Entitlement Concept
Access to various parts of the Pricefx application is driven by the following entitlement elements:
User Roles
Drive access to functionalities (such as Price Lists, Rebate Agreements, Master Data or User Admin).
The role list is given and cannot be changed.
User roles are assigned when creating/editing users.
User Groups
Drive access to data object details (not headers).
Groups are created by application admins.
Can be "overridden" by some user roles, e.g., General Admin or User Group Override.
Users with such roles will have access to records (and also calculation logic results) "protected by groups" anyway.
Groups are assigned when creating/editing users.
Each user can be a member of one or more groups.
In addition, each user can have one group selected as the default group for viewing and another group as the default group for editing. These groups are then automatically pre-selected for new objects created by the user – if this is enabled (per object type) in Administration > Configuration > Entitlements.
A user can always see the object in a list of objects, but access to a detail (either View or Edit) is driven by Groups.
Even if the user cannot see a particular object in detail (because of the group restriction), they will still be able to see the header of the object, e.g., the short Quote info in the list of Quotes.
If you want to completely hide objects from the list page for groups that are not entitled to see them, add the following advanced configuration options and set their value to true:
Object | Advanced Configuration Option |
---|---|
Quotes |
|
Agreements/Promotions |
|
Rebate Agreements |
|
Rebate Records |
|
Compensation Plans |
|
Compensation Records |
|
Company Parameters |
|
Product Extensions |
|
Customer Extensions |
|
Seller Extensions |
|
If you need to restrict visibility of Products or Customers in the list, you can use the Product or Customer Filter.
User Group (Edit) / User Group (View Details)
It is possible to restrict which user groups can edit / view details of individual objects, such as Quotes or Price Lists. These restrictions work in the following way:
If they are not set (which is the default state), the object can be viewed/edited by all users.
'Edit' always includes 'View': if you qualify for edit, you can also view the object.
It makes no sense to set the 'View Details' restriction and leave 'Edit' empty. As stated above, if 'Edit' is not set, the object can be viewed by all users. See the matrix below.
The value entered into any of these two user group fields can only be 254 characters long (including both characters of group names and commas separating them).
In a duplicate, the 'Edit' group is removed if the duplicating user is not its member.
Possible Combinations
Explanation:
"Another group" = I am not a member of the group which is defined.
"My group" = I am a member of the group which is defined.
"–" = No group is defined, the field is left empty.
User Group (Edit) | User Group (View) | Result | ibComment |
---|---|---|---|
– | – | I can do all actions (duplicate, edit, view). | No Edit/View group defined = no entitlement implied. |
Another group | Another group | I cannot do any action. | |
Another group | – | I cannot edit; I can view and duplicate. | No View group defined = no viewing restriction implied. |
– | Another group | I can do all actions (duplicate, edit, view). | No Edit group defined = no entitlement implied. |
My group | My group | I can do all actions (duplicate, edit, view). | |
My group | – | I can do all actions (duplicate, edit, view). | Edit setting includes the View setting. |
– | My group | I can do all actions (duplicate, edit, view). | No Edit/View group defined = no entitlement implied. |
My group | Another group | I can do all actions (duplicate, edit, view). | Edit setting includes the View setting. |
Another group | My group | I cannot edit; I can view and duplicate. | When I create a duplicate and I am not a member of the Edit group, this group is removed. |
Business Roles
Business Roles allow you to create a combination of roles and groups and assign it to users.
For details see Business Roles Admin.
PA Specific Settings
Access to data in Analytics can be restricted by using groups for which you create filters.
For details see Set Data Entitlement in Data Source.
Other Modules Specific Settings
For each user you can define a Product or Customer Filter which allows you to create an individual restriction on accessing the data in all modules except Analytics. This entitlement option can be useful for e.g., setting up sales rep user accounts in Pricefx.
On the Module Categories page, you can use user groups to control the access to elements that belong to the Module Categories.
Found an issue in documentation? Write to us.
Pricefx version 13.1