1. Implementing Product Management
  2. Permission Sets

Permission Sets

A permission set contains individual permissions.

Each permission identifies the object for which permission is given, the conditions that must be met, the type of access to be granted on the object, and the attribute groups the team can access.

Here are some details on permission sets:

  • The permission sets that you create appear for selection on the Permission Sets tab when you create a team.
  • A permission set can be assigned to multiple teams.
  • You can control access to attribute groups when using the View and Manage permissions.
  • You can’t control access to attribute groups on items when using the Create, Discover, and Delete permissions.
  • To view a listing of the permission sets that have already been created, use the Search Permission Sets page. On the search page,
    • You can search for specific permission sets and sort the list of permission sets by the columns.
    • Click the permission set name to see details of the permission set.

Here are some object-specific details:

  • Permission sets for manufacturers: you can give component engineers based out of New York City or Houston permission to view all manufacturers and restrict manage permission to some US manufacturers. Additionally, provide access to the attribute group named Dimension.

  • Permission sets for Items: you can create a permission set for an item that enables you to:
    • Create items in the item class named Root Item Class.
    • Discover all items in the application.
    • Delete all engineering items.
    • View Basic Attributes, Quality, and Relationships on all engineering items.
    • Manage only Basic Attributes on all engineering items.
    Note: Before you configure the attribute groups for the team, you must run the Upgrade Product Management Data scheduled process to grant access to the attribute groups.

  • Permission sets for workflows: In each of the permission set created for a workflow you can add multiple permissions on workflows granting access to the workflow for the team members.

    You can provide access to workflows conditionally using permissions such as, create, view, manage, discover, delete, change status, and publish. You can also control the visibility of tabs appearing on the workflow details page, thereby controlling the shape of the workflow object. You can do this by configuring access to an attribute group or table using the Access To column, where you can specify which tabs are accessible to the user.

    For example, if a user is granted access only to Basic Attributes, Attachments, and Relationship, they will only be able to see these three tabs, while the others will remain hidden.

Create a Permission Set for an Object

Permission sets enable you to define access on objects. In each of the permission set you can add multiple permissions on object granting access to the object for the team members.

You can provide access to objects conditionally using permissions such as, create, view, manage, discover, delete, change status, and publish.

Here's how you create a permission set:

  1. Navigate to the Product Management work area.
  2. In Actions, click Teams.
  3. On the Search Teams page, select Permissions Sets from the Search Teams drop-down list.
  4. Click Create on the Search Permission Sets page and enter the details for the permission set:
    1. Name: Unique name of the permission set.
    2. Description: Short description on the permission set.
    3. Object: Select the object for which you want to create the permission. For example, Manufacturer.
    4. Condition: Select a condition from the list of available conditions or you can also click Create Condition to create a new condition.

      The condition helps narrow down the object by applying filters on object attributes.

    5. Permission: Permissions are listed according to the selected object. Select a permission based on the actions you want the team to perform on the object.

      Create: allows user to create the object.

      View: allows the user to see the object attributes in read-only format.

      Manage: allows the user to view and edit an object.

      Delete: allows the user to add the object to a delete group.

      Discover: allows the user to view only the item number of the item on which the user has discover permission in various places like relationships, structure, affected objects and so on. The items with only discover permission can’t be searched or found in the select item dialog box.

      Change Status: allows the user to promote or demote the workflow, which also checks the if additional workflow control named Cancel Change Orders or Lines is set to Yes for canceling the workflow. Note that this is only applicable for workflows.

      Publish: allows the user to publish the workflow. Note that this is only applicable for workflows.

    6. Access To: Select the attribute groups the team can access. Note that:
      • Access To column is disabled when you select the Create privilege (in the Permission column), which means users automatically gain access to all attribute groups defined for the object during its creation.
      • You can control access to attribute groups when using the View and Manage permissions.

      • You can’t control access to attribute groups on items when using the Create, Discover, and Delete permissions.

  5. Click Save.

Search for Permission Sets

On the Search Permission Sets page here’s what you can do:

  • View a listing of the permission sets that have already been created.
  • Search for specific permission sets.
  • See details of the permission set by clicking the name of the permission set.
  • Sort the permission sets by the columns.

What You Can do Depending on a Permission

Here’s what you can do on an object depending on the assigned permissions:

Item

  • Create: Setup a condition with an organization and item class only.

  • View: View the item attributes in a read-only format.

  • Delete: Assign the item to a delete group, facilitating its deletion.
  • Manage: View and edit an item.
  • Discover: View only the item number of the item in various places like relationships, structure, affected objects and so on. The items with only discover permission can’t be searched or found in the select and add items dialog box.
  • Change Status: Not applicable
  • Publish: Not applicable
Workflow
  • Create: Set up a condition with a change type and organization only, where the change order type is required. Once the user enables the access control list, the application will ignore the Creator list defined in the Manage Change Order Type setup task and only honor the create permission (in the access control list).
  • View: View the change header, descriptive flexfields, extensible flexfields, and individual workflow tabs.
  • Delete: Assign the workflow to a delete group, facilitating its deletion.
  • Manage: Edit the workflow including its attribute groups and perform actions on tabs. A user’s actions on the workflow are governed by a combination of the additional workflow controls in the change type setup and the access control list. When a user is granted the manage permission, the application checks the additional workflow controls to determine the specific actions the user is authorized to perform.
  • Discover: View only the change number of the workflow in relationships, item changes tab and so on. The workflows with only discover permission can’t be searched.
  • Change Status: Promote or demote the workflow, which also checks whether the additional workflow control named Cancel Change Orders or Lines is set to Yes for canceling the workflow.
  • Publish: Publish the workflow.