Tip-Tuesday

Understanding the Vista Security Hierarchy

Security Lock
Karen Miller - Senior Consultant

By Karen Miller - Senior Consultant

2 min read
Understanding the hierarchy of Viewpoint Vista Security can be a little challenging at times. Partly because there are many different ways to manage the securtity of programs, reports, attachments, queries, and data within Vista. It can make it easy to inadvertantly give a user more access than intended.

Mistakes that can be made when setting up security access include: 
  • Selecting "Global" or "Across All Companies" in the Companies box will give the User or Group access to ALL companies within the database unless you use Company Data Security to assign company access to each employee. Form Security Screenshot highlighting Global selections
  • Selecting "All" in the Modules box can inadvertantly give the selected User or Group access to ALL modules.
  • Selecting "All" in the Groups or User box can inadvertantly give ALL of the Groups or Employees rights to the selected Companies and Modules.Form Security Screenshot highlighting Module and Group-Employee selections
Be careful and alert when making these selections.

Assigning users to multiple security groups that contain the same forms, reports, or attachments can cause conflicts.
Security Heirarchy Pyramid, Security Group-Global Level at the bottom, Security Group-Company Level above that, User-Global Level above that, and User Company Level at the topThe least restricted setting is a security group with global level security, the next restrictive is a security group with company level security, then a user with global level security, and finally the most restrictive is a user with company level security. If you assign multiple groups, the most restrictive will override the least restrictive. However, when there are two conflicting groups at the same level, it will defer to the lease restricted group.

The easiest way to deny a user access is to not assign them to a group with access. Access of "3-None" only means that it will look to the next level to determine access. If every level has "3-None" then they do not have access, but if just one assigned group has "0-Full" access, then the user has access.

While it is not the preferred strategy, there is the option to deny the user at their user level. To do this, select "User" for the "Select By" parameter, select the user from the list, click the "Grouping" box, and then "Refresh Grid". From there you can select "2-Denied" in the "Access" column for any form, report, attachment or inquiry. 
Form Security ScreenshotThere are several reports in Viewpoint Administration > Reports that will help you to review user and group access. This is be most effective way to audit your users' access.

If you would like assistance with Vista Security Access setup and/or review, please use our "Email Support" option or click on the "Book A Call" button and schedule an appointment with one of our consultants.
Binding Together - construction + technology
Stay Up To Date With Our Monthly Newsletter

Get Started

Take your construction company to the next level. Schedule your initial free consultation and analysis.