User-Based Access to UI Elements
What is User-Based Access to UI Elements?
User-based access to UI elements means that the users can access tabs, buttons, and loan quick menu items on the UI based on the permissions they have. If they do not have permissions, they cannot see or use those on the UI. Thus, the UI elements of the Q2 Loan Servicing can be customized based on permissions.
Why is it required?
Before the Platinum release, the Q2 Loan Servicing system displayed all tabs, buttons, and quick menu items to users regardless of their role and regardless of whether the action or the data was relevant to the user or not. The system needed the ability for a system administrator to set up permissions for the users of the system and the system to then render tabs, buttons, and quick actions based on those permissions.
With the Platinum release, Q2 Servicing Loan allows you to customize the access of buttons, tabs, and quick menu items that are present on a loan contract page so that a user does not have to see the unnecessary data that is not relevant to the user's role. These UI elements are customizable based on the permissions. If the permission for a UI element is not granted to a user, it is not visible to the user on the UI. If a user is not allowed to perform certain functions on the contract page, they are also not allowed to do the same from the back-end using the API too.
What are the UI elements considered for user-based access?
The following UI elements are considered for user-based access:
Loan Quick Menu
Buttons
Tabs
Tabs, Buttons, and Loan Quick Menu Items
The following image highlights the Tabs, Buttons, and Loan Quick Menu items on a CL Contract page:
A CL Contract Page
What are the ways in which the access permissions are assigned to a user?
There are two ways in which the access permissions are assigned to a user:
User is a part of a Profile and Custom Permissions are set for that Profile. So the user is also assigned with those Custom Permissions.
Permission Sets are defined and Custom Permissions are added to that Permission Set. A user is then assigned to that Permission Set. So the user is also assigned to those Custom Permissions defined in the Permission Set.
You can assign a permission set to as many users as you want. The difference between Profile and Permission Sets is that Profiles are used to restrict something whereas Permission Sets allow users to get extra permissions.
What are Custom Permissions
You can use custom permissions to give users access to custom processes or apps. Using custom permissions, you can create your own permissions and assign those permissions to the Profile or the Permission Set. Custom Permissions enable the system to allow or disallow users from performing certain operations. In the Q2 Loan Servicing system, it could be a restructuring, a deposit withdrawal, or more. Custom Permissions are so easily accessible that you can use these in Visualforce pages, lightning pages, flows, and more. If you plan to move out of the Visualforce page, Custom Permissions still remain, which means the Permission Sets need not be changed.
In Salesforce, many features require access checks that specify which users can access certain functions. Permission Sets and Profile settings include built-in access settings for many entities, like objects, fields, tabs, and Visualforce pages. However, Permission Sets and Profiles do not include access control for some custom processes and apps. For example, to make payments using the Payment(s) tab in Q2 Loan Servicing, users might need to enter amounts of the payments made, but only a certain set of users may need to do this. You can use Custom Permissions for these types of controls.
Custom permissions let you define access checks that can be assigned to users via Permission Sets or Profiles, similar to how you assign user permissions and other access settings. For example, you can define access checks in Apex that make a button on a Visualforce page available only if a user has the appropriate Custom Permissions.
For more information on Custom Permissions in Salesforce, see Salesforce: Custom Permissions.
What are Permission Sets
To allow a user to perform a certain function, Custom Permissions must be added to a Permission Set. It would then be a custom Permission Set and not part of the Q2 Loan Servicing package. Users can create a Permission Set and add Custom Permissions and then assign users to that Permission Set.
Custom Permissions are not dependent on how Profiles are configured or Permission Sets present. You can add Custom Permissions to anything that suits your business requirement.
A Permission Set is a collection of settings and permissions that give users access to various tools and functions. Permission Sets extend users’ functional access without changing their Profiles. Users can have only one Profile, but they can have multiple Permission Sets. You can assign Permission Sets to various types of users, regardless of their Profiles.
If Custom Permissions is not enabled in a Profile but is enabled in a Permission Set, users with that Profile and Permission Set have the permission. For example, if redrawing is not enabled in a user’s Profile but is enabled in one of their Permission Sets, they can perform a redraw.
For more information on Permission Sets, see Salesforce: Permission Sets.
Which APIs are checked by the system for permissions before they can be invoked?
The system checks the user permissions when any of the following Q2 Loan Servicing APIs are invoked:
API Names |
---|
postPaymentPlan |
postPaymentTolerance |
adjustPrincipal |
refundLoan |
rescheduleALoan |
rescheduleALoan |
waiveInterest |
waiveInterest |
waiveInterest |
waiveCharge |
waiveIOA |
waiveAdditionalInterest |
addInterestToPrincipal |
addFeeCapitalizedToPrincipal |
changeDueDay |
changeInterestRate |
changeAdditionalInterestRate |
changePaymentAmount |
depositToLoanTransferAction |
addNewCollateralLiens |
disassociateCollateralFromLoan |
bulkLoanCancellation |
depositAmountTransferAction |
manualLoanClosureAction |
postPayoffQuote |
contingencyStatusChange |
disburseLoanAccount |
For more information on these APIs, see the Q2 Loan Servicing Global Methods guide.
How do you enable or disable this feature?
To enable this feature, enable the Restrict Actions Based On Permissions flag in the Custom Settings > User Access Settings. By default, this flag is disabled.
For more information, see the User Access Settings section in the Q2 Loan Servicing Administration Guide.
What are the error messages or exceptions that you may encounter?
The following table lists the error messages or the exceptions that the system displays when a certain action is performed on a page.
Error Message or Exception | Where and When |
---|---|
No permission to perform any action here. | This message is displayed in the menu of the Loan Quick Menu on the CL Contract page when the user does not have permission to perform any action of that menu. |
User does not have permission to perform this action "{0}". | This exception is thrown by the system when a user invokes an API without the user having any permission to run it. |
User does not have permission to perform this action. | This error message is displayed on a page when a user clicks on a button that the user does not have permission to use on that page. |
How do you customize the user-based access for each UI element?
Click the following section links to know more on how to customize permissions for each UI element: