- 30 Apr 2024
- 2 Minutes to read
- Print
- DarkLight
Read restriction rules
- Updated on 30 Apr 2024
- 2 Minutes to read
- Print
- DarkLight
Use read restriction rules to grant or restrict access based on dynamic conditions. They provide flexibility to model your business requirements around protected access to business data.
You can, for example, use a read restriction rule to restrict user access to only those quotes that they create, or to change opportunities only within their assigned organizational unit.
View read restriction rules
- From the application left navigation area, select Administration.
- On the top navigation bar, select Master Data Management.
- Scroll or search, then select Read Restriction Rule to view the list of defined rules.
The CPQ application includes predefined rules. Examples of predefined rules are:
- Accounts
- User has access to account if user is its creator
- User has access to account if user is its owner
- User has access to account if user is one of its partner functions
- Quotes
- User has access to quote if user is its creator
- User has access to quote if user is its owner
- User has access to quote if user is one of its partner functions
- User has access to quote if user has access to its account
- User has access to quote if its creator's Organization Unit is in the hierarchy of the user's Organization Unit
Each read restriction rule includes:
- Rule Status—Determines whether the rule is active or inactive.
- Conditions—Determines whether the system will grant access to the object. If all conditions are true, then access is granted.
As shown in the following image, account access is granted only if the currently signed-in user is also the owner of the account.
Create conditions
You must define the conditions used by read restriction rules.
- From the application left navigation area, select Administration.
- On the top navigation bar, select Master Data Management.
- Scroll or search, then select Condition.
- Select + to add a line to the list of conditions, then select it. Enter or select values to create the condition:
- Name—Required. Enter a unique name for the condition. This name appears in the list of conditions used to assign to a rule.
- Business Type—Required. Select the object, such as account, opportunity, or quote.
- Attribute—Required. Select an attribute, such as creator, owner, or organization unit.
- Operator—Required. Select an operator value.
- Condition Value—Required. Select a value used to perform the respective test. Available values depend on the selections made for Business Type and Attribute.
Create read restriction rules
Select + to add a line to the list, then select it to create a read restriction rule. Enter or select values to set up the rule.