1. Implementing Product Management
  2. Access Control Lists for Catalogs and Categories

Access Control Lists for Catalogs and Categories

You can create your own data access groups to control which users can view or manage catalogs and categories using criteria-based access control.

Note that a catalog is a collection of categories used to classify items.

Access can be granted according to roles, individual users, or users based on filtered lists. You can control access to each catalog or category by creating conditions based on basic and descriptive flexfield attributes and assigning permissions to various catalog or categories.

You can give specific data access to selected users in your organisation. For example:

  • Some users might require mange access to catalogs and categories.
  • Others users might require only view access to catalogs and categories.

Before you secure catalogs and categories, here’s what you must know:

  • You can create conditions to define restrictions on catalogs or categories based on the basic and descriptive flexfield attributes (of catalogs and categories).
  • It's recommended to create conditions with either catalog or category attributes, and to avoid combining both in a single condition.
  • You can generate the instance report only for a catalog, not for a category.
  • To share a category from a source to a target catalog, users require the View permission on the source and the Manage permission on the target.
  • To provide access to common catalogs after you enable the access control list for catalogs, you must create a condition to filter the common catalogs, create a permission set, and assign the permission set to a team that has the required users.
  • The functional area catalogs aren’t secured through access control lists.

Enable Access Control Lists for Catalogs and Categories

To use criteria-based access control for catalogs and categories, you must enable the profile option Enable Access Control List for Catalog. By default, the profile option is set to No.

On enabling the profile option, the catalogs will continue to honour any existing security settings until you create a permission and permission set which you can then add to an active team.

Note:

Once the profile option is enabled and a permission is created for a catalog and added to an active team, all catalogs in the application will become private, regardless of their current public or private settings. You must manually assign user permissions to these catalogs.

Permission Sets for Catalogs and Categories

Permission sets enable you to define access on catalogs and categories. In each of the permission set you can add multiple permissions on catalogs and categories granting access for the team members.

You can provide conditional access using permissions such as view or manage.

  • View permission: allows users to view the catalog and category attributes (in a read-only format).
  • Manage permission: allows users to view and edit the catalog or category.
Note: It's recommended to create conditions with either catalog attributes or category attributes. Avoid creating conditions which have both catalog and category attributes.

How Security is Applied on Catalogs and Categories

A catalog is a collection of categories used to classify items. You can grant access to catalogs or categories using the view or manage permission. Here’s what you must know about the security:

  • Catalog-level Security: When the View or Manage permission is assigned at a catalog level, these permissions are automatically inherited to all categories within that catalog.
  • Category-level Security: When the View or Manage permission is assigned to a specific category, the same permission is inherited to its child categories. Additionally, the View permission is assigned to the parent category.

When a category is shared with another catalog, you must know that:

  • Security permissions from the source catalog aren’t extended to the target catalogs.
  • Child categories are automatically shared, but their permissions aren’t shared to the target catalogs.

Examples of Permissions Assigned to Catalogs and Categories

Here’s an example of an electronics catalog and its category hierarchy.

Electronics catalog:

  • Smartphones
    • Phone X Series
      • Phone X Pro
      • Phone X Pro max
  • Laptops
    • Laptop Air
    • Laptop Pro
  • Audio and Wearables
    • Earphones X
    • Smartwatch Y

If a user has the Manage or View permission on the Electronics catalog, the user will get access to all the categories in the catalog.

If a user has the Manage permission on the category Phone X Series but not it's parent Electronics catalog, the user will get the manage permission on the child categories Phone X Pro and Phone X Pro max. The user will inherit the view permission on the parent hierarchy Smartphones category and the Electronics catalog. Such users will view the following hierarchy:

Electronics

  • Smartphones
    • Phone X Series
      • Phone X Pro
      • Phone X Pro max

If a user shares the Smartphones category in catalog Holiday Sales, then only the users having access to the Holiday Sales catalog can see the shared category.

Note: To share a category from a source to a target catalog, assign the View permission to the user on the source catalog and the Manage permission on the target catalog.