Share
Report
1,032I've been doing some test to find out the minimum permissions required to create users in Business Units.
For this exercise, I have two roles:
- A modified version of System Customiser Role.
- Sort of a minimum role for users to be able to log-in.
- I removed all that has to do with User, User Settings and Business Units from this role.
- A role for testing User and BU privileges
- I combined privileges for User, User Settings and Business Units.
Here is what I came up with as the minimum requirements for creating a user:
A few explanations:
- Business Unit - Read: If the user does not have read privileges for business units, the user will get a permission error as son as they click on the New button to create a user.
- Business Unit - Append To: Without this privilege, the button to create a new user will not be seen.
- User - Read: Without the ability to read users, you cannot do anything else, including create.
- User - Create: For the main action I am trying to cater. As soon as the user is created, the record will be read-only because there is no Write permission.
- User Settings: I noticed that unless user settings permissions are given, user creation will fail (insufficient permissions). I don't care for these at this point (I can fine-tune later).
Now, here is what is confusing me:
- See how User has no Append privileges.
- Yet, I can append the user to any business unit that I can read.
- Even if I allow for Business Unit Read to be organization-wide (4/4), but the Append To is just to the local Unit (2/4) I can still create users in any Unit as long as I can read such Unit.
To sum up:
- Business Unit: Append To: Is required to allow users to see the New user button.
- But other than that, the person creating the user record will be able to create the user in any Business Unit that they can read.
- As for User permissions, there seems to be no need for Append permissions.
This whole thing seems quite inconsistent to me. Thoughts?
I have the same question (0)
All responses (
Answers (
