User Administration Overview
Overview
Outside of some eCommerce implementations, all users that require access to Oracle CPQ must have a specific user assigned to them. Users can be created and maintained manually by admins, through bulk upload /download, or through user integration with a CRM system.
Users can be created for the Host Company or Partner Organizations. For more information on managing Partner Organization users, see the topic Partner Organizations.
Users cannot be deleted, but they can be inactivated. When a user is inactive, its owner will not be able to log in to Oracle CPQ and the user will not count in the User License count. Actions that were previously done by a user that is not inactive will still be attributed to the active user within CPQ.
Both active and inactive Host Company users can be created, activated/inactivated, viewed, or modified on the User Administration List page.
All Host Company users fall into two general categories:
- Admin Users: Admin users have access to both the admin-side of Oracle CPQ and the user-side of CPQ. Admin users are responsible for implementing and maintaining an Oracle CPQ site.
- Sales Users: Sales users only have access to the user-side of CPQ. Sales users use Oracle CPQ to configure products, create transactions, and create proposal documents.
Within these two unofficial categories, there are four different user types. There is one “admin user” user type and three “sales user” user types:
- Sales Agent
- Channel Agent
- Restricted Access
User Type | Category | Description |
---|---|---|
FullAccess | Admin User |
Outside of specific pages designated only for the SuperUser, FullAccess users can access all admin pages and all user-side pages unless otherwise restricted. FullAccess users can perform all admin tasks they can access, with the exception of creating and modifying users. In order to create or modify other users, FullAccess users must have the User Administrator checkbox selected in their user profile. Giving a FullAccess user permission to create and modify users is also known as giving a user “SuperUser rights,” since the user’s access rights will be similar to that of the site’s SuperUser. Without the permission to create or modify users, FullAccess users will only see their own user profile when accessing the User Administration List.
When the Enable Administrator Groups setting on the General Site Options page is set to Yes, an Access Administrator checkbox displays as a Permissions property on the User Administration page. Only Access Administrators can create and edit Administrator groups. While the checkbox is read-only for Full Access Host Company users, SuperUsers and Access Administrators can delegate Access Administrator permissions to other Host Company users of type Full Access. FullAccess users that do not have permission to create and modify users can have their admin access further restricted to only specific Product Families, Supported Product Families, or Data Table Folders, if desired. For more information, see the topic Administrator Access Control. The User List shows all users. If the logged in user is not a User Administrator they will be able to see other user's detail pages in read-only mode. They can edit their own details by clicking their login in this list or by opening their My Profile page from the navigation bar or header. To restrict access to the Users list create an Admin Group which excludes access to that feature. |
SalesAgent | Sales User | SalesAgent users only have access to the user-side of the application and cannot access any admin modules. SalesAgent users also have read/write access to the Oracle CPQ Accounts database. |
ChannelAgent | Sales User | ChannelAgent users only have access to the user-side of the application and cannot access any admin modules. ChannelAgent users also have read access to the Oracle CPQ Accounts database. |
RestrictedAccess | Sales User |
RestrictedAccess users only have access to the user-side of the application and cannot access any admin modules. RestrictedAccess users do not have access to the Accounts database. Note: If your Oracle CPQ site is integrated with a CRM system and you therefore do not use CPQ’s native Accounts Database, it is recommended to create all sales users as RestrictedAccess users. |
All Oracle CPQ sites have three default, special users:
- superuser
- guest
- system_user_cpq_server_as_client
User | Category | User Type | Description |
---|---|---|---|
superuser | Admin User | FullAccess |
The SuperUser is typically the main Oracle CPQ admin. By default, the SuperUser has permission to create and modify users, and this right cannot be revoked. The SuperUser also has certain tasks that only it can perform, such as Parts integration, viewing Document Designer and Email Designer template XSL files, and archiving Transactions. The SuperUser cannot be inactivated, but can have certain aspects of its user profile modified. |
guest | Sales User | RestrictedAccess |
The guest user gives external users that do not have Oracle CPQ login credentials access to the Home Page and any Configurators with punch-ins on the Home Page. In order for external users to access the Home Page with the guest user, Allow Guest Access must be set to Yes in General Site Options. The guest user is used in public-facing eCommerce implementations where anyone can access Configuration without needing to log in. Guest users can configure a product and view its pricing within the Configurator, but once a Process Invocation action (such as Create Quote) is invoked, the user must sign in to Oracle CPQ or sign in as a temporary user, depending on the implementation. The guest user can be modified and inactivated, but inactivating the guest user is inconsequential. Whether or not the guest user is active or inactive, the Allow Guest Access General Site Option determines if external users can access the Home Page with the guest user, since the guest user does not count in the User License count. |
system_user_cpq_server_as_client | Admin User | FullAccess |
The system_user_cpq_server_as_client user is a system user used for OAuth authentication within Oracle CPQ to enable Single Select Pick List functionality. Admins cannot and do not need to do anything to or with the system_user_cpq_server_as_client user. While it appears that the system_user_cpq_server_as_client user can be inactivated and can be modified, it cannot— errors will occur when an admin attempts to inactivate the user and when an admin attempts to save changes made to the user. |
Host Company User Access Chart
Function/Module | SuperUser | FullAccess Users | SalesAgent Users | ChannelAgent Users | RestrictedAccess Users |
---|---|---|---|---|---|
Archiving Transactions |
✓ | ||||
Parts Integration | ✓ | ||||
Viewing Document Designer/Email Designer Template XSL | ✓ | ||||
View, create, and modify users | ✓ | With permission | |||
Product Definition and Catalog Definition | ✓ | With permission (permission granted by default) | |||
Data Tables | ✓ | With permission (permission granted by default) | |||
Remaining Admin Modules | ✓ | ✓ | |||
Modify Accounts | ✓ | ✓ | ✓ | ||
View Accounts | ✓ | ✓ | ✓ | ✓ | |
Remaining User Side Modules |
✓ | ✓ | ✓ | ✓ | ✓ |
Administration
Accessing the User Administration List Page
- Click Admin to go to the Admin Home Page.
-
Click Internal Users in the Users section.
The User Administration List page opens.
The User Administration List page contains two lists of users, the User Administration List (active Host Company users), and the Inactive Users List (inactive Host Company users).
Each list contains each user’s Login (username), Name (the First and Last name of the user), and User Type. Clicking a column heading will sort the list based on the values of that column. Clicking a user’s login name will open the user’s profile page. For more information, see the topic Setting Up Users.
Active users (other than the SuperUser, Guest user, and system_user_cpq_server_as_client user) contribute to the User Licenses figures at the top of the User Administration List.
User Administration List Search
To make it easier to locate a specific user from the User Administration List page, Oracle CPQ 20B introduces the ability to search for a user. You can locate active and inactive users by searching on user Login, First Name, and/or Last Name.
To search for a specific user in the User Administration List:
- Enter all or part of the user information in the Login, First Name, or Last Name fields.
- Click Search. The results of the search display.
User List Pagination
Administrators have the ability to set up pagination links for the Active or Inactive User Lists. If there are more than 50 users in the User Lists the Previous, Page Number, and Next links display at the bottom of the list. For information, see the topic General Site Options.
FullAccess users with permission to create and modify users have access to the following buttons on the User Administration List page:
Button | Description |
---|---|
Import | Takes the admin to the Bulk Upload page where user data can be bulk uploaded. For more information, see the topic Bulk Uploads. |
Export | Bulk Downloads user data to a CSV file within a ZIP file. For more information, see the topic Bulk Downloads. |
Add | Takes the admin to the User Administration page and begins the process of creating a new user manually. For more information, see the topic Setting Up Users. |
Inactivate | When an active user is selected, clicking Inactivate will inactivate the user. |
Back | Returns the admin to the Admin Home Page. |
Activate | When an inactive user is selected, clicking Activate will activate the user. |
All active users (besides the superuser or the user the admin is currently logged in as) can be proxy logged in to by FullAccess users with Allow Proxy Login permission.
Proxy login is useful in debugging or verifying that user access changes have been implemented. When proxy logged in as another user, the admin will see the application as the user he/she is proxy logged into sees the application—all of that user’s access rights are applied. Within the system, any action the admin takes while proxy logged in as another user will be attributed to the user he/she is proxy logged in as.
To proxy login as another user:
- Log in to Oracle CPQ as a FullAccess user with permission to create and modify users.
- Click Admin to go to the Admin Home Page.
- Click Internal Users in the Users section.
- The User Administration List page opens.
- Click the Proxy Login icon () next to the user you want to proxy login as.
- The Home Page appears. You will see the Home Page and anywhere else you navigate to within the application as the user you are proxy logged in as would see it.
When proxy logged in to another user, a Proxy Logout button appears next to the Logout button in the top navigation panel. Clicking Proxy Logout will end the proxy session and return the admin to the User Administration List. Clicking Logout while proxy logged in to another user will completely log out of CPQ.
When proxy logged in to another user, a Proxy Profile button will take the place of the My Profile button in the in the top navigation panel. Clicking Proxy Profile will open the user profile of the user you are logged in as.
Refer to the following topics for information: User Permissions, Host Company, and Partner Organizations.
There are several General Site Options that relate to users, such as Allow Guest Access, Enable Quick Registration, and password options. For more information, see the topic Managing General Site Options.