Centerbase has the capability to deny specific users or groups that may have a conflict of interest permissions to specific records, and have those permissions be inherited among related records. This is commonly referred to as an "Ethical Wall".
To enable the Ethical Wall on a system, navigate to System Settings -> System Configuration -> Security, and look in the Ethical Wall section. Check the box for “Enable Ethical Wall”.
Enabling the ethical wall will allow for the setting of deny permissions through the Security Dialog, and will also enable the inheritance of these permissions as per the other Ethical Wall System Settings.
To set up the inheritance of deny permissions, use the “Parent Record Types” and “Child Record Types” settings.
Parent Record Types are those that can pass down their deny permissions to related records, whereas Child Record Types are those that can inherit deny permissions from related objects.
Using the settings shown above as an example, setting the Ethical Wall on a Matter would allow that Matter to pass on those deny permissions to any related Activities, Billing Entries, Calls, Emails, or Notes. Then, those activities that received deny permissions could pass those deny permissions to any related Activities, Billing Entries, etc., and so on.
Note that the inheritance of these deny permissions can occur when setting or changing the Ethical Wall on a Record that is of a Parent Record Type, when linking two existing Records, or when creating a new Record.
Once the Ethical Wall is enabled via System Settings, you can configure the Ethical Wall of a record from within its Security Settings.
First, open the Security Settings dialog for the record.
If the Ethical Wall is enabled, the Security Settings will include two additional tabs labeled “Allow” and “Ethical Wall.” The Allow tab shows and edits permissions, much like the dialog would if the Ethical Wall were disabled.
(See below comparison of dialog when Ethical Wall is not enabled vs when it is)
Upon clicking the “Ethical Wall” tab, the dialog will display all current Users/Groups that possess “deny” permissions for that record. (Note: if the record type is designated as a Child within the Ethical Wall, it will automatically inherit the “deny” permissions of its Parent record type within the Ethical Wall.)
Select a User/Group and hit the “+” symbol, and that User/Group will be populated with full “deny” rights. Checking/Unchecking the boxes will toggle between setting the appropriate permission to “deny”
The effects of the Ethical Wall can then be seen in the “Allow” tab, as a User/Group will have the boxes for permissions denied from them disabled, as allow permissions cannot be added.
Upon hitting “Apply,” these new permissions will be applied. If the record type is designated as an Ethical Wall Parent then the user will receive the following notice about the permissions being inherited by its children:
Note: Changing the security type of a record from “Custom” to ANY of the other security types will disable the Ethical Wall, removing all “deny” permissions from the record.This will additionally clear the Ethical Wall of any designated Child records, removing their “deny” permissions as well. Due to the vast changes that this action can cause, selecting another security type within the Security Settings dialog will a warning based on whether a “deny” permission has already been added to the record that would be cleared, or the record’s type is designated as a Parent record type:
*Clicking “I understand” will reset the “allow” permissions appropriately for the selected security type. Clicking “Cancel” will retain the current permissions and return the security type back to “Custom”