How do I configure my first access group in Case Management?

Create an access group to configure rules to restrict what Cases a user sees. Here's a brief walk-through for configuring an access group for a common Case Management use-case.

Access Group rules can be built upon many Case attributes. For example, case creator, case team members, case contacts, case assignee, case assignee hierarchy, case queue membership, case queue membership hierarchy and case business units.

In this example a case worker can view, update, and delete only the cases that are assigned to them.

Also see:

Sign in to your server as an administrative user.
Go to Tools > Security Console.
Search for Case Execution. For example: ORA_SVC_CASE_EXECUTION role.
Note:
For a Case Manager, replace ORA_SVC_CASE_EXECUTION with ORA_SVC_CASE_SUPERVISION and ORA_SVC_CASE_WORKER_JOB with ORA_SVC_CASE_MANAGER_JOB.
Copy the role (either copy top role or inherited role).
Go to the Data Security Policies tab, and remove all Grant on Cases.
Note:
If you're configuring for Case Manager: ORA_SVC_CASE_SUPERVISION then you'll see only one Grant on Cases so remove just that one.
After deleting both grants, click Next and Submit and Close.
Copy Case Worker: ORA_SVC_CASE_WORKER_JOB role using either top role or top role and inherited roles.
Go to the Role Hierarchy tab and delete the ORA_SVC_CASE_EXECUTION role.
Go to the Role Hierarchy tab and delete the ORA_SVC_CASE_EXECUTION role.
Now, add the new custom execution role you created in earlier step.
Click Next and Submit and Close.
Select Users in the left-hand panel of the Security Console and add the new role you created.
Note:
These are minimal required roles. You can have more roles as per your use-cases.
Once the roles are added, go to Tools > Scheduled Processes > Schedule New Process and run the following jobs in this order:
- Import User and Role Application Security Data
- Send Pending LDAP Request
- Retrieve Latest LDAP Changes
Once the jobs have completed, go to Tools > Sales and Service Access Management and search for the Access Group corresponding to your new job name.
Click the Access Group name link and make sure the correct user is shown as Resource in the Overview tab.
Click the Object Rules tab and search for the Case object.

Click Add Rule and select the rule for your use-case. This example uses the Case Assignee rule.

After adding the rule, you can select the access level appropriate for your use-case. This example gives full access to case worker user.

Note: There are many ready-to-use rules that can suit your use-case and you can add rules from any of following ready-to-use rules listed below. (CRM, HRHD, or HR Helpdesk Service Request, and ISR, Internal Service Request, refers to the stripe code that you've configured through the profile option ORA_SVC_CASE_DEFAULT_STRIPE_CD.) If your use-case isn't covered by any of these ready-to-use rules then you can create a custom rule by clicking Create Rule.

Ready to Use Rules

Number	Rule	Use Case
1.	All CRM Cases	Access all CRM Cases
2.	All HRHD Cases	Access all HRHD Cases
3.	All ISR Cases	Access all ISR Cases
4.	Case Creator	Cases where the access group member is the case creator
5.	Case Assignee	Cases where the access group member is the case assignee
6.	Case Assignee Hierarchy	Cases where the access group member is in the management chain of the case assignee
7.	Case Team	Cases where the access group member is in the case team
8.	Case Contact	Cases where the access group member is in the case contact
9.	Case Queue Member	Cases where the access group member is associated with the case queue
10.	Case Queue Member Hierarchy	Cases where the access group member is in the management chain of the case queue member
11.	Case Primary Contact	Cases where the access group member is the case primary contact
12.	Business Unit CRM Cases	CRM cases in the business units in which the access group member is associated
13.	Business Unit HRHD Cases	HRHD cases in the business units in which the access group member is associated
14.	Business Unit ISR Cases	ISR cases in the business units in which the access group member is associated

Click Save.
Click the Rule Name link. For example, click the Case Assignee link and make sure the rule is active.
If the rule isn't active, select the Active checkbox then go to Actions > Save and Publish.
Once published, click Actions > Save and Close.
Save and Close the page.
Go to the Monitor tab in the left-hand panel and click Update Groups and Members.
Click Start Process.
Once the job successfully completes, go to the Publish Rules tab.
Run the job by clicking Start Process.
Once the job completes successfully, if you've any custom object or custom field created through app-composer then go to the Synchronize Custom Objects and Fields tab and run the job by clicking Start Process.
Note:
This is a one time activity. All new further records will be assigned automatically. However, whenever a rule is updated, run this job again to apply the updated rule to all existing Cases.
In the next window, select the Basic Options parameters: Object = Case and Record Selection = All Records.
Click Submit.
When the job successfully completes, you've now configured your first access group.
Your Case Worker will now have access to only those cases assigned to them and they will get the access based on the configured access level (READ/UPDATE/DELETE/FULL).

Tip:

If unanticipated records are shown on the Case List page or when you drill down to a record the Case Details page and it doesn't load (or shows an error message Couldn't load data: status 404 , you might need to republish the Case object in Adaptive Search.

Go to the Configure Adaptive Search task.
Click the Setup tab.
Make sure Case object is selected.
Click Actions > Full Publish.
Wait for the publish to complete.
You can track the progress from Monitor > Publish.