|
Administering Oracle CRM On Demand > User Management and Access Controls > Role Management > About Record Type Access in Roles
About Record Type Access in Roles
You control access to primary record types for a role in step 2 of the Role Management Wizard. For more information about adding roles, see Adding Roles.
A primary record type is a record type that can be used as an independent record type. Most, but not all, of the primary record types can appear as tabs in Oracle CRM On Demand. However, there are some primary record types that cannot appear as tabs. For example, the Book record type is a primary record type (that is, book records can be created as independent records). However, the Book record type cannot appear as a tab. Record types that are not primary record types cannot appear as tabs.
With some exceptions, the primary record types that meet the following criteria are listed in step 2 of the Role Management Wizard:
- Your company is licensed to use the record type.
- Your role has the appropriate privilege to access the record type.
The exceptions are record types that are used for administrative purposes only, such as the company profile, user records, workflow rules, and so on. Access to such record types is controlled through privileges only.
For each primary record type that is listed in step 2 of the wizard, access to the record type for the role is controlled through three settings:
- Has Access. When the Has Access check box in step 2 of the Role Management Wizard is selected for a primary record type on a role, users who have the role can access records of that record type. If the Has Access check box is deselected for a record type on a role, users who have the role are denied all forms of access to the record type. For example, if the Has Access check box is deselected for the Account record type on a role, all forms of access to the Account record type, including related applets, search capabilities, and other access to the Account record type, are denied to users who have the role. Then the following can occur:
- If a user who does not have access to the Account record type attempts to associate an opportunity with an account record, the operation fails.
- If a user who does not have access to the Account record type sees an opportunity that is already linked to an account, the user is not able to view any details of the linked account record.
NOTE: Denying access to a record type (by not selecting the Has Access check box for the record type in the Role Management Wizard) can prevent a user from being able to create a record of another record type. For example, if you deny access to a record type that a user must access to create a record based on another record type, you can prevent a user who has the role from being able to create that record.
- Can Create. When the Can Create check box in step 2 of the Role Management Wizard is selected for a record type on a role, users who have the role can create records of that record type.
If the Can Create check box for a primary record type is deselected, users who have the role do not have the ability to create a record of that primary record type.
NOTE: The permission to create records of a primary record type is controlled by this setting. It is not controlled through access profiles. Access profiles control access to existing data, so primary records must exist before access profiles can control access to those records.
- Can Read All Records. When the Can Read All Records check box in step 2 of the Role Management Wizard is selected for a primary record type on a role, users who have the role can see all records of that record type. If the Can Read All Records check box is deselected for a primary record type, as a general rule, users who have the role can see records of that record type only if they are authorized to see the record. Other access-control components can influence the visibility to records, such as books, teams, groups, and the management hierarchy. Users can gain visibility to records that they do not own through those access-control components. However, if no other access-control component authorizes visibility to the records, and the Can Read All Records check box is deselected, then the user sees only the records that the user owns.
Related Topics
See the following topics for related information:
|
