Access Permissions

Overview

The legacy Access Permissions feature for Oracle CPQ is being deprecated and end of life and removal of this functionality will occur in Oracle CPQ 25C. Access Permissions, sometimes referred to as Admin Segmentation, have been replaced by Administrator Groups.

Administrator Groups are currently an opt-in feature, but enabling this feature this will become mandatory and that will disable legacy Access Permissions. If you have not enabled Administrator Groups, we recommend administrators plan to transition to Administrator Groups.

Oracle CPQ is commonly administered by teams of individuals who are responsible for administering different subsets of Oracle CPQ features. Administrator Access Control allows an Access Administrator to secure certain administrative features and prevent other Full Access users from accessing those pages, links and services.

Oracle CPQ has two methods to restrict access to Oracle CPQ administration features:

Access Permissions

When Administrator Groups are not enabled, all Host Company FullAccess users can view and edit all administrator modules by default (except users). Administrator Access Control is achieved using the Access Permissions feature that lets User Administrators restrict access to Product Families, Supported Product Families, and Data Table Folders for individual Full Access users.

If the user is restricted from accessing anything (even just one Product Family or one Data Table Folder), he/she will also not be able to access any other administrator modules (including Commerce, the Document Designer, Parts, and so on) through the Admin Home Page besides the Product Families, Supported Product Families, and Data Table Folders he/she explicitly has access to.

ClosedExample

For example, if FullAccess User 1 only has access to Product Family A, and is restricted from accessing all other Product Families, Supported Product Families, and Data Table Folders, the user will only be able to access Product Family A on the administrator side of the application. User 1 will have no access to any other administrator modules through the Admin Home Page, which will look like the screen shot below.

Administration Platform with restricted access

If FullAccess User 2 has not had access restricted to any Product Families, Supported Product Families, or Data Table Folders, he/she will have full access to all administrator modules (except users).

ClosedImportant Implementation Information

If you restrict access to any Product Families, Supported Product Families, or Data Table Folders, you also should modify the Navigation Menu  links so that the administrator(s) cannot access modules they should be restricted from through the Navigation Bar.

For example, in the image below, the user has had access restricted and cannot access any administrator modules besides Data Tables through the Admin Home Page, but the user can still access Users, Groups, Parts, Catalog Definition, and so on, through the Navigation Bar. Access to these links should be removed using Navigation Menus. For more information, see Navigation Menu.

Data Table Access only

Administration

ClosedSet Administrator Access Permissions when Administrator Groups are Disabled

  1.  Log in as the SuperUser or a FullAccess user with permission to create and modify users.

  2. ClosedNavigate to the User Administration page.

    1. Click Admin to go to the Admin Home Page.

    2. Click Internal Users in the Users section.

      The Users page opens.

  3. Set Access Permissions for a FullAccess user without User Administrator access.

    • Only administrators with Access Administrator privileges can grant Access Administrator privileges to other Full Access users.
    • There is a maximum of 500 FullAccess users per site.

    1. Click the name of a FullAccess user that does not have permission to create and modify users.
      That user’s User Administration page opens.

    2. Click the Access Permissions tab.

    3. Select/deselect the Product Families, Supported Product Families, and Data Table Folders that the user should/should not have access to, respectively.

      If the Has Access checkbox is selected for any component, the user will have access to view and modify that component on the admin side.

      User Administration

  4. Click Apply or Update to save changes to the user’s admin access permissions.

Notes

The Users page lists all users. If the logged in user is not a User Administrator they will be able to see other user's detail pages in read-only mode. They can edit their own details by clicking their login in this list or by opening their My Profile page from the navigation bar or header. To restrict access to the Users list create an Admin Group which excludes access to that feature.

Admin Access Control does not impact the user side. A FullAccess user who is restricted from a Product Family on the admin side can still interact with the Product Family on the user side, unless access to the Product Family is restricted for that user through the Home Page. For more information, see the topic Home Page.

Related Topics

Related Topics Link IconSee Also