October 26, 2021
How Security Privileges in WO Network can help protect your data
WO Network offers a wide range of security privileges that can be intricate and difficult to navigate, leading some networks to visit these settings once and then forget them. However, regular review is the single best way to ensure your settings are up to date and aligned with your current business requirements regarding security and compliance.
Security privileges allow you to manage what specific users and user groups can and cannot do within the application, helping you to reduce liability and prevent user error by limiting access to your data. Below we’ve highlighted a few of the settings that warrant regular review.
Security Users and Security Groups
It’s important to first understand the difference between Security Users and Security Groups.
Security User profiles are the user details and security permissions for an individual person accessing WO Network.The security permissions set at this level supersede permissions set by Security Groups, either by allowing or prohibiting specific actions. For example, if a Security Group is prohibited from performing a certain action but you want to grant a specific user the ability to perform that task, you can change that setting at the Security User level.
Security Groups are templates of security permissions that can be applied to multiple Security User profiles by making them part of the same group. This is also referred to as Role-Based Security because users that share similar duties and responsibilities will often require similar security access within the application, based on their role.
The benefits of using Security Groups
Security Groups allow you to assign an established list of permissions to users based on their roles, instead of needing to define their access individually. There are many benefits to using Security Groups, including:
- Streamlining the process when a new user is replacing one who is leaving or moving to a new role
- Alleviating auditors’ concerns with user permissions that are uniform by role
- When permissions need to be added or removed for multiple users with the same roles, you can change the Security Group settings once and the change will apply to all profiles included in that group
Best practices for building Security Groups
WO Network includes several default Security Groups that can be customized to fit your unique business needs by adding/removing specific permissions.
You also have the option to create your own Security Groups using the following options:
- Inherits From: Allows you to select an existing security group or groups as a starting point
- Direct Privileges: Allows you to add specific permissions to a group using the Create, Read, Edit, Delete, and Execute options
Security Groups and properties
Security Groups can vary by property within a single database. This can be extremely helpful for networks with multiple properties with diverse business practices and departmental frameworks. In an industry like ours, where mergers and acquisitions are common, a property can maintain its own security permissions without compromising established practices for national TV ad management.
Safeguard against user error and control workflows
WO Network offers security privileges to help control workflows and prevent user error. For example, in Deals there are ways to limit access to certain fields or remove certain tabsfrom view (e.g., Avails).
This helps prevent mistakesfrom being made. For instance:
- Should the Sales Assistant have access to change the priority code?
- Should the Sales Assistant have visibility into the Avails tab?
- Should log finalization and approvals be limited to certain roles?
Limiting application task privileges in your TV ad trafficking systemis another way to safeguard against user error. Application tasks provide an entry point into your system. When considered in that light, you may want to rethink which users have access to certain tasks. For example:
- Does the Sales Assistant need access to view Log Manager?
- Does the Traffic Coordinator need access to view the Selling Name Inventory Report?
For some properties, the answer to these questions may be yes. But for others, it may be no, in which case you can adjust Security User settingsto meet your property’s requirements.
The Security Report
The Security Report provides visibility into the privileges that have been assigned and to whom.
- The User Permissions taballows you to view, by User, who has access to an Application Task, Execute rights to a Function, and C/R/E/D rights to an Object Class
- The Group Permissions taballows you to view, by Group, what rights have been granted to members that have been assigned to that Group
- Security Report data can be exported and saved to provide to auditors, if/when needed
Unique configurations for Account Executives
At some networks, Account Executives (AE) are actively in the database, entering and revising deals/orders and pulling reports. At others, AEs spend a limited amount of time in the database, only occasionally checking their accounts. And at others, AEs are never in the database. Utilizing Security Privileges in WO Network allows you to tailor your settingsspecifically for your network’s AE duties.
Security Groups for Account Executives are treated differently from other groups. Unlike other departments, Sales Managers may not want their AEs to have access to view each other’s orders/rates/revenue.
When setting up an AE security user profile, you would link them to an existing AE profile (entered via the Account Executives task), and assign them to an AE security group, giving the AE access to their own accounts, but not those of other AEs.
AE Entrustments are work-on-behalf-of privileges that you can assign to another user profile within WO Network. This is useful if you know an Account Executive will be out of office for an extended period, such as a vacation, family leave, or sabbatical.
Because of the unique nature of AE security rights, Entrustments are an option for assigning coverage of sales accounts to another AE. You can set an expiration date for the entrustment, coinciding with the original AE’s return to work.
Monitoring user access
When certain functions are performed within WO Network, they are recorded in the System Event Log. This data is used to report on when actions were performed within the system and by whom.
Access to the System Event Log is typically limited to database gatekeepers or superusers.
Events monitored include:
- User log-in/log-out, with date/time stamps and IP address of machine used
- User overrides are logged each time a user is presented with a warning message and enters “override” in order to proceed anyway
Robust elements like Security Groups, Entrustments, and Reports, make WO Network one of the most secure commercial operations platforms available for networks. Frequent review and adjustment of these settings means new users can only access the application areas they need and not those they don’t.
These security privileges and settings can help you greatly reduce the risk of data exposure and user error, providing peace of mind.
For more information on security privilege settings in WO Network, watch a recording of our recent webinar, Widen Your World: Security Privileges in WO Network, or contact us to learn more.