1. Securing Sales and Fusion Service
  2. Create a Custom Access Group

Create a Custom Access Group

This topic guides you through the main steps in the process of creating an access group and providing group members with access to object data.

It describes these tasks:

  1. Create an access group.

  2. Create object sharing rules to give group members access to object data.

  3. Add members to the group.

More detailed information about each task is available in other topics in the chapter.

Note: You must be assigned the IT Security Manager job role or the Sales Administrator job role to create and manage access groups.

Step 1. Create an Access Group

Once you have identified a group of resource users that require additional access to object data, create an access group for those users.

  1. Sign in to the application as the sales administrator or as a setup user.

  2. In the Setup and Maintenance work area, go to the following:

    1. Offering: Sales

    2. Functional Area: Users and Security

    3. Task: Manage Sales and Service Access

    Alternatively, click Navigator > Tools > Sales and Service Access Management.

    If you you have the Sales Administrator job role, the Access Groups page in the Sales and Service Access Management work area is displayed. If you have the IT Security Manager job role, the Sales and Service Access Management main page is displayed with the Configure Groups tab selected to display the Access Groups page.

    The Access groups page lists any existing, active access groups. You can view all access groups (active and inactive) by selecting All Groups from the List drop-down list. You can also search for an existing group on this page.

  3. Click Create to display the Create Access Group page.

  4. Enter the values shown in the following table:

    Field

    Value

    Name

    Enter a name for your group. For example, if you're creating a group to give sales support users access to all open opportunities, you might name the group Opportunity_Open.

    Description

    Enter a description for your group (optional). For example, Access to open opportunities.

    Active

    Select a status for the new group. By default, the status for new groups is inactive. Click the Active check box to activate the group.

  5. Click Save and Continue to save your new group.

    The Edit Access Group: Overview page is displayed for the group. From here, you can edit the access group details or delete the access group.

Step 2. Create Object Sharing Rules for the Group

Next, create object sharing rules to grant group members access to object records.

  1. On the Edit Access Group: Overview page select the Object Rules tab.

  2. To create a new rule, click Create Rule.

  3. On the Create Object Sharing Rule page, select the object you're creating the rule for from the Object drop-down list. For example, select Opportunity.

  4. Enter a Name for your new rule, for example, Opportunity_Open. You can optionally enter a rule Description.

  5. In the Access Level field, select the type of object access you want to give group members, either Read, Update, Delete or Full access.

  6. Make sure that the Active check box for the rule is checked.

  7. In the Conditions area, specify the rule conditions.

    For example, you might specify that group members have access to opportunity records that have a Status attribute equal to Open.

  8. Select Save and Publish from the Actions menu to publish the rule so it's available for assignment processing.

  9. When the status indicator shows the publish process has completed, select Save and Close from the Actions menu, then select Save and Close to return to the main Access Groups page.

  10. If this is the first custom rule you've created, you must also publish the new rule on the Object Sharing Rules page. To do this, select the Object Rules tab, then select Publish Rules from the Actions menu.

    For any subsequent rules you create, this step isn't required. You only have to publish the rule once as described in step 8.

  11. Now run the Perform Object Sharing Rule Assignment Processing scheduled process to ensure that the object sharing rules for each object are assigned properly.

For detailed information about creating object sharing rules, see Manage Object Sharing Rules for Access Groups in this chapter.

Step 3. Add Members to the Group

Finally, add resources to your new, custom access group. You can add users to the group in a number of ways: manually add users on the UI, create group membership rules to automatically add users, or use the standard import and export functionality to add users.

Here are the steps to create group membership rules to add users to your group.

  1. On the Edit Access Group: Overview page, click the Member Rules tab.

  2. Click Create Rule.

  3. On the Create Group Membership Rule page, enter a Name for the rule, for example, Sales_Support_Resources.

  4. Optionally, enter a rule Description.

  5. Select the rule conditions. The conditions determine which resources are added or removed as members of the group.

    For example, you might specify that all resources that have an Organization attribute equal to Sales Support are added to the group.

  6. Select Save and Publish form the Actions menu to publish the rule, then click Save and Close from the Actions menu.

  7. On the Edit Access Group: Overview page, click Save and Close to save the group details.

    On the Access Groups page, check that your new group is included in the list of groups.

  8. Now run the Run Access Group Membership Rules scheduled process to ensure that the access group membership rules are assigned and resources are added to the group.

    The Run Access Group Membership Rules scheduled process automatically runs every hour to update access groups with changes to the group membership. But, you can also run the process at any time from the Access Groups main page by selecting the Update Groups and Members option from the Actions menu.

    Once the rules you created for your new access group are processed, all the users in the Sales Support organization will have access to all open opportunities.

    For more detailed information about the different methods of adding users to custom access groups see Add Members to Custom Access Groups in this chapter.

For an example of how to assign access to sales objects to groups of users on the basis of the users' home country, see Assign Group Access By Country.