Remove record permissions when changing a contact
You can use business processes to grant or deny access permissions to a Creatio record. Any event can trigger the process automatically on specific conditions.
Set up a business process to strip all Creatio users of their permissions to edit or delete a contact whenever its type is changed to “Employee.” Only members of the “HR. Managers group” organizational role can view, edit or delete the contact.
Business process diagram (Fig. 1) elements:
-
The Signal start event triggers the process when a contact’s type is changed to “Employee” and records the Id of the contact record.
-
The Change access rights element sets permissions to update or ddelete Creatio records. This element can obtain the contact’s id from the Signal element.
To do this:
-
On the process diagram, add the Signal start event and specify its parameter values (Fig. 2).
-
In the Object field, select “Contact.”
-
In the Which event should trigger the signal? field, select “Record modified.”
-
In the Changes expected field, select “In any of the selected fields,” and add the “Type” column.
-
In the The modified record must meet filter conditions field, select “Type = Employee.”
-
-
Add the Change access rights process element on the process diagram and set up its parameters (Fig. 4).
-
In the Which object to apply access rights to? field, select “Contact.”
-
In the Apply access rights to all records that match conditions field, set up a filter (Fig. 3) by the Id column (“Id=Contact type updated.Unique identifier of record”):
noteYou can learn more about passing the unique record identifier (Id) between process elements in the Process parameters article.
-
Click + Add condition to add a new filter condition.
-
In the pop-up window, select “Id” from the drop-down list.
-
Click <?> and select Compare with parameter.
-
In the pop-up window, under Process elements, select the start signal event (on the left).
-
Select the “Unique identifier of record” parameter on the right.
-
-
Click in the Which access rights to remove? field and select “For all users and roles.” Clear the checkbox under to remove permissions to edit or delete the record.
-
Click in the Which access rights to add? field and select “For a user role.”
-
In the “Role” field that appears, click and choose “Lookup value.”
-
Select the “HR, Managers group” organizational role in the opened window.
-
-
After creating the process elements, connect them on the diagram and save the process.
As a result, each time a contact’s type is changed to “Employee,” all Creatio users are stripped of their permissions to edit or delete the contact, and only members of the “HR. Managers group” organizational role obtain full access to the record and can view, modify or delete it.”
Please make sure that access to operations with the object (in this case, “Contact”) is enabled in the Object permissions section in the System Designer. Learn how to set up object operation permissions in the Object operation permissions article.