Using the Context Based Security, you can secure each BusinessEntity. So that only those users you want to access or modify the data are allowed to do just that. But there can be a universal master check, that should be applied to the whole Portal. For example, if the user is blocked in the Exact Online back-office, the user should also be blocked for accessing the Portal. Or if a Contactperson in the CRM System is deactivated, his/her access to the Portal should be revoked too. As said, you could do this on the BusinessEntity level. But now we have made this a lot easier.
Introducing the Master Security Check
As of this release you can set a Master Security Check Using a Basement Call you can test if the User's context matches with your criteria. If not, the User cannot enter the Portal. By default, the User will be redirected to the login page to try again with different credentials. Or, you can set your own redirect page. For example, a page where the User can request Portal access again.
The Master Security Check can be set for both the Internal and External Users, using the Portal Editor. From the Tool Selector, pick the Master Security:
In the Master Security you specify a Basement Call (if necessary including Domain and Identifier) and optionally the URL to which the User will be redirected if Portal Access is not allowed.
Test in an Incognito Session
If you set Master Security for the Internal User and you want to check if everything is correct, please do so in a Incognito Session or a different Browser all together. Reason for this is that the Master Security Check is not applied if you are already logged on as a Partner.
Reason for this is simple. If we would shut you out completely, you would not be able to correct these Settings anymore.
Block the User
You could of course block the User in System, User Management. But if you would forget to do so, the User would keep access rights, though access to data could be restricted. The Master Security Check is to prevent this from happening. Do note that even though the User can no longer access the Portal, the User is still active and charges may apply.