Permission Sets

AD

Administrators can provide application-level access to features using permission sets. Some feature access is controlled through a user's profile or at the instance-level (General Settings). Permission sets give Administrators more granular application-level control. Permissions can be granted to user groups or individual users.

Example

The Profile Notes feature enables you to view, create, and delete notes on records. Using permission sets, you can give users access to view and create notes, but restrict their access by preventing them from deleting notes.

Permission sets are supported for the following features:

Notes Permission Set (default)

Network provides a default permission set called Notes Permission Set (Default). Use this permission set to provide or restrict access to notes on record profiles and on inbox tasks (add requests and change requests).

Manage permissions for notes

By default, all users (except Standard users and Integration users) have all permissions for notes enabled for the profile page and for DCRs in the inbox.

To update permissions for users or user groups:

  1. Open the Notes Permission Set (Default).

  2. In the Notes section, there are two headings:

    • Profile Notes - Notes on the profile page.

    • DCR Notes - Notes on add and change requests.

  3. For each heading, you can select the following permissions:

    • View - Allow users to view notes.

      If this permission is not selected, users can access the Notes tab but they will the following message: Insufficient Access Permission.

    • Add - Allow users to add notes. If users have Add access, they also have View access by default.

      If this permission is not selected, users can view notes, but the option to add notes is dimmed.

    • Edit - Allow users to edit notes and pin/unpin notes.

    • Delete - Allow users to delete their own notes and notes created by other users.

      If the Edit permission or the Delete permission is not selected, they are dimmed in the Options menu.

Administrators can add user groups or individual users to this permission set to manage access to profile notes and DCR notes in their Network instance.

Tip: Create a new permission set to manage note access for specific users or user groups.

Define a permission set

Create a permission set to give users application-level access to features; for example, the DCR Cleanup feature. Users who are not defined in this permission set will not see the DCR Cleanup feature in the Inbox.

To create the permission:

  1. In the Admin console, click Users & Permissions > Permission Sets.

  2. Click Add Permission Set.

  3. Type a Name and Description.

  4. The Status is Enabled by default. When the permission set is saved, the defined users will have immediate access to the DCR Cleanup feature.

  5. In the Permissions section, choose the operations the users can access.

    DCR Cleanup

    An inbox feature that enables users to bulk process tasks.

    • Reject tasks - Bulk reject tasks.

    • Cancel tasks - Bulk cancel tasks.

    • Approve tasks - Bulk approve tasks.

    Users that have access to these operations can select the tasks from the Inbox or upload a file containing task IDs. These permissions also give users access to the DCR Cleanup page (View Previous Operations option) to monitor their task cleanup operations.

    If a user does not have access to one of the actions, it does not display in the feature.

    Example

    If you give users access to Reject tasks, but not Cancel tasks or Approve tasks, they will only see the option to reject tasks in the DCR Cleanup list.

    Field Helper

    Allow users access to view and manage field help.

    • View Field Helper on Profile - Users will have access to view the Help panel and information for fields on the Profile page.

    • Manage Field Helper - Users can add and manage field help.

  6. In the User Groups section, click Add User Groups.

    Select the groups that should have access to the feature and permissions that you have defined.

    Click Add User Group.

  7. In the Users section, add individual users to the permission set. Click Add Users and select the specific users.

  8. Save your changes.

    Users assigned to this permission set will now have access to the DCR Cleanup feature.

Audit

Administrators can track the changes to permission sets in the System Audit Log.

Tip: To filter the logs, use the PermissionSet object type.

The following activities are tracked:

  • Enabling and disabling a permission set.

  • Changing a permission set: permissions, user groups, and users.