegated administrator is also unable to change the visibility of their own organization.

In the illustration above, the users in the Able Agency are external users. They cannot see into the All Insurance Insurer organization.

The access restrictions described above apply to searches and the ability to view the details of a user, group, organization, or producer code. However, just because a user can find and view a producer code does not mean that they can use the producer code for action. That is, the user may not be able to select the producer code when creating a new account. Assume that producer code security is turned on for a user. The user can only select producer codes for action if the producer code is associated with the user or with one of the groups the user belongs to. If producer code security is turned off for a user, that user can select any producer code that they can find through search.