Return to main navigation Page
You are here: Users > User Access Rights for Transactions
User Access Rights for Transactions
User access rights designate who is included in a profile. A profile determines which users can access a Transaction.
Access is granted based on company and user type, group
membership, and performing actions in other document steps. For more
information on the user types available, see Setting Up Users.
A user is included in a profile if one of the following conditions is satisfied:
- The user belongs to both a company type and user type that has been granted access rights
- The user belongs to a group that has been granted access rights
- The user is a performer of any action in a listed step
Setting up User Access Rights
- Navigate to the Process page.
- Click Admin to go to the Admin Home Page.
Click Process Definition under the Commerce and Documents section.
The Processes page appears.
Select Steps in the Navigation column and click List.
The Process page appears, with the name of the Process in the page title.
- In the left-hand panel, click the Name of a Process to expand it.
- Expand a Step.
- Double-click a Participant Profile, such as Admin or Sales Rep.
The Document Views tab appears on the right-hand side of the page.
- Click the User Access Rights tab.
- Select one or more items from the Access Rights section.
- Select one or more items in the Groups section.
Select one or more items from the Performer Steps section.
- Click Save.
"Web Services Only" User Permissions Checkbox
There is a Web Services Only checkbox on the Permissions section of the User Administration page. Only FullAccess users with the ability to create/modify users can change this setting. When the Web Services Only
checkbox is selected for an internal user, that user may only make Web
Services calls to the CPQ Cloud site; logging in through the web
interface will not be permitted.
Any user that does not have Web Services Only
checked will have their password expire within the defined Admin
setting. The user will be prompted to change their password on next
Users with ‘Web Services Only checked do not have their password expire, due to the nature of the account.
Users can be granted access to profiles through Auto-Forwarding Rules.
You can remove a Company Type: User Type set from the Access Rights list box by selecting the set and clicking the less than sign (<) button.
You can remove a group from the Selected Groups list box by selecting the group and clicking the less than sign (<) button.
Only SuperUser or FullAccess users can
view or modify other user profiles. All lower access users can only view
and modify their own profile.
Administrative functions can only
be performed by FullAccess users, including SuperUser. Admin functions
include making changes to configuration (adding attributes, creating
rules, and so on) and modifying Commerce Processes.
Admin User has no access to other areas of the administration platform.
If a FullAccess user is restricted from any Product Family or Data
Table (by folder), the user will automatically lose access to other
areas of the Administration Platform. The user will only have access to
the Product Family and/or Data Table that the SuperUser has allowed them
If a site exceeds the license
limitations on any of the license types (Internal User & Partner
Organization User), the administrator will not be allowed to create any
new users until the license count is decreased and no longer exceeds the
When the license limit is reached, an error
message appears instructing the administrator to contact Customer
Support and purchase additional licenses.