User Permissions

Overview

Oracle CPQ is commonly administered by teams of individuals who are often a composite of different skill sets. Using the Administrator Access Control feature introduced in Oracle CPQ Release 18B, companies can delegate and restrict access to certain areas of CPQ. This prevents unauthorized users from introducing unintentional errors, clarifies areas of responsibility, and protects sensitive or proprietary information.

Administration

ClosedAssign User Administrator Privileges to FullAccess Users

Users with User Administrator permissions see all users when they click on the users tab. In addition, User Administrators can perform the following functions:

  • Proxy in as other users
  • Modify users
  • Reset passwords
  • Add new users or inactivate existing users
  • Create shared folders
  • Commerce archiving if the user belongs to Host Company
  • Schedule Usage Reports if the user belongs to Host Company
  • Access the Migration Center (Oracle CPQ 21B and later)
  • Send Broadcast Emails (Oracle CPQ 21B and later)
  • Access Single Sign-On (SSO) (Oracle CPQ 21B and later)

When the Enable Administrator Groups option on the General Site Options page is set to Yes, an Access Administrator checkbox displays as a Permissions property on the User Administration and My Profile pages.

To assign User Administrator privileges to FullAccess users, perform the following steps:

  1. Open the Admin Home page.
  2. Under Users, select Internal Users.

    The User Administration List page opens.

  3. Click the user login link for the FullAccess user you want to make an Access Administrator.

    The User Administration page opens.

  4. Select the User Administrator checkbox.

    User Administration

  5. Click Apply.

Note: Users must be logged in as a SuperUser or a FullAccess user with Access Administrator permissions in order to change the Access Administrator permission for other users.

ClosedUpdate User Permissions Using SOAP Web Services



ClosedAssign Access Administrator Privileges to FullAccess Users

Available for release 18B and later*

When the Enable Administrator Groups option on the General Site Options page is set to Yes, an Access Administrator checkbox displays as a Permissions property on the User Administration and My Profile pages.

Notes:

  • Only Access Administrators can create and edit Administrator groups.
  • This checkbox is always checked for the Host Company SuperUser and defaults to unchecked for all FullAccess users.
  • When Administrator Groups are first enabled, the SuperUser must assign Access Administrator permissions to other FullAccess users.

To assign Access Administrator privileges to FullAccess users, perform the following steps:

  1. Open the Admin Home page.
  2. Under Users, select Internal Users.

    The User Administration List page opens.

  3. Click the user login link for the FullAccess user you want to make an Access Administrator.

    The User Administration page opens.

  4. Select the Access Administrator checkbox.

    User Administration

  5. Click Apply.

Note: Users must be logged in as a SuperUser or a FullAccess user with Access Administrator permissions in order to change the Access Administrator permission for other users.


ClosedAssign Allow Proxy Login Privileges

Proxy login allows administrators to log in as another user to verify changes to their setup or isolate issues reported by users. When the Enable Administrator Groups option on the General Site Options page is set to Yes, an Allow Proxy Login checkbox displays as a Permissions property on the User Administration and My Profile pages.

To grant Allow Proxy Login privileges to FullAccess users, perform the following steps:

  1. Open the Admin Home page.
  2. Under Users, select Internal Users.

    The User Administration List page opens.

  3. Click the user login link for the FullAccess user you want to make an Access Administrator.

    The User Administration page opens.

  4. Select the Allow Proxy Login checkbox.

    User Administration

  5. Click Apply.

Note: Users must be logged in as a SuperUser or a FullAccess user with Access Administrator permissions to change the Allow Proxy Login permission.


ClosedAssign Web Services Access and SSO Settings

When the Web Services Only checkbox is selected for an internal user, that user may only make Web Services calls to the Oracle CPQ site; logging in through the web interface will not be permitted. Only FullAccess users with the ability to create/modify users can change this setting.

  • Any user that does not have Web Services Only checked will have their password expire within the defined Admin setting. The user will be prompted to change their password on next login.
  • Users with ‘Web Services Only checked do not have their password expire, due to the nature of the account.

To assign Web Services access and SSO Settings, perform the following steps:

  1. Open the Admin Home page.
  2. Under Users, select Internal Users.

    The User Administration List page opens.

  3. Click the user login link for the FullAccess user you want to make an Access Administrator.

    The User Administration page opens.

    User Administration

  4. Select the Web Services Only checkbox to only a user to access an Oracle CPQ site via Web Services calls.

    When selected, the user can only access the system by logging in through the SOAP or REST APIs. The user will not be able to access the Oracle CPQ user interface. For more information on Oracle CPQ Web Services see the topics An Overview of Web Services 2.0 and SOAP APIs and REST API Overview topics.

  5. Select the Enable SSO setting.

    If the User is enabled for Single Sign-On login and the site is enabled for SSO, the user can access login via this method.

  6. Set the External SSO ID, if desired.

    If the External SSO ID is set it will be used for SSO, otherwise the User's Login will be used.

  7. Click Apply.

Notes

If a site exceeds the license limitations on any of the license types (Internal User & Partner Organization User), the administrator will not be allowed to create any new users until the license count is decreased and no longer exceeds the license limit. When the license limit is reached, an error message appears instructing the administrator to contact Customer Support and purchase additional licenses.

In Oracle CPQ 23C and later, user license counting was modified to exclude Web Services Only users in the count. In addition, once the maximum number of licenses is allocated, Web Services Only users can still be added to the site.

  • Only SuperUser or FullAccess users can view or modify other user profiles. All lower access users can only view and modify their own profile.
  • Administrative functions can only be performed by FullAccess users, including SuperUser. Admin functions include making changes to configuration (adding attributes, creating rules, and so on) and modifying Commerce Processes.
  • A Restricted Admin User has no access to other areas of the administration platform. If a FullAccess user is restricted from any Product Family or Data Table (by folder), the user will automatically lose access to other areas of the Administration Platform. The user will only have access to the Product Family and/or Data Table that the SuperUser has allowed them access to.
  • Users can be granted access to profiles through Auto-Forwarding Rules.
  • You can remove a Company Type: User Type set from the Access Rights list box by selecting the set and clicking the less than symbol ( < ).
  • You can remove a group from the Selected Groups list box by selecting the group and clicking the less than symbol ( < ).

Related Topics

Related Topics Link IconSee Also