Field Security Level
Each field is associated to a security level to restrict access or viewing of a field.
When configuring fields, system administrators define how sensitive each field is by assigning the General, Restricted or Confidential security level..
| Security Level | Description |
|---|---|
| General | No security, fields can be viewed and edited. It is the most basic security level; most fields have this level by default. |
| Restricted | Medium security, most users can view the fields, but only designated users can edit them. It is used to restrict specific users from either viewing or editing the information. |
| Confidential | Top secret security, only designated users can view and edit the fields. This is a confidentiality level beyond the Restricted security level that can be used to restrict users from viewing and/or editing the information, especially sensitive information. Two fields are marked as Confidential by default: Social Security Number and Date of Birth. |
Some requisition fields are always visible regardless of their security level. This allows control over who can edit fields, but does not prevent visibility, important in most cases.
Requisition ID
Title
Primary Location
Organization
Job Field
Recruiter
Hiring Manager
The security level of a field is also associated to security level permissions granted for requisitions, candidates and offers, in view mode and in edit mode. Security level permissions define if users have a general, restricted or confidential access to fields displayed in the system. Note that for the above listed fields, the security level in view mode can be configured, but will not apply. Only the security level in edit mode will be applied.
| User Type Permission | Location |
|---|---|
| Security level for requisitions (in view mode) | Configuration > [SmartOrg] Administration> User Types > Recruiting > Requisitions > General |
| Security level for requisitions (in edit mode) | Configuration > [SmartOrg] Administration> User Types > Recruiting > Requisitions > General |
| Security level for internal candidates (in view mode) | Configuration > [SmartOrg] Administration> User Types > Recruiting > Candidates > General |
| Security level for external candidates (in view mode) | Configuration > [SmartOrg] Administration> User Types > Recruiting > Candidates > General |
| Security level for internal candidates (in edit mode) | Configuration > [SmartOrg] Administration> User Types > Recruiting > Candidates > General |
| Security level for external candidates (in edit mode) | Configuration > [SmartOrg] Administration> User Types > Recruiting > Candidates > General |
| Security level for offers (in view mode) | Configuration > [SmartOrg] Administration> User Types > Recruiting > Offers > General |
| Security level for offers (in edit mode) | Configuration > [SmartOrg] Administration> User Types > Recruiting > Offers > General |
When defining a user type, system administrators need to decide which security level will be granted for these specific permissions. Each user type has one of the above security levels associated to it to define if the user type has a general, restricted or confidential access to information.
The security level of a field can be modified at any time, thus impacting the user types associated to that security level.
At a high level, the user type permissions work as follows:
Users having the "general" permission access will only see/edit fields set at the "general" security level.
Users having the "restricted" permission access will see/edit fields set at the "general" and "restricted" security levels.
Users having the "confidential" permission access will see/edit fields set at all security levels, that is "general", "restricted", and "confidential".
For example, a hiring manager might have a view and edit access to general requisition fields, a view only access to restricted requisition fields and no access at all to confidential requisition fields, while having a view only access to general offer fields.
More specifically the behaviors of these permissions are:
Restricted/Confidential fields in View mode in the file:
If a field is at a higher security level than the user has access to view, the field will not be displayed to the user.
Restricted/Confidential fields in Edit mode in the file:
If a field is at a higher security level than the user has access to edit, but the field security level gives them access to view it, then the field will be in read only mode in the edit. If a field is at a higher security level than the user has access to edit or view, then the field will not be displayed to the user.
Restricted/Confidential fields on the list:
If a field is at a higher security level than the user has access to view for both external AND internal candidates, the user will see what he is allowed to see and an empty field will be displayed for the information the user cannot see. If a field is at a higher security level than the user has access to view for either external OR internal, but not both, then the column will be displayed and the field will be empty for those candidates that the user is restricted from seeing the content, whether the field has data or not. As well, grouping by this field on the list will not be possible in this scenario.
Restricted/Confidential fields in the advanced/quick filters of a list:
If a field is at a higher security level than the user has access to view for both external AND internal candidates, then the column will not be available in the advanced or quick filters. If a field is at a higher security level than the user has access to view for either external OR internal, but not both, then the column will be available in the advanced or quick filters. If the user filters using this field, then the system will filter as specified for the candidate type that they can view, but will not filter the candidate type that they are restricted from seeing the content and therefore will return all candidates for that type.
Restricted/Confidential fields in the search (Quick/Advanced/Duplicate Check):
If a field is at a higher security level than the user has access to view for both external AND internal candidates, then the field will not be available in the search.
If a field is at a higher security level than the user has access to view for either external OR internal, but not both, then the field will be available in the search. If the user searches using this field, then the system will search as specified for the candidate type that they can see, but will not search the candidate type that they are restricted from seeing the content.
Restricted/Confidential fields in message templates (correspondence):
If a field is at a higher security level than the user has access to view, then the user will not be able to send a message template that contains the restricted or confidential token.