This is the documentation for Clover Club 12.0.
Documentation for the upcoming version Rampur 13.0 can be found here.

Entitlement Concept

Owned by Jan Panoušek
Jun 14, 2024
3 min read

Access to various parts of the Pricefx application is driven by the following entitlement elements:

Roles

  • Drive access to functionalities (such as Price Lists, Rebate Agreements, Master Data or User Admin). 

  • The role list is given and cannot be changed.

  • User roles are assigned when creating/editing users.

Groups

  • Drive access to data object details (not headers).

  • Groups are created by application admins. 

  • Can be "overridden" by some roles, e.g., General Admin or User Group Override.

    • Users with such roles will have access to records (and also calculation logic results) "protected by groups" anyway.

  • Groups are assigned when creating/editing users.

    • Each user can be a member of one or more groups.

    • In addition, each user can have one group selected as the default group for viewing and another group as the default group for editing. These groups are then automatically pre-selected for new objects created by the user – if this is enabled (per object type) in Administration > Configuration > Entitlements.

A user can always see the object in a list of objects, but access to a detail (either View or Edit) is driven by Groups.
Even if the user cannot see a particular object in detail (because of the group restriction), they will still be able to see the header of the object, e.g., the short Quote info in the list of Quotes.

If you want to completely hide objects from the list page for groups that are not entitled to see them, add the following advanced configuration options and set their value to true:

Object

Advanced Configuration Option

Object

Advanced Configuration Option

Quotes

hideQuotesBasedOnUserGroups

Agreements/Promotions

hideContractsBasedOnUserGroups

Rebate Agreements

hideRebateAgreementsBasedOnUserGroups

Rebate Records

hideRebateRecordsBasedOnUserGroups

Compensation Plans

hideCompensationsBasedOnUserGroups

Compensation Records

hideCompensationRecordsBasedOnUserGroups

Company Parameters

hidePPTablesBasedOnUserGroups

If you need to restrict visibility of Products or Customers in the list, you can use the Product or Customer Filter.

User Group (Edit) / User Group (View Details)

It is possible to restrict which user groups can edit / view details of individual objects, such as Quotes or Price Lists. These restrictions work in the following way:

  1. If they are not set (which is the default state), the object can be viewed/edited by all users.

  2. 'Edit' always includes 'View': if you qualify for edit, you can also view the object.

  • It makes no sense to set the 'View Details' restriction and leave 'Edit' empty. As stated above, if 'Edit' is not set, the object can be viewed by all users. See the matrix below.

  • The value entered into any of these two user group fields can only be 254 characters long (including both characters of group names and commas separating them).

  • In a duplicate, the 'Edit' group is removed if the duplicating user is not its member.

Possible Combinations

Explanation:

  • "Another group" = I am not a member of the group which is defined.

  • "My group" = I am a member of the group which is defined.

  • "–" = No group is defined, the field is left empty.

User Group (Edit)

User Group (View)

Result

ibComment

User Group (Edit)

User Group (View)

Result

ibComment

–

–

I can do all actions (duplicate, edit, view).

No Edit/View group defined = no entitlement implied.

Another group

Another group

I cannot do any action.



Another group

–

I cannot edit; I can view and duplicate.

No View group defined = no viewing restriction implied.
When I create a duplicate and I am not a member of the Edit group, this group is removed.

–

Another group

I can do all actions (duplicate, edit, view).

No Edit group defined = no entitlement implied.
Edit setting includes the View setting.

My group

My group

I can do all actions (duplicate, edit, view).



My group

–

I can do all actions (duplicate, edit, view).

Edit setting includes the View setting.

–

My group

I can do all actions (duplicate, edit, view).

No Edit/View group defined = no entitlement implied.

My group

Another group

I can do all actions (duplicate, edit, view).

Edit setting includes the View setting.

Another group

My group

I cannot edit; I can view and duplicate.

When I create a duplicate and I am not a member of the Edit group, this group is removed.

Business Roles

Business Roles allow you to create a combination of roles and groups and assign it to users.

For details see Business Roles Admin.

PA Specific Settings

Access to data in Analytics can be restricted by using groups for which you create filters.

For details see Set Data Entitlement in Data Source.  

Other Modules Specific Settings

  • For each user you can define a Product or Customer Filter which allows you to create an individual restriction on accessing the data in all modules except Analytics. This entitlement option can be useful for e.g., setting up sales rep user accounts in Pricefx.

  • On the Module Categories page, you can use user groups to control the access to elements that belong to the Module Categories.