Setting up access permissions for portal users
Although you can grant permissions to specific portal users, the most efficient way would be to assign permissions to portal user roles.
-
Assign common permissions to the “All portal users” role.
-
Add subordinate organizational roles to the “All portal users” role to differentiate permissions between different groups of portal users.
-
Link roles to customer accounts – to manage employees of your customers.
Grant permissions to the portal section data by assigning object permissions. See the “Object permissions” article for more information. You can manage portal user access on three levels:
-
Object operation permissions – ability to view, add, edit and delete data in an object.
-
Record permissions – ability to view, edit, and delete specific records in objects.
-
Column permissions – ability to view, edit and delete data in specific columns.
Attention
Before you start setting up access permissions for portal users, make sure that the corresponding objects are listed in the “List of objects available for portal users” lookup. If they are not – none of the object data will be available for the portal users.
Set up object operation permissions on the portal
You can manage general access permissions to a section, detail or lookup on the portal by setting up object operation permissions for the portal user roles. Setting up permissions for portal users is similar to that of regular users. Read more in the “Managing column permissions” article.
For example, you can set up permissions for working with the “Knowledge base article” object for all portal users (Fig. 1).
As a result, all portal users (regardless of role) will be able to create new and edit existing articles in the [Knowledge base] section, but will not be able to delete them.
Set up record permissions on the portal
You can manage portal use access to specific records in the portal sections, details, and lookups. If you enable record permissions in an object, all object records will become unavailable for portal users, unless specific permissions exist for each specific record.
Bpm’online can automatically grant permissions to each record in an object, based on the record author. You will need to define which permissions to assign. Setting up permissions for portal users is similar to that of regular users. Read more in the “Managing column permissions” article.
For example, you can set up separate permissions to knowledgebase articles created by portal users that belong to different organizational roles subordinate to “All portal users”, e.g. Boston and Toronto (Fig. 2).
As a result, the portal users from Boston will be able to read the knowledge base articles created by portal users from Toronto, but the portal users from Toronto will not be able to read the knowledge base articles created by portal users from Boston.
Attention
Before you set up record permissions in an object, make sure that portal users have access to corresponding object operations.
Set up column permissions on the portal
You can manage portal user access to specific columns in sections, details, and lookups by setting up column permissions for the needed portal user or role. Setting up permissions for portal users is similar to that of regular users. Read more in the “Managing column permissions” article.
For example, you can hide the [Code] column from users in Toronto, while displaying it for users in Boston. (Fig. 3).
As a result, the users of “Toronto” will not be able to read the “Code” column on the knowledgebase article pages, while the users of “Boston” will see value in this column, but will not be able to edit it.
Attention
Before you set up column permissions in an object, make sure that portal users have access to corresponding object operations and records.
See also