Creatio Raises $200M at $1.2B valuation to lead the enterprise no-code market

Documentation

Sales Creatio, enterprise edition
PDF
This documentation is valid for Creatio version 7.13.0. We recommend using the newest version of Creatio documentation.

The [Object permissions] section

The [Object permissions] section (Fig. 1) is designed to manage access to the system sections and lookups, including the access to objects, their columns and records.

Record administration in most bpm’online sections is disabled by default, so all users have full rights to administer such section records. Before you start working with bpm’online, set up user access to sections and records in accordance with your business needs.

Fig. 1 The [Object permissions] section

scr_section_administering_tab_objects.png 

Records in the [Object permissions] section can be edited directly in the list without using a page.

List views

[Sections] – the list of objects for which the checkbox is selected in the [Section] column.

[Lookups] – the list of objects for which the checkbox is selected in the [Lookup] column. These objects contain the data structure of the lookups.

[Managed by records] – the list of objects for which the checkbox is selected in the [Managed by records] column. You can manage access rights to individual records of these objects.

[Managed by columns] – the list of objects for which the checkbox is selected in the [Managed by columns] column. You can manage access rights to individual columns in these objects.

[Managed by operations] – the list of objects for which the checkbox is selected in the [Managed by operations] column. You can manage access rights to perform the view, add, edit and delete operations in these objects.

List columns

[Lookup] – the checkbox in this column indicates that the object is used to create lookups. Examples of lookup objects can be “City”, “Currency”, “Job responsibility”, etc.

[Section] – the checkbox in this column is selected for objects that contain data structure of sections. For example, the “Contact”, “Account” and “Activity” objects are sections.

[Managed by records] – select the checkbox in this column to enable setting up access rights to separate records in the object. If the checkbox is cleared, then the access to individual records in that object will not be limited.

Attention!

If the checkbox has been selected for the object that already contains records, then these records will become unavailable for all users. Only users who have permission to perform the [Select any data] system operation will be able to read that data.

Note

If the [Managed by records] checkbox is selected for certain objects, the access to a new record is granted to its author and the user specified in the [Owner] column for the new record.

[Managed by columns] – select the checkbox in this column to configure access rights to individual columns in the object. If the [Managed by columns] checkbox is cleared, then the access to individual columns in the object will not be limited.

Note

You can configure access rights to columns by using the [Columns permissions] detail.

[Managed by operations] – select the checkbox in this column to limit the general permissions to read, add, edit and delete records of the object.

Note

You can configure operations permissions by using the [Access to object] detail.

Inheriting access permissions

Subordinate objects, such as details, can inherit access permissions from parent objects (e.g., corresponding sections). For example, account communication options can inherit access permissions of the parent account. In this case, any user who has no permission to edit the primary record (account) cannot edit the communication options of that account either.

This functionality is disabled by default. You can enable it in the object designer, available in the [Configuration] section of bpm’online advanced settings page.

Note

More information about working with the object designer and the [Configuration] section is available in the “The [Configuration] section” article of the Development Guide. The “Workspace of the object designer” article provides the description of the object designer.

Enable inheriting access permissions from the parent object:

1.Go to the System Designer and click [Advanced settings]. In the Advanced Settings window, go to the [Configuration] tab.

2.Locate the object that must inherit access permissions, select it and click [Edit]. Object Designer opens.

3.Enable “advanced mode” in the Object Designer. Click the icn_configuration_advanced_mode.png button in the top right corner of the page and select “All” in the “Properties” section of the drop-down menu.

4.In the [Object to inherit access permissions from] field, select the parent object, whose access permissions will be inherited by the current object (Fig. 2).

Fig. 2 Inheriting access permissions from the parent object

scr_object_to_inherit_access_permissions_from.png 

Contents

The [Default permissions] detail of the [Object permissions] section

The [Access to object] detail of the [Object permissions] section

The [Columns permissions] detail of the [Object permissions] section.

Video tutorials

Setting up access permissions

Did you find this information useful?

How can we improve it?