Veeva Network Security Permission

Most customers would grant users object level access to a single country. However, for customers who have global implementation, a users that is responsible for data in more than one country such as the UK, Ireland and France may have data access to multiple countries. The data access can be controlled via the Data Visibility profile.

In Veeva Network, a user’s access permission depends on:

  • Data Access
  • Feature Access
  • Data Access

Each user will have at least one Data Visibility Profile (DVP) assigned to them. But only one DVP per country. DVP controls user’s data access to records in specific countries and record types. Within DVP, the administrator can define objects visibility and specific profile layout to show or hide fields for users assigned with this DVP. Some country specific feature permission is also configure within the DVP such as ability to download reports, perform ad-hoc match and search against OpenData. More information about Data Visibility Profile

Further record conditional access can be defined with Dynamic Access Rules. Where users will only be able to access records if it meets the defined rules. For example, the administrator created a Dynamic Access rule for Restricted Access Employee record and defined a rule to control access to Employee objects where field, external_employee__c is TRUE. Only users that were granted access to the Restricted Access Employee rules will be able to access such records. These records will not be visible otherwise. More information on how to configure Dynamic Access Rules.

In some cases, customers may want to allow access to most records but restrict access to personal or sensitive information stored in specific fields for an object. The administrator can define Field Restrictions in Veeva Network. When a field is set as restricted, the field will be hidden to all users. The administrator can then grant access to a specific user or user group to the field to either read-only or full access. For example, an administrator can set employee_disciplinary_date__c field as restricted field and grant edit permission to Manager group and view permission to HR group users. User that are not part of this group will not be able to see the employee_disciplinary_date__c field in Employee profile. More information on how to configure Field Restriction.

Most Network Customers have defined custom fields and objects. Any change requests on these custom fields and objects will be routed to local data stewards. The administrator can define task routing based on record type and primary country. Most customer’s Data Steward are responsible to process data change requests and suspect match tasks for the data in their country. Sometimes, data stewards may have access to process tasks from more than one country. In this case, the administrator will add the additional Inbox Task Groups for the steward. More information on Inbox Task Groups.

Feature Control

Some features within Veeva Network are permission controlled. Either by user’s roles or users’ access defined by the administrator. For more information on user role permission feature, refer to User Roles.

Administrator often need to grant access permission to feature that are not user role permission. For example, search against OpenData and etc. The administrator can configure such permission on the user page.