User Permissions
Overview
Oracle CPQ is commonly administered by teams of individuals who are often a composite of different skill sets. Using the Administrator Access Control feature introduced in Oracle CPQ Release 18B, companies can delegate and restrict access to certain areas of CPQ. This prevents unauthorized users from introducing unintentional errors, clarifies areas of responsibility, and protects sensitive or proprietary information.
Administration
Assign User Administrator Privileges to FullAccess Users
Users with User Administrator permissions see all users when they click on the users tab. In addition, User Administrators can perform the following functions:
- Proxy in as other users
- Modify users
- Reset passwords
- Add new users or inactivate existing users
- Create shared folders
- Commerce archiving if the user belongs to Host Company
- Schedule Usage Reports if the user belongs to Host Company
- Access the Migration Center (Oracle CPQ 21B and later)
- Send Broadcast Emails (Oracle CPQ 21B and later)
- Access Single Sign-On (SSO) (Oracle CPQ 21B and later)
When the Enable Administrator Groups option on the General Site Options page is set to Yes, an Access Administrator checkbox displays as a Permissions property on the User Administration and My Profile pages.
To assign User Administrator privileges to FullAccess users, perform the following steps:
- Open the Admin Home page.
-
Under Users, select Internal Users.
The User Administration List page opens.
-
Click the user login link for the FullAccess user you want to make an Access Administrator.
The User Administration page opens.
-
Select the User Administrator checkbox.
- Click Apply.
Note: Users must be logged in as a SuperUser or a FullAccess user with Access Administrator permissions in order to change the Access Administrator permission for other users.
Update User Permissions Using SOAP Web Services
Assign Access Administrator Privileges to FullAccess Users
Available for release 18B and later*
When the Enable Administrator Groups option on the General Site Options page is set to Yes, an Access Administrator checkbox displays as a Permissions property on the User Administration and My Profile pages.
Notes:
- Only Access Administrators can create and edit Administrator groups.
- This checkbox is always checked for the Host Company SuperUser and defaults to unchecked for all FullAccess users.
- When Administrator Groups are first enabled, the SuperUser must assign Access Administrator permissions to other FullAccess users.
To assign Access Administrator privileges to FullAccess users, perform the following steps:
- Open the Admin Home page.
-
Under Users, select Internal Users.
The User Administration List page opens.
-
Click the user login link for the FullAccess user you want to make an Access Administrator.
The User Administration page opens.
-
Select the Access Administrator checkbox.
- Click Apply.
Note: Users must be logged in as a SuperUser or a FullAccess user with Access Administrator permissions in order to change the Access Administrator permission for other users.
Assign Allow Proxy Login Privileges
Assign Web Services Access and SSO Settings
Notes
If a site exceeds the license limitations on any of the license types (Internal User & Partner Organization User), the administrator will not be allowed to create any new users until the license count is decreased and no longer exceeds the license limit. When the license limit is reached, an error message appears instructing the administrator to contact Customer Support and purchase additional licenses.
In Oracle CPQ 23C and later, user license counting was modified to exclude Web Services Only users in the count. In addition, once the maximum number of licenses is allocated, Web Services Only users can still be added to the site.
- Only SuperUser or FullAccess users can view or modify other user profiles. All lower access users can only view and modify their own profile.
- Administrative functions can only be performed by FullAccess users, including SuperUser. Admin functions include making changes to configuration (adding attributes, creating rules, and so on) and modifying Commerce Processes.
- A Restricted Admin User has no access to other areas of the administration platform. If a FullAccess user is restricted from any Product Family or Data Table (by folder), the user will automatically lose access to other areas of the Administration Platform. The user will only have access to the Product Family and/or Data Table that the SuperUser has allowed them access to.
- Users can be granted access to profiles through Auto-Forwarding Rules.
- You can remove a Company Type: User Type set from the Access Rights list box by selecting the set and clicking the less than symbol ( < ).
- You can remove a group from the Selected Groups list box by selecting the group and clicking the less than symbol ( < ).