Level 2 - Sprint 2 - Security
When I view Global Demand Dashboard as a Product Family Manager, I am able to view and change the Account list as per below:
However, the Product Family Manager is not given access to Accounts list. I would have thought the Accounts page selector would not be accessible by the Product Family Manager. Would like to learn from experts on information relating to this.
This is an important question and one that I touched upon before in one of my replies.
When giving access to a role, we almost never give access to lists (Role ==> List) but rather we give access to modules. So there is no need - or benefit - of giving List access to the Product Family Manager role.
Now let's think about what list items should a role see. How do we determine that? Please review the training When to Use Roles, Selective Access or Dynamic Cell Access
To accomplish limiting a user to certain items on a list we use the Selective Access security mechanism.
When you change your user to the Product Family Manager Role, pay attention to the selective access parameters you have to select (Read and Write) to mimic the test scenario the training provided (which product family, which accounts)
Hopefully, this will help you arrive at the right way of doing the security, but if you have any more questions please let me know.1
I got it 🙂
I had initially thought access to lists (Role ==> List) must be given in order for Selective Access to work, which I now understand as not required.