User Administration Overview

Overview

Outside of some eCommerce implementations, all users that require access to Oracle CPQ must have a specific user assigned to them. Users can be created and maintained manually by admins, through bulk upload /download, or through user integration with a CRM system.

Users can be created for the Host Company or Partner Organizations. For more information on managing Partner Organization users, see the topic Partner Organizations.

Users cannot be deleted, but they can be inactivated. When a user is inactive, its owner will not be able to log in to Oracle CPQ and the user will not count in the User License count. Actions that were previously done by a user that is not inactive will still be attributed to the active user within CPQ.

Both active and inactive users can be created, activated/inactivated, viewed, or modified on the Users page.

Oracle CPQ 25A introduced a new Application Administrator permission that can be granted to host company FullAccess users. The new Application Administrator is intended as a replacement for the single named SuperUser account available on Oracle CPQ sites. You can now elevate any FullAccess user to the role of Application Administrator by assigning this permission. This allows customers to share the responsibilities of this elevated user account without sharing the Superuser account and its credentials. Refer to the Application Administrator for detailed information.

ClosedUser Types

All users fall into two general categories:

Admin Users: Admin users have access to both the admin-side of Oracle CPQ and the user-side of CPQ. Admin users are responsible for implementing and maintaining an Oracle CPQ site. The admin user type can be referred to as FullAccess user. FullAccess users may have additional administrative control permissions assigned, such as Application Administrator.

  • Full Access User: Outside of specific pages designated only for the Application Administrator, FullAccess users can access all admin pages and all user-side pages unless otherwise restricted. FullAccess user restrictions can be applied by Administrator Groups (see Setting Up Groups), such as to only specific Product Families, Supported Product Families, or Data Table Folders, if desired.

    Also, user permissions can be applied to a FullAccess user to allow access to specific administration tasks. The following lists the various FullAccess User permissions available in Oracle CPQ:

    • Application Administrator Permission - Previously referred to as SuperUser permission, the Application Administrators are elevated users who gain additional privileges. They can perform special or sensitive tasks that Full Access admins cannot. This permission is only available to Host Company Full Access users. For detailed information, see Application Administrator.

    • User Administrator Permission - User Administrator users can view and manage users. This includes creating users, resetting passwords and deactivating users. Host company user administrators can manage all users on a site. Partner company user administrators can manage all users in their company.

    • Access Administrator Permission- Access Administrator users can view and manage Administrator groups and manage their access permissions. This permission is available when the General Site Option 'Enable Administrator Groups' is set to 'Yes'. This permission is only available to Host Company Full Access users.

    • Proxy Login Permission- Allow Proxy Login Users can log in as any user on the site and impersonate that user by clicking the Proxy Login icon from the Users list page. This permission can only be managed by User Administrators (when Enable Administrator Groups is set to 'No') or Access Administrators (when Enable Administrator Groups is set to 'Yes'). This permission is only available to Host Company Full Access users.

    • Web Services Only Permission - Web Services Only users are special user accounts which do not have access to the CPQ user interface. They can only log in via API. They are intended to be used as part of an integration, automation or other remote access scenario. Web Services Only users are not counted against the site's quota of user licenses, but they will consume API interactions when used. This permission is available to Host Company Full Access, Sales Agent, Channel Agent and Restricted Access users. It is not valid for guest or Application Administrator/SuperUser accounts.

  • Sales Users: Sales users only have access to the user-side of CPQ. Sales users use Oracle CPQ to configure products, create transactions, and create proposal documents. There are three sales user types: Sales Agent, Channel Agent, and Restricted Access.

    • Sales Agent User - SalesAgent users only have access to the user-side of the application and cannot access any admin modules. SalesAgent users also have read/write access to the Oracle CPQ Accounts database.

    • Channel Agent User - ChannelAgent users only have access to the user-side of the application and cannot access any admin modules. ChannelAgent users also have read access to the Oracle CPQ Accounts database.

    • Restricted User - RestrictedAccess users only have access to the user-side of the application and cannot access any admin modules. RestrictedAccess users do not have access to the Accounts database.

      If your Oracle CPQ site is integrated with a CRM system and you therefore do not use CPQ’s native Accounts Database, it is recommended to create all sales users as RestrictedAccess users

ClosedDefault Users

All Oracle CPQ sites have three default, special users:

User Category User Type Description
SuperUser
(Application Administrator)		 Admin User FullAccess

The Application Administrator is typically the main Oracle CPQ admin.

By default, the Application Administrator has permission to create and modify users. Oracle CPQ 25A and later requires that every host site has at least one FullAccess user with Application Administrator permissions assigned in addition to the initial SuperUser that was designated as an Application Administrator upon CPQ 25A upgrade. Only an Application Administrator can grant Application Administrator permissions to another user.

The Application Admnistrator also has certain tasks that only they can perform. Refer to Application Administrator for a list of capabilities.

guest Sales User RestrictedAccess

The guest user gives external users that do not have Oracle CPQ login credentials access to the Home Page and any Configurators with punch-ins on the Home Page.

In order for external users to access the Home Page with the guest user, Allow Guest Access must be set to Yes in General Site Options.

The guest user is used in public-facing eCommerce implementations where anyone can access Configuration without needing to log in. Guest users can configure a product and view its pricing within the Configurator, but once a Process Invocation action (such as Create Quote) is invoked, the user must sign in to Oracle CPQ or sign in as a temporary user, depending on the implementation.

The guest user can be modified and inactivated, but inactivating the guest user is inconsequential. Whether or not the guest user is active or inactive, the Allow Guest Access General Site Option determines if external users can access the Home Page with the guest user, since the guest user does not count in the User License count.
system_user_cpq_server_as_client Admin User FullAccess

The system_user_cpq_server_as_client user is a system user used for OAuth authentication within Oracle CPQ to enable Single Select Pick List functionality. Admins cannot and do not need to do anything to or with the system_user_cpq_server_as_client user.

While it appears that the system_user_cpq_server_as_client user can be inactivated and can be modified, it cannot— errors will occur when an admin attempts to inactivate the user and when an admin attempts to save changes made to the user.

ClosedUser Type Access Summary

The following table summarizes common functions and access for the FullAccess and Sales Users within Oracle CPQ.

Function Application Administrator FullAccess User Sales Agent User Channel Agent User Restricted Access User
Upload Products X X      
Modify Commerce X X      
Modify Configuration X X      
Product Definition and Catalog Definition X With permission (granted by default)      
Data Tables X With permission (granted by default)      
Perform Migration X X      
Archiving Transactions X        
Parts Integration X        
Viewing Document Designer/Email Desiger Template XSL X        
Manage Accounts X X   X  
View Accounts X X X X  
View/Modify Users X With User Administrator permission      
Manage Groups X With Access Administrator permission      
Manage Personal User Information X X X X X
Web Services Only   With Web Services Only permission With Web Services Only permission With Web Services Only permission With Web Services Only permission
Proxy Login X With Proxy Login permission      

Administration

ClosedAccessing My Profile

Beginning in Oracle CPQ 25B, the My Profile page was renamed User Detail page. See User Detail for more information.

ClosedAccessing a List of Users

Beginning in Oracle CPQ 25B, the User Administration List page was renamed Users page. See Setting Up Users for more information.

ClosedGeneral User Options

There are several General Site Options that relate to users, such as Allow Guest Access, Enable Quick Registration, and password options. For more information, see the topic Managing General Site Options.

NOTES

The Users page lists all users. If the logged in user is not a User Administrator they will be able to see other user's detail pages in read-only mode. They can edit their own details by clicking their login in this list or by opening their My Profile page from the navigation bar or header. To restrict access to the Users list create an Admin Group which excludes access to that feature.

There is a maximum of 500 FullAccess users per site.

Related Topics

Related Topics Link IconSee Also