1. Securing Sales and Fusion Service
  2. Overview of Access Groups

Overview of Access Groups

Use access groups to provide sales resources with additional access to sales object data. Access groups are an alternative way of granting data permissions to users, and they use a different access path to that provided by the predefined data security policies.

An access group uses the access control list model. You create an access group, assign users to the access group and all group members are given access to standard or custom object data. You define object sharing rules which provide users with access to the specific records of an object. These rules specify the type of access to an object to be provided and the conditions under which the access is provided. For example, users might be granted access to:

  • All opportunities with a status of Open

  • All accounts where country is set to UK

You can also define the type of data access provided, for example, Full access or Read access.

A user can be assigned to one or more access groups and will have the access assigned to each group. So if Lisa Jones is assigned to Access Group A, which provides access to opportunities, and Access Group B, which provides access to Accounts, she receives the access provided by both groups. You can also use one access group to assign access to multiple objects.

Objects That Support Access Groups

You can create access groups to provide data access to these objects:

  • Account

  • Activity

  • Activity Assignee

  • Asset

  • Business Plan (includes Sales Objective)

  • Campaign

  • Category

  • Contact

  • Contests

  • Conversation

  • Conversation Message

  • Custom objects

  • Deal Registration

  • Duplicate Identification Batch

  • Duplicate Resolution Request

  • Forecast Territory Details

  • Goals

  • Goal Participants

  • Household

  • HR Help Desk Request

  • Internal Service Request

  • KPI

  • MDF Budget

  • MDF Claim

  • MDF Request

  • Message

  • Note

  • Opportunity

  • Partner

  • Price Book Header

  • Product

  • Product Group

  • Program Enrollments

  • Quote and Order

  • Resource

  • Sales Lead

  • Sales Quota Plan

  • Sales Resource Quota

  • Sales Territory

  • Sales Territory Proposal

  • Service Request

  • Work Order

Important: When you provide users with access to the records of a top-level object using access groups, users automatically receive the same access to the records of any child objects.

Access Group Privileges

Users assigned the Manage Group Access privilege (ZCA_MANAGE_GROUP_ACCESS_PRIV) can create and manage access groups. By default, the Sales Administrator job role and the IT Security Manager job role have this privilege.

Users must be assigned a duty role, the Access Groups Enablement role, to get the access provided through access groups. By default, users assigned any of these roles have this privilege:

  • Resource abstract role

  • Any of the predefined sales and service job roles

  • Any custom job roles that you create

Caution: Don't make any changes to the predefined data security policies assigned to the Access Groups Enablement duty role. Changing or deleting these data security policies prevents the access groups functionality from working correctly.