This major release offers client administrators a new back office with a full range of powerful and flexible tools for creating users and assigning permissions across all their entities. It revolves around a new concept: roles.
Table of contents
- Roles vs. Profiles
- A cross-entity back office
- Search engine improvements
- Delete a DSR
- Coming very soon!
Roles vs. Profiles
In previous versions of the Data Legal Drive GDPR software, permissions were assigned through 6 different profiles. If a client with several entities modified the permissions of a profile in one entity, it did not impact that profile in the other entities. Likewise, if they adjusted the permissions of an individual user in one entity, it did not affect that user’s permissions in the client’s other entities.
Now, permissions are assigned through roles. The main differences between roles and profiles are:
-
Roles introduce a cross-entity approach for handling permissions. If you are a client with several entities, and if you change a role’s permissions in one entity, the permissions of that role are automatically updated in all your other entities. This means that a given role is always the same, for every user in every entity.
-
If you want a role to be different in a given entity or for a given user, you simply create a new role with a different name. This is possible because there is no limit to the number of roles you can have.
-
Roles are used to control which users have access to which entities. The principle is simple: if you give a user a role in an entity, they have access to that entity. If they don’t have a role in an entity, they don’t have access to it.
A user must have at least 1 role in at least 1 entity, otherwise when they log in the page will be blank.
With the new role system, it is no longer necessary to override default permissions for individual users using the User Access > Permissions tab. You can simply create a new role for the user. The option continues to be available but we strongly recommend using the new back office, which provides a simpler, more flexible and more transparent way to handle individual permission changes.
A cross-entity back office
All the new back office features are described in a single “how to” guide. See Setting up users and roles.
The new back office empowers client administrators to:
-
create their own users;
-
determine which entities each user has access to;
without requiring the assistance of a Customer Success Manager.
It provides a global view of all a client’s entities, users and roles.
The back office is where client administrators will:
-
Create Users
The Directory > User access page is no longer used to create users and has therefore been slightly modified.
-
Create Roles and change their permissions.
-
View, assign and remove roles to/from users in each entity, and change a role’s permissions, on the Role assignment page.
And coming very soon!
The Bulk edit drawer on the Role assignment page will allow you to assign or remove multiple roles to/from multiple users in multiple entities. For example, you will be able to assign 3 roles to 10 users in 5 entities in a single operation. The same applies to removing roles.
All the new back office features are described in a single “how to” guide. See Setting up users and roles.
Migrating profiles to roles
What happens to my existing profiles?
They are automatically transformed into roles.
Each user that had a profile will now have a role with the same permissions as the profile. If the default permissions of the profile were changed, these changes will be found in the role as well.
Will they be renamed?
-
Profiles that were not modified will keep the same name as the original. Example: the “Administrator” profile will become a role called “Administrator.
-
If the default permissions of a profile were changed, the entity will be added to the name. Example: the “Administrator” profile that was modified in entity A will become a role called “Administrator - Entity A”.
What about permission changes to individual users?
Any permission changes that were made to individual users via the User access page will be kept on the same page (they are not added to their roles).
In the event that you are missing rights following the migration, please contact technical support.
New permissions
With the profile system, certain profiles had certain rights that were “hard-coded” into the profile. For example, the Administrator, Entity contact and Substitute entity contact profiles could generally view ALL processing activities. There were no permissions for controlling these rights. The other three profiles – Division head, Person in charge of implementing processing, User – always had to be assigned to divisions to view them.
The new role system is designed to give you greater control over each user’s rights. No rights are hard-coded into a role. Each right is explicitly granted through a permission. As a result, we had to create a few new permissions.
Also, a few permissions that have become obsolete with the new back office have been removed.
The following table describes the new permissions.
New permission |
Section on Permissions page |
Description |
Manage project form |
Management |
Allows you to:
|
Update action information |
Required to edit an action form. |
|
Delete an action |
Required to delete actions, including those added by the user. Also required to remove actions from processing activities. |
|
View all processing in all divisions |
Processings and record |
Without this permission, users will only be able to view processing activities in the divisions they are assigned to. |
Delete documents |
Document database |
Required to delete documents, including those added by the user. Also required to remove documents from processing activities. |
Manage requests |
Requests from data subjects |
Required to edit or delete a data subject request. |
Manage permissions |
User settings |
This is just a name and location change. It was formerly called “Access to permissions page” and was located in the “Directory” section. |
FAQ
I’m a reseller. Will I now be using the new back office to create users and grant permissions?
No, resellers will continue to use their own backend as before.https://knowledge-base.datalegaldrive.com/fr/knowledge/kb-tickets/new
My organization has just one entity. Should I use the back office?
Yes. The features are the same as for multi-entity organizations, except that you will just see your single entity.
We haven’t named a client administrator yet. What should we do in the meantime?
Please contact your DLD Customer Success Manager.
Search engine improvements
-
Partial matches are included in search results. The match can be anywhere in the word. Three characters minimum are required.
-
Save/share searches the same way you save/share filters on the processing page. Enter the search word(s), select one or more entities (if applicable), and bookmark and share the URL! To find out more, see Processing search engine .
And coming very soon!
The search engine will look for search entries in:
-
third parties: name, internal reference
-
software: name, internal reference, publisher
Completing these items in their respective repositories will facilitate processing searches.
Delete a DSR
You will soon be able to delete Data Subject Requests in any status, including archived requests.
The new permission Manage requests will be required. And of course, a confirmation dialog box will avoid unwanted deletions.
Coming very soon!
Expanded rights for processing drafters
To provide greater flexibility across the processing workflow, the rights of drafters will be expanded:
-
Currently: Drafters cannot edit processing activities once they are pending a review. Only validators can.
-
Soon: Drafters will have access to the Review button, allowing them to request processing reviews. They will also be able to perform the review (i.e. edit the processing activity), and submit the review for validation. The rights of validators will remain unchanged.