Introduction
Read Restriction Rules grant / restrict access based on dynamic conditions, e.g. a user can only access quotes that s/he is the creator for or can only change opportunities within his/her organization unit. They provide a great level of flexibility to model all sorts of business requirements around protected access to business data.
Definition
Under ‘Administration’ → ‘Master Data Management’ → ‘Read Restriction Rule’, an admin can view existing or create new rules:
The Digital Sales Platform comes with a set of predefined rules, such as (this is not an exhaustive list but more for demonstration purposes):
Object |
Sample Read Restriction Rules |
---|---|
Accounts |
User has access to account if user is its creator |
|
User has access to account if user is its owner |
|
User has access to account if user is one (1) of its partner functions |
Quotes |
User has access to quote if user is its creator |
|
User has access to quote if user is its owner |
|
User has access to quote if user is one (1) of its partner functions |
|
User has access to quote if user has access to its account |
|
User has access to quote if its creator's Organization Unit is in the hierarchy of the user's Organization Unit |
Using an example from the aforementioned table ‘User has access to account if user is its owner’, the definition of a read restriction rule is explained:
The main fields are:
- Rule Status; to determine whether the rule is active or inactive.
- Conditions; access to the object will be granted if all conditions are true.
In the aforementioned figure, the access to the account will be granted, if the currently logged-in user is also the owner of the account. Otherwise, the user will not be able to view the account at all.
Conditions
Conditions can be defined under ‘Administration’ → ‘Master Data Management’ → ‘Condition, and comprise the following data points:
Most important fields are:
Field |
Description |
Name |
Name of the condition when assigned to a rule |
Business Type |
The object (e.g. account, opportunity, quote, etc.) |
Attribute |
Values are creator, owner, organization unit, etc. |
Search Expression |
Only available if ‘Attribute’ is empty. In this case, a search expression can be used to derive a specific object. |
Operator |
Values are equal to, contains, greater / less than, etc. |
Condition Value |
This is used to perform the respective test. Values depend on the previous selections for Business Type and Attribute. |