Source: https://vaultcrmhelp.veeva.com/doc/Content/CRM_topics/Align/UserMgmt/SecurityPolicy.htm

## Managing User Security Policies in Align

Security policies control various session and security settings for Vault CRM users, including Customer SSO policies, password expiration durations, and more. While Vault CRM provides standard security policies used by default, custom security policies can be created in Vault CRM, imported into Align, and assigned to the appropriate functional profiles or individual roster members..

**Who can use this feature?**

* Align Operational Users – Browser
* [Managing Security Profiles](#Managing)
* Users require an Align License

### Configuring Managing User Security Policies in Align for

[![Closed](../../../../Skins/Default/Stylesheets/Images/transparent.gif)Align Operational Users](#)

To configure this feature:

1. Ensure the following features are configured:

   * [Managing Users in Align](UserMgmt.htm)
   * [Using Functional Profiles](FunctProfiles.htm)
2. Navigate to **Admin > Users & Groups > Permission Sets**.
3. Select the appropriate Permission Set.
4. Select **Objects**.
5. Grant the following permissions:

   | Object | Object Permission | Object Types | Fields | Field Permission |
   | --- | --- | --- | --- | --- |
   | aln\_functional\_profile\_\_v | CRED | All | crm\_security\_policy\_\_v | Edit |
   | aln\_roster\_member\_\_v | CRED | All | * crm\_security\_policy\_override\_\_v * crm\_imported\_security\_policy\_\_v | Edit |
6. Navigate to **Admin > Configuration > Objects > aln\_functional\_profile\_\_v > Layouts**.
7. Place the **crm\_security\_policy\_\_v** field on the appropriate layouts.
8. Navigate to **Admin > Configuration > Objects > aln\_roster\_member\_\_v > Layouts**.
9. Place the following fields on the appropriate layouts:

   * crm\_security\_policy\_override\_\_v
   * crm\_imported\_security\_policy\_\_v
10. Ensure the **crm\_security\_policy\_override\_\_v** field has an active [outbound field mapping](../Configuration/AlignCRMIntegration.htm#Viewing,) in the integration with Vault CRM.

### Managing Security Profiles as

[![Closed](../../../../Skins/Default/Stylesheets/Images/transparent.gif)Align Operational Users](#)

When the next [import](../Configuration/AlignCRMIntegration.htm#Importin) occurs, active security\_policy\_\_sys records import as crm\_security\_policy\_\_v records with the following properties:

* name\_\_v = The value of the name\_\_v field from the corresponding security\_policy\_\_sys record
* status\_\_v = active\_\_v
* crm\_security\_policy\_status\_\_v = active\_\_v
* vault\_crm\_record\_id\_\_v = The value of the id field from the corresponding security\_policy\_\_sys record

#### Assigning Security Policies to Functional Profiles

Once security\_policy\_\_sys records have imported as crm\_security\_policy\_\_v records, Align operational users can assign a security policy to multiple users at once using [functional profiles](FunctProfiles.htm):

1. Edit the appropriate **aln\_functional\_profile\_\_v** record.
2. Use the **CRM Security Policy** field to search for and select the appropriate crm\_security\_policy\_\_v record.
3. Select **Save**.

If a security policy associated with one or more functional profiles is deleted, the corresponding crm\_security\_policy\_\_v record is not deleted during the next import. Instead, an error displays in the import log informing admins that the crm\_security\_policy\_\_v record must first be disassociated from all functional profiles.

#### Manually Overriding a Roster Member's Security Policy

By default, individual roster members' associated security policy is inherited from their associated functional profile. However, Align operational users can override this functionality with a specific security policy per aln\_roster\_member\_\_v record.

Roster members must be designated as [Align-mastered](UserMgmt.htm#Designat) in order to manually override their security policy.

To override a roster member's security policy:

1. Edit the appropriate **aln\_roster\_member\_\_v** record.
2. Use the **crm\_security\_policy\_override\_\_v** field to search for and select the appropriate security policy.
3. Select **Save**.

### Related Topics

[Using Functional Profiles](FunctProfiles.htm)

[Managing Users in Align](UserMgmt.htm)

[Managing Layout Profiles in Align](LayoutProfiles.htm)
