Every system user has it's own user account. Terrasoft CRM 3.0 login is carried out after the name and password validation. The user's permission to work in the system is checked too (see. access management unit). The password validity is checked after the successful user's authentication.

There are three data access management types in Terrasoft CRM 3.0:

• Table Groups Access.
• Table Fields Access.
• Table Records Access.

If the access management type is not specified for the created table, data in a table become accessible to all users. 

Users can be grouped. Groups can make the tree structure. Groups and users are the data access management units. They are used for the data access level definition. 

If user is not a system administrator, all database queries are modified for data selection due to the user's access rights . In that case additional conditions and joins are added to query. 

The system administrator has full access to all table groups, table fields and all records in the database. 

There is a possibility to disable the access rights check while formation of any particular database query (ISelect::IsAdministrated, IJoin::IsAdministrated). System administrator is the only one who has the privileges to disable the access rights check for the created select queries.

It is possible to define the default access rights to the records created by some users automatically. The default access allows to specify the list of data access management units, which will get access rights to the records created by some particular system user.