Regional Contract Management permission Strategy

Go to solution
Mohamed Elsayed
Tera Expert

‎10-09-2024 10:20 AM

Hi All,

 

We have offices in three different countries, and I need to ensure that each region can manage and create contracts exclusively for their own customers. They should not have the ability to modify or renew contracts for customers from other regions. What would be the best approach to achieve this?

 

Regards,

Mo

Labels:
0 Helpfuls
  • 595 Views
1 ACCEPTED SOLUTION

Go to solution
HIROSHI SATOH
Mega Sage
In response to Mohamed Elsayed

‎10-09-2024 11:46 PM

The currently configured ACL allows updates if the contract record's account is Singapore. This is incorrect because only the role is linked to the user.

Also, assigning a fixed region, such as Singapore, to the ACL is incorrect because you would need one ACL per region.

The correct condition would be if the contract record's region and the account's region to which the user belongs are the same. I think this is a condition to set in the script.

For roles, you need to restrict who can update them even if the regions match. I think this is fine as it is.

My concerns are that a user can only be linked to one account and how to handle users who do not belong to an account.

You also need to consider whether restrictions are needed for other information linked to the contract.

View solution in original post

4 REPLIES 4

Go to solution
HIROSHI SATOH
Mega Sage

‎10-09-2024 10:59 AM

If your organization prefers a simpler solution and doesn’t need strict partitioning, using Access Control Rules (ACLs)   would be the most efficient way to implement regional contract management. If stricter separation is needed, consider Domain Separation.

0 Helpfuls

Go to solution
Mohamed Elsayed
Tera Expert
In response to HIROSHI SATOH

‎10-09-2024 11:59 AM

Thanks @HIROSHI SATOH ,

Most likely, we will proceed with the ACLs scenario. In the Account table, there’s a field called “Support Region” that determines which region should support each account/customer. I plan to use this field in the ACLs. I’ve created three ACLs (Read, Write, and Create) as shown below, and also created a role called “sg_contract_role.” This role has been assigned to the relevant team responsible for updating and renewing SG contracts. I am still testing but is not woking as expected so far.

 

I will also need to edit the required roles for some UI actions such as Renew, Adjust, and Submit for Review. If you have any tips or tricks, please let me know.

 

MohamedElsayed_0-1728499960455.png

 

0 Helpfuls

Go to solution
HIROSHI SATOH
Mega Sage
In response to Mohamed Elsayed

‎10-09-2024 11:46 PM

The currently configured ACL allows updates if the contract record's account is Singapore. This is incorrect because only the role is linked to the user.

Also, assigning a fixed region, such as Singapore, to the ACL is incorrect because you would need one ACL per region.

The correct condition would be if the contract record's region and the account's region to which the user belongs are the same. I think this is a condition to set in the script.

For roles, you need to restrict who can update them even if the regions match. I think this is fine as it is.

My concerns are that a user can only be linked to one account and how to handle users who do not belong to an account.

You also need to consider whether restrictions are needed for other information linked to the contract.

Go to solution
Mohamed Elsayed
Tera Expert
In response to HIROSHI SATOH

‎12-04-2024 04:51 AM

Thanks @HIROSHI SATOH, we are trying to avoid scripting as much as possible to allow the other team members to manage this if needed easily that's why we are not in favor of creating a script to check the condition of matching the support region with the contract region. So, we most likely will end up creating an ACL for each region.

0 Helpfuls