Security policies

A security policy is a set of rules that govern objects that are associated with the policy, such as plans, programs, and projects. These rules indicate which types of users can view, modify, delete or perform any of the other relevant functions for these objects.

To express these security privileges, security policies contain the following components.

  • User roles to identify the types of users
  • Function grants or blocks to identify what each type of user can or cannot do

Your organization might use multiple security policies. One example security policy, Global, is provided with HCL® Marketing Operations.

The global policy is a special policy that is always considered in controlling all objects in the system, rather than all users. Companies with simple security models can customize the global policy to express their rules.

Companies that require different, discrete groups can use custom security policies to do so. Then, these companies can use the global policy only for system-wide administrative or executive access rules.

Note: The term global does not indicate that every user has full access to everything. Instead, the security policy is globally associated with every user by default.

The HCL Marketing Operations Administrator's Guide discusses the details of security policies in more depth.