Skip to main content
Support Home

    Read Restriction Rules

    Support
    • Updated

    Introduction

    Read Restriction Rules grant / restrict access based on dynamic conditions, e.g. a user can only access quotes that s/he is the creator for or can only change opportunities within his/her organization unit. They provide a great level of flexibility to model all sorts of business requirements around protected access to business data.

    Definition

    Under ‘Administration’ → ‘Master Data Management’ → ‘Read Restriction Rule’, an admin can view existing or create new rules:

    mceclip0.png

    The Digital Sales Platform comes with a set of predefined rules, such as (this is not an exhaustive list but more for demonstration purposes):

    Object

    Sample Read Restriction Rules

    Accounts

    User has access to account if user is its creator

     

    User has access to account if user is its owner

     

    User has access to account if user is one (1) of its partner functions

    Quotes

    User has access to quote if user is its creator

     

    User has access to quote if user is its owner

     

    User has access to quote if user is one (1) of its partner functions

     

    User has access to quote if user has access to its account

     

    User has access to quote if its creator's Organization Unit is in the hierarchy of the user's Organization Unit

    Using an example from the aforementioned table ‘User has access to account if user is its owner’, the definition of a read restriction rule is explained:

    mceclip1.png

    The main fields are:

    • Rule Status; to determine whether the rule is active or inactive.
    • Conditions; access to the object will be granted if all conditions are true.

    In the aforementioned figure, the access to the account will be granted, if the currently logged-in user is also the owner of the account. Otherwise, the user will not be able to view the account at all.

    Conditions 

    Conditions can be defined under ‘Administration’ → ‘Master Data Management’ → ‘Condition, and comprise the following data points:

    mceclip2.png

    Most important fields are:

    Field

    Description

    Name

    Name of the condition when assigned to a rule

    Business Type

    The object (e.g. account, opportunity, quote, etc.)

    Attribute

    Values are creator, owner, organization unit, etc.

    Search Expression

    Only available if ‘Attribute’ is empty. In this case, a search expression can be used to derive a specific object.

    Operator

    Values are equal to, contains, greater / less than, etc.

    Condition Value

    This is used to perform the respective test. Values depend on the previous selections for Business Type and Attribute.

     

    Related articles

    Comments

    0 comments

    Article is closed for comments.