Portal Creatio
This documentation is valid for Creatio version 7.14.0. We recommend using the newest version of Creatio documentation.

Access permissions on the portal

Since portal functionality lets external users access bpm'online data, managing access permissions for portal users becomes paramount. You can choose which of your business data is available on the portal, and make sure that any sensitive and confidential information is safe out of external users’ reach.

Access permissions on bpm’online portal are designed according to the “least access” principle. This means that the portal users are generally prohibited to perform any action that they do not have explicit permission to.

Default portal user permissions

By default, all portal users have the following access permissions:

  • Permission to read articles in the [Portal Knowledge base] section. When regular bpm’online users add new knowledge base articles, the portal users are automatically granted permission to read these articles.

  • Permission to view the portal main page.

  • Permission to change the password on the user profile page.

  • Permission to access the folder area in the portal sections,

  • Permission to post, edit and delete comments in the feed. Users can also “like” other users’ comments.

  • For the bpm’online service products, the users of the self-service portal also have permission to create records in the [Portal Cases] section. The users can only see their own records.

Just like with regular users, you can manage two types of access permissions: object permissions and system operation permissions.

Managing access permissions for portal users

In general, managing access permissions for the portal users is the same as managing access of regular users, with the same array of administrative tools and mechanics. Read more in the “User profile article.

The specifics are as follows:

  • Portal users make a separate type of bpm’online user accounts that belong to the “All portal users” organizational role.

  • In addition to the regular object permissions, the data available for portal users is limited by the [List of objects available for portal users] lookup. Only the objects included in the lookup are accessible via the portal UI.

Note that the list of sections available for portal users also depends on the portal configuration. For example, the [Portal cases] section is not available in the “Customer portal” configuration. See the “Portal” article for more information on the portal configurations.

Whenever a portal user attempts to access specific data, bpm’online checks permissions in the following order:

1.Availability on the portal.

Is the object that contains the requested data included in the “List of objects available for portal users” lookup? If it’s not - the user will not be able to access the data, regardless of other permissions.

2.Object operation access.

Does the user have permission to create/read/update/delete data in the object? If not, the user will not be able to perform it (e.g. read or edit data), regardless of other permissions.

3.Record access.

Does the user have permission to access the object record that contains the needed data? If certain records are restricted, the user will not be able to access them (e.g. read or edit particular support cases, knowledge base articles, etc.), regardless of other permissions.

4.Column access.

Does the user have permission to access the column that contains the needed data? If certain columns are restricted, the user will not be able to access the data stored in these columns (e.g. read or edit case assignee, knowledge base author, etc.), regardless of other permissions.

Each step represents a separate object permission level that you can set up.

Attention

The “All portal users” role has a set of default permissions that enable the users to work with the base portal sections. If you add new sections and other functions on the portal, be sure to update the portal user access permissions.

Object permission levels

Object operation permissions enable you to grant access to create/read/update/delete operations for all data in an object. For example, you can enable creating new articles in the [Knowledge base] section for the portal users by configuring the corresponding operation permissions for the “Knowledge base” object. See “Managing object operation permissions” for detailed instructions.

Record permissions enable configuring portal user access to separate records: separate support cases, knowledge base articles, requests, etc. For example, portal users should be able to see their own cases, as well as cases created by their colleagues within the same organization.

Note that unless you grant record permissions specifically, portal users will be able to access only the records that they created. You can set access to records in several ways:

Column permissions manage access to specific fields of a record (e.g., the “Satisfaction level” field in a case record). Configuring column permissions will determine:

  • whether a corresponding field will be visible on the record page;

  • whether the record will be available for displaying in the section grid.

See “Managing column permissions” for detailed instructions.

You can grant these permissions to each portal user separately (which would not be very efficient) or to a portal user role, such as the “All portal users” role.

Organizational structure and portal organizations

Similar to regular bpm’online users, you can group portal users by assigning them various organizational and functional roles. If you assign permissions to a role, they will apply to all users of that role.

By default, all portal users in bpm’online belong to a single “All portal users” role. The access permissions that you assign to this role will apply to all portal users.

You can group and segment your portal users by adding subordinate roles to the “All portal users” role. These roles will automatically obtain all access permissions from their parent role. You can also grant additional permissions to each of the subordinate roles. For example, portal users from different locations may have different access permissions. Read more >>> 

Portal organizations are special types of portal user roles. They are used for managing employees of your customers. You can link such portal organizations to existing accounts in bpm’online. Read more >>>

Contents

Managing portal user roles

Setting up access permissions for portal users

See also

Managing organizational roles

Managing functional roles

Users and permissions

Object permissions

Portal configurations

Managing object operation permissions

Managing record permissions

Managing column permissions

Portal users

Did you find this information useful?

How can we improve it?