User and access management overview
In Creatio, user's access permissions are determined by multiple factors:
- User type. You need to create and license a user account for each Creatio user. Each user record must be linked to a specific contact.
- Personal license type grants user access to Creatio platform and functionality.
- Access to business data grants permission to perform CRUD (creating, reading, updating and deleting) operations with data.
- Access to functionality can be granted via system operations. System operations let you manage access to a broad list of Creatio functionality, including user registration, workplace setup, lookup management, system configuration, etc.
Access permissions are set up by your company's system administrator and can be changed whenever you need. User type and license restrictions are set up by Creatio company and cannot be changed. The resulting set of user permissions is the combination of all mentioned settings.
User type restrictions
Creatio has two types of users: external user and company employee. Company employee type has only one restriction. You cannot issue this user an external license. External user type has the following restrictions:
- Cannot be a part of the "All employees" organizational role.
- User's email address cannot use your company domain.
- Chats, email synchronization, and phone integration are not available.
- App creation and customization are not available.
- Cannot be imported from LDAP.
Since Creatio version 8.0.10 set access permissions for external users in the Object permissions section. You do not need to use the "List of objects available for external users" and "List of schema fields for external access" lookups.
Objects must have operation permissions set up to be available for external users. Creatio warns you if you have not set up permissions to dropdown fields of an object on a page available for external users or the permissions you have set up are not secure.
Instructions for Creatio versions 8.0.9 and earlier you can find in the Manage Portal Creatio in the main application article.
Restrictions of personal license types
Creatio version 8.0.9 and earlier support only one type of personal license. Creatio version 8.0.10 and later support the following personal license types that have different restrictions:
- external user license,
- limited internal user license,
- mobile-only user license,
- full user license.
Learn more: Creatio licenses overview.
Access to business data
To grant access to business data, configure access permissions to corresponding Creatio objects. Creatio objects are roughly equivalent to database tables and correspond to sections, details, lookups, etc.
You can manage access to business data on several levels:
- Ability to perform CRUD operations with any data of an object. Learn more: Object operation permissions.
- Ability to view, edit or delete individual records. Learn more: Record permissions.
- Ability to view, edit or delete values of individual object columns. Learn more: Column permissions.
Access to functionality
Permissions to add, view, edit, and delete object data cannot be used to manage access to some Creatio functionality. For example, import and export operations, business process creation, workplace setup, system configuration, etc. Use system operations to manage access to such functionality. System operation permissions (access to Creatio functionality) are different from object operation permissions (access to CRUD operations in objects). A system operation can have one of the two access levels:
- User or role can perform the operation.
- User or role cannot perform the operation.
Learn more: System operation permissions.
Troubleshoot access
License restrictions work together with user type restrictions and access permissions. If a user has problems with access to some Creatio data, check the following:
- user type
- personal license type
- access permissions set up for the object that the user cannot reach
The user cannot open the Requests section.
To troubleshoot the issue:
-
Check the user type.
-
If the user is a company employee, proceed to step 2.
-
If the user is an external user, check whether the Requests section has an external page.
- If the section has an external page, proceed to step 2.
- If the section has no external page, create and configure the page. Instructions: Customize Portal Creatio in Freedom UI.
-
-
Check the user’s license type and organizational role.
-
Check the access permissions set up for the "Requests" object.