Skip to main content

Security scenario

At Kalos Pharma, users in the Medical group that have the CM_MedInfo_Agent role need to be able to edit CM_Custom_Response type documents that are in a Draft state.

To configure security to meet this requirement, follow the steps in these sections:

Step 1 - Configure the Document Sharing Rule

To configure a document sharing rule that applies to the Medical group:

  1. Create a Document Sharing Rule.

    1. In the Quick Find box in Setup, search for and select Custom Metadata Types.

    2. In the Document Sharing Rule row, click Manage Records.

    3. Click New.

    4. For each field in the Information section, enter the Value listed in the table.

      Field

      Description

      Value

      Label

      Document Sharing Rule label

      MedInfo Type Documents Rule

      Document Sharing Rule Name

      API name for the Document Sharing Rule

      MedInfo_Type_Documents_Rule

      Description

      Description of the Document Sharing Rule

      if a document's type equals CM_Custom_Response, the CM_MedInfo_Agent role should be added to that document's Document Roles table.

      Role

      Role associated to the Document Sharing Rule

      CM_MedInfo_Agent

      Criteria

      JSON criteria are used to determine whether a role(s) has access to a document.

      {
  "path": "documentVersion.mvn__CM_Document_Type__c", 
  "operator": "Equals", 
  "value": "CM_Custom_Response"
}

      Active

      Whether the Document Sharing Rule is active

      Yes

    5. Click Save.

  2. Create a Document Sharing Rule Group. The Document Sharing Rule Group connects the MedInfo_Type_Documents_Rule document sharing rule and the Medical group.

    1. In the Quick Find box in Setup, search for and select Custom Metadata Types.

    2. In the Document Sharing Rule Group row, click Manage Records.

    3. Click New.

    4. For each field in the Information section, enter the Value listed in the table.

      Field

      Description

      Value

      Label

      Document Sharing Rule Group name

      MedInfo Type Documents Group

      Document Sharing Rule Group Name

      API name for the Document Sharing Rule Group

      MedInfo_Type_Documents_Group

      Document Sharing Rule

      Document Sharing Rule associated to the Document Sharing Rule Group

      MedInfo_Type_Documents_Rule

      Note

      This is the Document Sharing Rule created in the previous major step just created.

      Group

      The Group associated to the Document Sharing Rule Group

      Medical

    5. Click Save.

Step 2 - Configure the Permission

To enable the CM_MedInfo_Agent role to Edit Document in a Draft state:

  1. Create a Document State Role that links the Draft state and the CM_MedInfo_Agent role together.

    1. In the Quick Find box in Setup, search for and select Custom Metadata Types.

    2. In the Document State Role row, click Manage Records.

    3. Click New.

    4. For each field in the Information section, enter the Value listed in the table.

      Field

      Description

      Value

      Label

      Document State Role name

      Draft - MedInfo Agent

      Document State Role Name

      API name for the Document State Role

      Draft_MedInfo_Agent

      Document State

      Document State associated with this Document State Role

      Draft

      Role

      Role associated to this Document State Role‌

      CM_MedInfo_Agent

    5. Click Save.

  2. Create a Document State Role Permission that links the Draft - MedInfo Agent document state role with the Edit Document permission.

    1. In the Quick Find box in Setup, search for and select Custom Metadata Types.

    2. In the Document State Role Permission row, click Manage Records.

    3. Click New.

    4. For each field in the Information section, enter the Value listed in the table.

      Field

      Description

      Value

      Label

      Document State Role Permission name

      Draft - MedInfo Agent - Edit Document

      Document State Role Permission Name

      API name for the Document State Role Permission

      Draft_MedInfo_Agent_Edit_Document

      Document State Role

      Document State Role associated to this Document State Role Permission

      Draft - MedInfo Agent

      Permission

      Permission associated to this Document State Role Permission‌

      Edit Document

    5. Click Save.

Outcome

With the document sharing rule created and the Edit Document permission for the CM_MedInfo_Agent role configured, anytime a user adds a CM_Custom_Response type document to the environment, Medical Information Cloud Content Management determines that the rule is True for the added document and inserts the CM_MedInfo_Agent role to the document's Document Roles table. Users in the Medical group with the CM_MedInfo_Agent role are then able to edit the document while the document is in a Draft state.