Access permissions on the portal
Since portal functionality lets external users access Creatio data, managing access permissions for portal users becomes paramount. You can choose which of your business data is available on the portal, and make sure that any sensitive and confidential information is safe out of external users’ reach.
Access permissions on the portal are designed according to the “least access” principle. This means that the portal users are generally prohibited to perform any action that they do not have explicit permission to.
Default portal user permissions
By default, all portal users have the following access permissions:
-
Permission to read articles in the [Portal Knowledge base] section. When regular Creatio users add new knowledgebase articles, the portal users are automatically granted permission to read these articles.
-
Permission to view the portal main page.
-
Permission to change the password on the user profile page.
-
Permission to access the folder area in the portal sections,
-
Permission to post, edit and delete comments in the feed. Users can also “like” other users’ comments.
-
For the Creatio service products, the users of the self-service portal also have permission to create records in the [Portal Cases] section. The users can only see their own records.
Just like with regular users, you can manage two types of access permissions: object permissions and system operation permissions.
-
Object permissions let you manage access to sections, details, and lookups, as well as their separate records and columns. Read more >>>
-
System operation permissions let you manage portal user access to specific functions, such as Excel export. Read more >>>
Managing access permissions for portal users
In general, managing access permissions for the portal users is the same as managing access of regular users, with the same array of administrative tools and mechanics. Read more in the “User profile article.
The specifics are as follows:
-
Portal users make a separate type of Creatio user accounts that belong to the “All portal users” organizational role.
-
In addition to the regular object permissions, the data available for portal users is limited by the [List of objects available for portal users] lookup. Only the objects included in the lookup are accessible via the portal UI.
Note that the list of sections available for portal users also depends on the portal configuration. For example, the [Portal cases] section is not available in the “Customer portal” configuration. See the “Portal” article for more information on the portal configurations.
Whenever a portal user attempts to access specific data, Creatio checks permissions in the following order:
1.Availability on the portal.
Is the object that contains the requested data included in the “List of objects available for portal users” lookup? If it’s not - the user will not be able to access the data, regardless of other permissions.
2.Object operation access.
Does the user have permission to create/read/update/delete data in the object? If not, the user will not be able to perform it (e.g. read or edit data), regardless of other permissions.
3.Record access.
Does the user have permission to access the object record that contains the needed data? If certain records are restricted, the user will not be able to access them (e.g. read or edit particular support cases, knowledge base articles, etc.), regardless of other permissions.
4.Column access.
Does the user have permission to access the column that contains the needed data? If certain columns are restricted, the user will not be able to access the data stored in these columns (e.g. read or edit case assignee, knowledge base author, etc.), regardless of other permissions.
Each step represents a separate object permission level that you can set up.
Attention
The “All portal users” role has a set of default permissions that enable the users to work with the base portal sections. If you add new sections and other functions on the portal, be sure to update the portal user access permissions.
Note
If you do not add a section of the main application to the workplace of a portal user, they will not be able to open the section or its record page by clicking a direct link.
Object permission levels
Object operation permissions enable you to grant access to create/read/update/delete operations for all data in an object. For example, you can enable creating new articles in the [Knowledge base] section for the portal users by configuring the corresponding operation permissions for the “Knowledge base” object. See “Managing object operation permissions” for detailed instructions.
Record permissions enable configuring portal user access to separate records: separate support cases, knowledgebase articles, requests, etc. For example, portal users should be able to see their own cases, as well as cases created by their colleagues within the same organization.
Note that unless you grant record permissions specifically, portal users will be able to access only the records that they created. You can set access to records in several ways:
-
Set up default permissions that apply to each new record, based on its author.
-
Share the record with the portal users through “Actions” on a record page.
-
Use business processes to allocate permissions.
Column permissions manage access to specific fields of a record (e.g., the “Satisfaction level” field in a case record). Configuring column permissions will determine:
-
whether a corresponding field will be visible on the record page;
-
whether the record will be available for displaying in the section grid.
See “Managing column permissions” for detailed instructions.
You can grant these permissions to each portal user separately (which would not be very efficient) or to a portal user role, such as the “All portal users” role.
Organizational structure and portal organizations
Similar to regular Creatio users, you can group portal users by assigning them various organizational and functional roles. If you assign permissions to a role, they will apply to all users of that role.
By default, all portal users in Creatio belong to a single “All portal users” role. The access permissions that you assign to this role will apply to all portal users.
You can group and segment your portal users by adding subordinate roles to the “All portal users” role. These roles will automatically obtain all access permissions from their parent role. You can also grant additional permissions to each of the subordinate roles. For example, portal users from different locations may have different access permissions.
Portal organizations are special types of portal user roles. They are used for managing employees of your customers. You can link such portal organizations to existing accounts in Creatio. Learn more about setting up access permissions for portal organizations in the “Users and permissions on the portal” article.
Contents
•Setting up access permissions for portal users
See also
•Managing organizational roles