Business Roles – Field & Action Restrictions
You have a scenario where you want to restrict the access of an Employee/Business User to some Fields & Actions.
Scenario: A new employee John Kerry has joined your organization; as an administrator your task is to create the employee ID for him and assign the required authorization. The Sales Manager has requested you to disable Set as Lost action for John Kerry in the Opportunities and set the read-only access for the Probability field on opportunity header.
To achieve the requirement, you need to:
- Create a New Employee ID.
- Create a Business Role.
- Enable the Fields & Action Restriction in the Business Role.
- Assign the Business Role to the Business User generated for the new employee.
Step 1: Create a New Employee ID for John Kerry:
- Login to the Silverlight UI.
- Go to the Administrator work center.
- Go to the General Settings view.
- Click on Employees under Users section.
- Click New button -> Select Employee.
- Add mandatory details.
- Save the Employee -> So John Kerry has been hired as an employee.
- Go to the Application and User Management work center.
- Go to the Business Users view.
- Search for the Employee John Kerry.
- You will find that a Business User is already assigned to the John Kerry.
Step 2: Create a Business Role:
- Login to the Silverlight UI.
- Go to the Application and User Management work center.
- Go to the User and Access Management view.
- Go to the Business Roles sub view.
- Click on New button and select Business Role.
- Add Business Role ID, Name & Description in the General tab.
- Go to the Work Canter & View Assignments tab to assign the required work centers & views.
- Go to the Access Restrictions tab to define the required authorizations.
- Select Actions and click on Activate.
- Save the changes.
Step 3: Enable Fields & Action Restriction in a Business Role:
- Login to the Silverlight UI.
- Go to the Application and User Management work center.
- Go to the User and Access Management view.
- Go to the Business Roles sub view.
- Search and open the Business Role.
- Go to the Fields & Actions tab.
- Use Business Field Restrictions, Extension Field Restrictions & Business Action Restrictions sections to add field & action restrictions.
- You can Restrict the Fields & Actions for the Business Role.
- Mark Probability field of Opportunity as Hidden and mark the action Set as Lost as Disabled.
- Save the changes.
Step 4: Assign the Business Role to the Business User:
- Login to the Silverlight UI.
- Go to the Application and User Management work center.
- Go to the User and Access Management view.
- Go to the Business Users sub view.
- Edit the Access Rights of the Business User.
- Go to the Business Role Assignment tab.
- Select Business Role and select the checkbox Assigned to User.
- Save your changes.
Step 5: Check if the above changes have been applied to the Opportunities for user John Kerry:
- Login to the HTML UI with the John Kerry user.
- Go to the Sales work center.
- Go to the Opportunities facet.
- Create a new opportunity.
- Here you can see that the Probability field is hidden for the user.
- Add other mandatory details in the opportunity.
- Select Save and Open.
- Select the Actions button – the option Set as Lost is grayed out for the user.
Hello Suman,
It is nicely explained for defining new business roles and restriction.
I am looking for providing access restriction/authorization of one document type (for example ticket type T1) to one business role BR1 and other ticket type T2 to other business role BR2. So then the user assigned to business role BR1 can only maintain the ticket type T1 and other user assigned to business role BR2 can only maintain the ticket type T2.
I tried but did not find any option to get this done. Do you have any idea to achieve this?
Regards,
Harshad Patel
Hi Harshad,
If Ticket type is a Drop Down field, then you can use "Code List Restrictions" to restrict the values.
You may check below blog related to CLR:
How to Use Code List Restrictions to Control Dropdown Field Values
Regards,
Suman
Very useful information, thanks Suman.
Hello Suman,
We are working on PCM PORTAL for partner user and we are facing issue on access/authorization. We want lead to be forwarded to partner by brand owner and partner can also create the lead themself.
Currently all lead created in C4C are visible to all partner user. We want lead assigned to specific partner can only be visible to that partner only. i.e. one partner can not see leads of other partners.
I checked the access context for lead "1015" but unable to set that way. i.e. either through 'partner' role from party-involved tab or through "Sales unit" of partner (partner org. unit defined as 'sales unit' in brand owner org. structure and all partner contact user assigned to that sales unit as employee).
Can you please suggest to control access to partner for lead?
I understand the option like ACE in on-prem CRM is not provided in C4C but looking for same kind of way/option in C4C for partner access.
Thanks,
Harshad Patel
Hi Harshad,
I do not know how to achieve this.
I would suggest you to raise this question in a separate thread.
Also check below blog:
Access Control Management: Access restrictions explained - Access Context
Regards,
Suman