Skip to main content

Security scenario

At Kalos Pharma, users in the Medical group that have the CM_MedInfo_Agent role need to be able to edit CM_Custom_Response type documents that are in a Draft state.

To configure security to meet this requirement, follow the steps in these sections:

Step 1 - Configure the Document Sharing Rule

To configure a document sharing rule that applies to the Medical group:

  1. Create a Document Sharing Rule.

    1. In the Quick Find box in Setup, search for and select Custom Metadata Types.

    2. In the Document Sharing Rule row, click Manage Records.

    3. Click New.

    4. For each field in the Information section, enter the Value listed in the table.

FieldDescriptionValue
LabelDocument Sharing Rule labelMedInfo Type Documents Rule
Document Sharing Rule NameAPI name for the Document Sharing RuleMedInfo_Type_Documents_Rule
DescriptionDescription of the Document Sharing Ruleif a document's type equals CM_Custom_Response, the CM_MedInfo_Agent role should be added to that document's Document Roles table.
RoleRole associated to the Document Sharing RuleCM_MedInfo_Agent
CriteriaJSON criteria are used to determine whether a role(s) has access to a document.json \{ "path": "documentVersion.mvn__CM_Document_Type__c", "operator": "Equals", "value": "CM_Custom_Response" \}
ActiveWhether the Document Sharing Rule is activeYes

  1. Click Save.

  2. Create a Document Sharing Rule Group. The Document Sharing Rule Group connects the MedInfo_Type_Documents_Rule document sharing rule and the Medical group.

    1. In the Quick Find box in Setup, search for and select Custom Metadata Types.

    2. In the Document Sharing Rule Group row, click Manage Records.

    3. Click New.

    4. For each field in the Information section, enter the Value listed in the table.

FieldDescriptionValue
LabelDocument Sharing Rule Group nameMedInfo Type Documents Group
Document Sharing Rule Group NameAPI name for the Document Sharing Rule GroupMedInfo_Type_Documents_Group
Document Sharing RuleDocument Sharing Rule associated to the Document Sharing Rule GroupMedInfo_Type_Documents_Rule :::: note ::: title ::: This is the Document Sharing Rule created in the previous major step just created. ::::
GroupThe Group associated to the Document Sharing Rule GroupMedical
  1. Click Save.

Step 2 - Configure the Permission

To enable the CM_MedInfo_Agent role to Edit Document in a Draft state:

  1. Create a Document State Role that links the Draft state and the CM_MedInfo_Agent role together.

    1. In the Quick Find box in Setup, search for and select Custom Metadata Types.

    2. In the Document State Role row, click Manage Records.

    3. Click New.

    4. For each field in the Information section, enter the Value listed in the table.

FieldDescriptionValue
LabelDocument State Role nameDraft - MedInfo Agent
Document State Role NameAPI name for the Document State RoleDraft_MedInfo_Agent
Document StateDocument State associated with this Document State RoleDraft
RoleRole associated to this Document State Role‌CM_MedInfo_Agent

  1. Click Save.

  2. Create a Document State Role Permission that links the Draft - MedInfo Agent document state role with the Edit Document permission.

    1. In the Quick Find box in Setup, search for and select Custom Metadata Types.

    2. In the Document State Role Permission row, click Manage Records.

    3. Click New.

    4. For each field in the Information section, enter the Value listed in the table.

FieldDescriptionValue
LabelDocument State Role Permission nameDraft - MedInfo Agent - Edit Document
Document State Role Permission NameAPI name for the Document State Role PermissionDraft_MedInfo_Agent_Edit_Document
Document State RoleDocument State Role associated to this Document State Role PermissionDraft - MedInfo Agent
PermissionPermission associated to this Document State Role Permission‌Edit Document
  1. Click Save.

Outcome

With the document sharing rule created and the Edit Document permission for the CM_MedInfo_Agent role configured, anytime a user adds a CM_Custom_Response type document to the environment, determines that the rule is True for the added document and inserts the CM_MedInfo_Agent role to the document's Document Roles table. Users in the Medical group with the CM_MedInfo_Agent role are then able to edit the document while the document is in a Draft state.