Using Permission Groups to Manage User Permissions

Objectives

After completing this lesson, you will be able to:
  • Describe the concept of Permission Groups in SAP CPQ.
  • Explain how Permission Groups work.
  • Use Advanced Mode for creating a permission group formula.
  • Explain when the system (re-) evaluates Permission Group formulas.

Permission Groups

List of the available permission groups

Permission Groups define visibility permissions and sharing rules over various SAP CPQ objects. By default, CPQ creates a permission group for each User Group, Company, and Market. Administrators can create additional Permission Groups or modify existing ones under SetupUsersPermission Groups.

Administrators use Permission Groups to assign access rights to multiple users with a single select. Users included in the same permission group share access rights to SAP CPQ objects, such as Pricebooks, Quote Tables, and more.

You can search and filter Permission Groups by using one of the following search queries:

  • Permission Group Name
  • Description
  • Members

You can filter group members by their username.

When creating a new Permission Group, administrators can add users by performing a simple search, an advanced search, or by browsing for specific users.

To do a simple search, select:

  • User Types
  • Companies
  • Markets
  • Brands
  • Users

Permission Groups Definition

Illustration, to the fact, that you can add permission groups in two ways: either with an OR logic or by an AND logic.

An additional permission group can be defined with simple criteria: as a combination of values from types, companies, markets, brands, and specific users. Multiple values of the same kind, such as multiple user types, are evaluated with OR logic; however, values of different kinds are evaluated with AND logic.

For example, if you define an additional permission group X as user types Sales and Sales Management and the company SAP Sales Cloud, then users will belong to permission group X, but only if both of the following criteria are true:

  • Their user type is either Sales or Sales Management.
  • Their company is SAP Sales Cloud.

The Advanced Mode

Advanced Mode can be used to filter users by custom fields and by fields not available in the simple search options. To perform a search, you can create a formula by using SAP CPQ tags. 

Use formulas to inspect the field values for the logged User.

For example, to determine if a user was an administrator the next formula can be used: <*CTX(Visitor.IsAdmin)*>.

Combining of Simple and Advanced Criteria

When combining simple and advanced search criteria, AND logic is applied. By using the examples above, a user belongs to permission group X only if:

  • Their user type was either Sales OR Partner.
  • AND their company was Acme Inc.
  • AND they were an administrator (as defined by the CTX tag).

Re-evaluation of Permission Group Formulas

Once a Permission Group formula is created, the system re-evaluates it on the following occasions to include or exclude Users:

  • When users log in.
  • After saving personal details on the User page
  • When the quote is loaded
  • When the quote market is changed

If a formula includes a Quote field, the system won't re-evaluate every time a change is made on the Quote, but only when the Quote is initially loaded. The re-evaluation of formulas isn't triggered by changes to Quotes. Consequently, the formula filters the same Users as before the change was made. Reloading the Quote re-evaluates the formula and corresponding Users are then included in the Permission Group.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn