User-Based Access to Buttons
Overview
With the Platinum release, you can now see or use the buttons on the contract page only if you have the necessary permissions to see or use it.
For every button on the CL Contract page, the system checks the permissions, based on which the button is either visible or hidden. This is achieved through Javascript that checks the button API name and invokes the API to check the permissions.
The custom buttons are hidden if permissions are not granted in the profile or the permission set. However, the standard buttons, such as New Loan Disbursal Transaction, New Loan Payment Transaction, are visible, but on clicking them, the system displays an error message on the page if the user does not have permission to use them.
For more information on exceptions and error messages, see the Error Messages or Exceptions section of the User-Based Access to UI Elements section in this guide.
What are the APIs that can be used to check if the user has the access to run a feature?
The following APIs can be used to check if the user has access to run a feature:
isAuthorizedToUseFeature
This global method validates if a user has access to run a feature. It takes the custom permission name as an input parameter and returns the Result object with hasAuthorization and exceptionMessage set.
For more information, see the SecureUIAndInvocation section in the Q2 Loan Servicing Global Methods guide.
Custom Permission Names with Button Names
The following table lists the buttons that can be checked for user access with the help of their corresponding custom permission names:
Button | Custom Permission Name |
---|---|
Standard Buttons | |
New Loan Disbursement Transaction | New_Loan_Disbursement |
New Loan Payment Transaction | Create_Manual_Payments |
Custom Buttons | |
Calculate TDS | Calculate_TDS |
Change Credit Limit | Credit_Limit_Change |
Change Payment Amount | Payment_Amount_Change |
Payment Plan | Delinquent_Amount_Spread |
Event Reversal | Out_of_Order_Event_Reversal |
Edit Additional Parameters | Manage_Additional_Parameter |
Loan Amount Adjustment | Loan_Amount_Adjustment |
One Time ACH | Setup_One_Time_ACH |
Payment Tolerance Change | Change_Payment_Tolerance |
Principal Adjustment | Principal_Adjustment |
Print Repayment Schedule | View_Amortization_Schedules |
Recurring ACH | Setup_Recurring_ACH |
Reforecast Streams | Reforecast |
Refund | Borrower_Refund |
Regenerate Amortization Schedule | Regenerate_Schedules |
Regenerate Schedule | Regenerate_Schedules |
Reschedule | Reschedule |
Setup Automated Payment | Automated_Payment_Setup |
Suspend Fees | Suspend_Fees |
Transaction Summary | View_Transaction_Statements |
Accrual History | View_Accrual_History |
Populate Fees | Populate_Pre_paid_Fees |
Extension | Term_Extension |
Additional Repayment | Add_Extra_Installment_Payment |
Regenerate Principal and Interest Payment | Regenerate_Principal_and_Interest |
Investment Order Initial Setup | Investment_Order_Setup |
Investment Order Maintenance | Investment_Order_Setup |
Loan Pay Off | Payoff_A_Loan |
Create New Charge | Charge_Creation_Manual |
hasAccessToFeatureInvocation
This web service checks if the permissions are granted for the features. It takes a comma-separated list of feature names as input and returns JSON representation of feature name to permission result map.
For more information, see the SecureUIAndInvocationWebService section in the Q2 Loan Servicing Global Methods guide.
Update the User-Based Access to Buttons
Prerequisite
Before updating the user-based access to buttons, ensure that the following prerequisite is met:
-
Restrict Actions Based On Permissions flag is enabled in Setup > Custom Setting > User Access Setting.
Note:For more information, see the User Access Setting section of the Q2 Loan Servicing Administration Guide.
Steps
You can update the user-based access permissions in the following two ways:
Update the permissions by updating the custom permissions of the profile.
Update the permissions by updating the Permission Sets and then assigning the user to it.
Update Permissions by Updating Custom Permissions of the Profile
To update the access permissions to the buttons:
Log in to your Salesforce Account.
Go to (Setup) > Setup.
In the Quick Find box, search for Profile and then click it.
Click the required profile, and then click Custom Permissions.
Click Edit.
-
Add the required permission by selecting the item in the Available Custom Permissions box and then clicking Add.
For example, if you want to update the permissions for the Reschedule button, then select loan.Reschedule in the Available Custom Permissions, and then click Add.
-
Click Save.
This adds the required permissions to the profile and the Reschedule button is visible to the user of this profile on the CL Contract page.
Update the Permissions by Updating the Permission Sets and then Assigning the User to it
If the required user is to be given access to a certain functionality only, then all the UI elements of only that particular functionality need to be enabled for the user. To do this:
Step 1: Create a Permission Set for that functionality.
Step 2: Add custom permissions to the created Permission Set.
Step 3: Assign the user to the Permission Set.
Step 1: Create a Permission Set for that functionality
To create a Permission Set:
Log in to your Salesforce Account.
Go to (Setup) > Setup.
In the Quick Find box, search for Permission Sets and then click it.
Click New.
-
Provide the details as described in the following table, and then click Save:
Note:You can refer to the Create New Permission Set image as an example. The steps are explained with the help of this example.
Field Action and Description Label Provide a label name for the object to correctly identify the function of the permission set to be created. This field is mandatory. API Name This field gets updated automatically, but you can update it too.
Note:This is a unique name used by the API. This name must begin with a letter and use only alphanumeric characters and underscores. It can't include spaces, end with an underscore, or have two consecutive underscores.
Description Provide a description to explain the usage of this permission set. Note:In the preceding image, as an example, we have created a Permission Set for Reschedule to enable the user to use the rescheduling-related button on the contract page.
The permission set for rescheduling is added to the list of Permissions Sets.
Permission Set for Reschedule
Step 2: Add Custom Permissions to the created Permission Set
To add Custom Permissions to the created Permission Set:
-
In the preceding created Permission Set, scroll down and click Custom Permissions.
-
Click Edit.
-
Select the Available Custom Permissions for the rescheduling-related functionality, and then click Add.
Click Save.
Step 3: Assign the user to the Permission Set
-
After adding the Custom Permissions to the Permission Set in the preceding step, click Manage Assignments.
-
Click Add Assignments.
Select the user to assign this permission set to, and then click Assign.
-
Click Done.
This enables the user to use only the Reschedule-related UI button as highlighted in the following image, however, the user does not have the permissions to use any other UI buttons of the CL Contract page.
Note:If the profile of the user does not have permission to use the button in custom permissions, but if the user has been assigned to the permission set that has the custom permissions to use it, then the button is still available for the user.