Configuring Ideas Security Permissions

Administrators must first configure security role permissions for users to access, post, vote, comment, and manage ideas within the Ideas module. Idea create permissions are required to post ideas, comment, and report ideas. Idea edit permissions give users the opportunity to make changes to their ideas within the editing time limit. The Ideas module leverages Magentrix's comprehensive security framework to provide granular access control across different user types and organizational levels.

The Ideas module must have been set up previously. For more information, see Setting Up Modules.

Requirements

To configure security role permissions for ideas, users must be assigned a role with the following permissions:

• Administrator System Role

Understanding Ideas Security Structure

Core Entity Permissions Required

The Ideas module relies on two primary entities that require permission configuration:

Idea Entity: Controls access to idea posts including creation, viewing, editing, and deletion capabilities. Users need appropriate Idea entity permissions to participate in the Ideas module.

Idea Category Entity: Controls access to category management including creating new categories, editing existing categories, and organizing ideas by topic areas.

Permission Levels by User Type

The Ideas module supports different permission strategies based on Security Role types:

Employee Security Roles: Can utilize hierarchical permissions including Private, Team, User and Direct Subordinates, and All Employees levels for internal collaboration and oversight.

Partner & Customer Security Roles: Permissions are automatically filtered by Account/Contact associations, ensuring users only access ideas appropriate to their organizational relationships.

Guest Security Roles: Typically limited to read-only access for public idea viewing, with careful consideration of security implications for any granted permissions.

Configuring Ideas Security Permissions

Accessing Permission Configuration

1. In the Setup Home page, click Security > Security Roles.
2. Click the security role you want to configure and then click Edit.
3. Navigate to the All Entities tab to configure entity permissions.

Configuring Idea Entity Permissions

For the Idea entity, specify the Create, Read, Edit, and Delete permissions using the following options:

Permission Options for Ideas:

• None: Users have no access to ideas
• Private: Users can only access ideas they personally created or own
• All: Users can access all ideas (available for roles not connected to Account/Contact filtering)
• Team (Employee roles only): Access to ideas created by team members and managers
• User and Direct Subordinates (Employee roles only): Personal ideas plus ideas from direct reports
• All Employees (Employee roles only): Access to all ideas from internal users

Configuring Idea Category Entity Permissions

For the Idea Category entity, configure permissions to control category management:

• Create: Allows users to create new idea categories
• Read: Enables users to view and select from existing categories
• Edit: Permits modification of existing category names and properties
• Delete: Allows removal of categories (use with caution)

Additional Module Requirements

Beyond entity permissions, ensure the following module access requirements are configured:

Tab Settings: Set Ideas tab to On for roles that should access the Ideas module.

App Settings: Ensure the App containing the Ideas Tab is set to Visible for appropriate user roles.

Permission Strategy by Role Type

Employee Security Roles

Recommended Configuration for Standard Employees:

• Idea: Create, Read, Edit (Private or Team level)
• Idea Category: Read (to select categories when posting)
• Ideas Tab: On
• App Visibility: Enabled

Recommended Configuration for Managers:

• Idea: Create, Read, Edit (Team or User and Direct Subordinates)
• Idea Category: Create, Read, Edit (for category management)
• Ideas Tab: On
• App Visibility: Enabled

Recommended Configuration for Administrators:

• Idea: Create, Read, Edit, Delete (All Employees)
• Idea Category: Create, Read, Edit, Delete (All)
• Ideas Tab: On
• App Visibility: Enabled

Partner & Customer Security Roles

Recommended Configuration for Partners:

• Idea: Create, Read, Edit (All - filtered by Account associations)
• Idea Category: Read (to select from available categories)
• Ideas Tab: On
• App Visibility: Enabled

Recommended Configuration for Customers:

• Idea: Create, Read (All - filtered by Account associations)
• Idea Category: Read (to view and select categories)
• Ideas Tab: On
• App Visibility: Enabled

Guest Security Roles

Recommended Configuration for Public Access:

• Idea: Read (All - for public idea viewing only)
• Idea Category: Read (to view category organization)
• Ideas Tab: On
• App Visibility: Enabled

Advanced Permission Considerations

Edit Time Limits and Permissions

Users with Idea Edit permissions can modify their submissions only within the configured editing time limit. After this period expires, only users with administrative privileges can edit idea posts. This prevents unauthorized modifications while allowing reasonable editing windows for authors.

Review Status Management

The ability to change idea review statuses (Not Reviewed, Under Consideration, Not Planned, Planned for Delivery, Delivered) requires:

• Administrator System Role permissions, OR
• Specific role-based permissions configured for review status management

Abuse Report Processing

Processing abuse reports requires Administrator System Role permissions to:

• View reported content and abuse descriptions
• Mark reports as resolved or archived
• Take appropriate moderation actions

Field Security Integration

Ideas module respects Field Security configurations set at the entity level. Administrators can hide sensitive fields from specific user roles while maintaining access to idea records. This provides additional granular control over what information users can view and modify.

Testing and Validation

Permission Testing Process

1. Create Test Users: Set up user accounts with each configured Security Role
2. Validate Entity Access: Confirm appropriate read/write access to ideas and categories
3. Test Module Access: Verify Ideas tab visibility and functionality
4. Hierarchy Testing: For Employee roles, test hierarchical permission boundaries
5. Account Filtering: For Partner/Customer roles, verify Account-based access restrictions

Common Permission Issues

Over-Permissioning: Start with minimal permissions and expand based on business requirements rather than granting broad access initially.

Module Dependencies: Ideas functionality requires both entity permissions and tab/app visibility settings to work properly.

Account Boundaries: Verify that Partner/Customer roles respect Account/Contact associations and don't provide cross-account access.

Edit Time Limits: Test that edit permissions work correctly within configured time windows and are properly restricted afterward.

Best Practices

Security Design Principles

Principle of Least Privilege: Grant minimum necessary permissions for users to accomplish their required tasks within the Ideas module.

Role Clarity: Ensure each Security Role has clearly defined purposes and user groups to prevent permission confusion.

Regular Audits: Periodically review Ideas permissions to ensure continued alignment with organizational security policies and business requirements.

Implementation Strategy

Phased Rollout: Start with core user groups and essential permissions before expanding to broader organizational access.

User Training: Educate users about their permissions and capabilities within the Ideas module to maximize effectiveness.

Documentation: Maintain clear records of permission decisions and rationale for future reference and auditing purposes.

Jump to Ideas Checklist

<< Ideas Checklist | Managing Idea Categories >>