Teams

You can create a team to manage access to certain objects. This involves adding members based on the membership conditions defined for your filtered list or adding individual members directly.

Additionally, you’ll add permission sets that identify the object for which permission is given, the conditions that must be met, and the type of access to be granted.

Prerequisite for creating teams:

• Create conditions
• Create permission sets

Create a Team

Here’s how you create and configure a new team:

1. Navigate to the Product Management work area.
2. In Actions, click Teams.
3. In the Search Teams page, click Create.
4. In the New Team page, provide these details:
   1. Name: Unique name for the team.
   2. Description: A short description of the team.
   3. Status: Set the status of the team to Active.
5. In the Members tab:
   1. Select members based on the membership conditions defined for your filtered list.
   2. Select roles you want to add in the team.
   3. Optionally, add individual users directly.
6. In the Permission Sets tab, add the permissions you created in the Permission Set page.

7. Click Save and Close.

Note: Rebuild the workflow index after creating permission sets and activating your teams to ensure data security is applied the first time you enable the profile option Enable Access Control List for Workflows.

Team Status

You can set the team status as Active or Inactive.

An active status indicates a is fully operational team. When the status is set to Active and the team is saved, the associated scheduled processes are executed. The access control list is implemented upon the successful completion of these processes.

An inactive status indicates a team that isn't currently operational, so the membership conditions and permission sets aren’t honored. For example, consider a team configured to provide component engineers based out of New York City or Houston permission to view all manufacturers and restrict manage permission to some US manufacturers. If the team is set as inactive, then the conditions for the view and manage permissions aren’t honored.

Team Indicators

The Refresh the Access Control List for the teams - a scheduled job, is run to apply and update security modifications whenever you save changes to a permission set that is associated with a team or when you add or remove a permission set from a team. The Process Status indicator provides real-time information on the process. Track the status of this process with the indicator that’s displayed on the Team page and the Teams search page. Filter your search results using the Process Status filter.

Indicators and their Significance:

• Draft (Grey): indicates that the team is inactive or doesn't have permission sets added yet.
• In Progress (Blue): indicates that a scheduled process is currently running to apply updates made to team security.
• Completed (Green): confirms that the scheduled process is completed, security changes have been successfully applied and the team is ready for use.
• Error (Red): signals that the scheduled process has encountered an error. Administrators must then, manually run the Refresh the Access Control List for the Teams job for the affected team to apply the changes.

Guidelines for Managing Teams

• All the permissions granted to the team are granted to all the members of the team. If you add a user to multiple teams, that user can access all the objects that each of those teams has access to.
• If a new user is created and meets the membership condition defined for a team, then that member automatically gets assigned the team’s privileges for data access. Similarly, if a user leaves the organization, then that user won’t meet the membership condition, and will no longer have access. If a user moves from one division to another, then the team access will be computed automatically based on the conditions defined for membership rules.
• A member or membership condition can be included in multiple teams. A permission set can also be assigned to multiple teams.
• The team is inactive by default. After permissions are applied, members can access the data only if the team status is set to active. You can set the team status to Inactive while making changes and set it back to Active once your changes are complete, to ensure that all updates are applied immediately.
• Before allowing users to access the application, ensure that the team process status displays Completed so that users have the correct permissions.
• If there's an error in the team, you can run the Refresh the Access Control List for the Teams scheduled process again by selecting the team name.

Update Access Controls

You must run scheduled processes and perform some actions to update the access controls.

• Refresh the Access Control List for Teams: Run this manually, if you disable and then enable the profile option (Enable Access Control List for Items). Note that this process runs automatically whenever you save a permission set used in a team or add a permission set to a team.
• Update the Members List Based on Membership Criteria: Run this the first time you associate membership conditions to the team. You can specify the frequency at which the member list should be refreshed, based on how often member data is likely to change. You can run this job when members are moving divisions, joining the organization or leaving the organization and you want to refresh the data before the scheduled refresh. For this scheduled process to work you must enable Atom Feeds.