Saturday, March 16, 2019

Ability to set Access Restrictions on Custom Lists based on Roles

Currently the only restriction to access Custom Lists is via a Role but this is applied to all Custom Lists. The following open enhancement exists asking for this:

Enhancement 161800: Customization > Custom Lists > Request the ability for List Level Restrictions (via an Access tab) Permissions based on Role. 

An Alternate Solution is to convert the Custom List into a Custom Record Type and use the Custom Record Type Permissions to control the Roles and the level of access that users should have to the list.

Step to accomplish this are:

1. Navigate to Customization > Lists, Records, & Fields > Lists.

  • Click on the Custom List in question
  • Check off Convert to Custom Record

  • Press Save. This converts the list in to a Custom Record Type

Note: This cannot be undone.

  • The list name becomes the name of the Custom Record Type
  • The list values become Custom Record Entries

2. Navigate to Customization > Lists, Records, & Fields > Record Types.

  • Click on Custom Record Type created above
  • In the header set Access Type = Use Permission List

  • Under Permissions tab

  • Add all the Roles that should have access to this Custom Record Type

  • Set Level = View for the Roles that should only be able to select from the existing list and access the open button to see the list record but not be able to make changes to it

  • Set Level = Full for the Roles that should have full rights to this list (i.e. add/edit/delete)

Note: Roles that should only be able to select from the list do not need to be added as users are already treated as Level = NONE, which means users do not see the open button next to the field on the entity form but users are able to select from the list.

  • Click Save

3. If a Custom Field calling the original Custom List (now a Custom Record Type) already exists proceed to the record (i.e. Entity/Transaction) that references this Custom Field to confirm the field is visible.

Note: The owner of the Custom Record Type are able to see the Open/Add/Edit buttons regardless of the Role users are using.

4. If point 3 passes, then proceed to have users with each of the Roles added in Point 2 confirm users are seeing the restrictions that have been setup when accessing the Custom Field that links to the list.

No comments:

Post a Comment