Providing access to custom objects

AD
DM

To enable users to view custom objects in the Network UI, data visibility profiles (DVPs) must be updated or created to include custom objects, and user profiles might need to be assigned to new DVPs.

Data visibility profiles

As with Veeva entities, user access to search for and view custom objects is determined by a user's data visibility profile (DVP) (Users & Permissions > Data Visibility Profile). Each custom object includes a primary country, so access to the object is based on the privileges configured in the user's DVP that matches the country of the record.

By default, when custom objects are enabled in your Network instance, access to them is disabled in all existing DVPs.

Depending on the custom object, you might add it to an existing DVP, or you might create a new DVP.

Review the following examples.

Example 1 - Appended access

For the custom object, STUDY, record visibility might be required for several countries because clinical trials can include participants and facilities in multiple countries. The data is not sensitive, so on existing DVPs for the applicable countries, administrators set the Study Visibility permission to All Studies and add the STUDY profile layout to the Profile Layout section.

Example 2 - Restricted access

A custom object called EMPLOYEE, for sales employee data, should be restricted to a specific subset of users that are authorized to view that personal data. Administrators can create a new DVP for each country that has that EMPLOYEE record. For each new DVP, set the Employee Visibility permission to All Employees and add the EMPLOYEE profile to the Profile Layout section. For all existing DVPs, the Employee Visibility permission is set to No Employees by default.

Defining permissions

By default, there is no access to custom objects. When you edit a DVP you can choose All or No.

The following functions are available for users with the All access permission:

  • Search - Users can search for a record and open the profile of the record. This includes advanced search. Objects related to the custom object are also visible.
  • View - Users can view the record profile for custom objects
  • Reporting - The records are included in report results where the query would include the record.
  • Related object profiles - The record is visible on the profile of a related object.

  • Editing fields - Add and edit custom objects, including custom sub-objects and custom relationship object fields.

    Note: The Read-only access permission must also be set to False for users to be able to add and edit custom object types.

  • Target subscriptions - Records are available for export if they meet the filter criteria configured in the subscription.
  • API - Users with API permissions can access the instance of the custom object with the same primary country using the following API calls: Retrieve Entity, Batch Retrieve Entities, Search.
  • Suspect Match - Data stewards can find and resolve suspect matches with corresponding records.

If a data visibility profile specifies No visibility to the custom object, the above actions are not available for users assigned to the DVP.

Assigning DVPs to users

If you added the profile layout and assigned custom object permissions to existing DVPs, the users assigned to those DVPs will automatically have access to the custom object. If you created a new data visibility profile for the custom object, assign the DVP to the users that need to access those records.

  1. In the Admin console, click Users & Permissions > Users and select a user.
  2. In the Data Visibility Profile section, click Add Profile.
  3. Select the Country and corresponding Profile.
  4. Save your changes.

The user now has access to that custom object in your Network instance.

Next steps

Users with access to a custom object can submit add and change requests for the object. Define workflow settings to determine whether the data change requests are routed to data stewards or are automatically approved.