Manage User Roles and Privileges > Managing privileges for custom user roles > Configure hierarchy privileges for business application users
  

Configure hierarchy privileges for business application users

You can configure privileges for custom user roles to import hierarchy data and to create, read, update, and delete hierarchies, first-level nodes, and relationships within hierarchies. You can also configure requester and approver privileges for custom user roles to trigger workflow when they modify or approve hierarchy data.

Hierarchies

You can specify whether users with custom user roles can create, view, update, or delete hierarchies related to the selected hierarchy model. You can also specify whether users can assign records to hierarchy nodes.
Ensure that you assign the Business360ProcessExecutor role in Administrator to users with a custom user role. The Business360ProcessExecutor role enables users with a custom user role to create, update, and delete hierarchies and to access the Hierarchy page in your business application.
The following image shows the user details page in Administrator with the Business360ProcessExecutor role assigned:
The following table describes the hierarchy privileges that you can enable:
Privileges
Description
Create
Create hierarchies based on the hierarchy model and assign record to hierarchy nodes.
Read
View the hierarchies associated with the hierarchy model. Enables the read privilege for root record of the hierarchy.
Update
Update the hierarchies based on the hierarchy model. Enables you to add root and child records for hierarchies and add attribute values for relationships associated with the hierarchies.
Delete
Delete hierarchies within the hierarchy model and unassign records from hierarchy nodes.
    1To configure hierarchy privileges, on the Security page, open the user role for which you want to assign privileges related to hierarchies.
    The user role details page appears.
    2On the Assets tab, select Hierarchy from the Show: list.
    The list of hierarchy models appears on the left pane.
    3To enable users with custom user role to create, view, update or delete hierarchies based on a hierarchy model, select required hierarchy model on the left pane and assign required privileges in the Privileges table on the right pane.
    Note: Ensure that you assign at least the read privilege for the hierarchies. The user with the custom user role cannot view the hierarchies in the business application without the read privilege.
    4If you use custom pages, configure the hierarchy settings for the Hierarchy component of the custom pages.
    For more information about configuring hierarchy settings, see Creating a Hierarchy tab.
    5Click Save.

First-level Nodes

The privilege specifies whether a user with custom user role can view the Add First Level Node button in a hierarchy of your business application.
When you select Privileges for First-level Nodes, the user can view the Add First Level Nodes button when creating a hierarchy based on a hierarchy model in your business application. To use the Add First Level Nodes button and add root records to a hierarchy, ensure that you also select the Create, Read, and Update privileges in the Privileges table.
Note: If you do not assign the read privilege for the business entity associated with the first-level node, a warning icon appears.
The following image shows the warning icon for the business entities to which the user does not have the read privilege:
Assign missing read privilege in the Records tab of the business entity.

Relationships

The relationships table lists all the relationships associated with the hierarchy model selected in the left pane and the corresponding privileges for each relationship. These privileges specify the record type and the relationship type based on which the user with custom user role can add and manage child records for hierarchies in your business application.
The following table describes the behavior of search privileges:
Privilege
Set to Enabled
Create
Add child records to a hierarchy based on the relationship type.
Read
View child records of a hierarchy based on the relationship type.
Update
Update the attribute values for relationships within hierarchies.
Delete
Delete child records of a hierarchy based on the relationship type.
Note: If you use a searchable hierarchy as a hierarchy filter, ensure that you provide read access to all the relationships within the hierarchy. If you only provide read access to some relationships, the hierarchy doesn't appear in the filter criteria.
If you do not assign the read privilege for each business entity associated with a relationship, a warning icon appears.
The following image shows the warning icon for the business entities to which the user does not have the read privilege:
Assign the missing read privilege in the Records tab of the business entity.

File Import

You can specify whether a user with custom user role can import hierarchy data into your business application. To authorize a user to import hierarchy data into your business applications, you need to assign privileges in Administrator and on the Security page of Business 360 Console.
    1In Administrator, click Users.
    The list of available users appears.
    2Select the user for which you want to configure privileges.
    The user details page appears:
    You can edit user information such as phone number and email on the user details page.
    3Assign a custom user role and the Business360ProcessExecutor role to enable a user to import data.
    4Click Save.
    5Click User Roles.
    The user roles page with list of pre-defined and custom user roles appears.
    6Select the custom user role for which you want to configure privileges.
    The user role details page appears.
    7Configure appropriate permissions for the MDM Business Application service.
    For more information on the privileges of the MDM Business Application service, see Prerequisites.
    8Click Save.
    9In Business 360 Console, click Security and click the custom user role for which you want to assign privileges for importing hierarchy data.
    The user role details page appears.
    10On the Assets tab, select Hierarchy from the Show: list.
    The list of hierarchy models appears on the left pane.
    11Select the required hierarchy model for which you want to assign the privileges.
    12In the Privileges table, select Create and Update.
    13In the First-level Nodes table, select Enabled.
    Note: If you do not select this check box, you cannot import the root record of the hierarchy during file import. The file import job imports an empty hierarchy instance to your business application.
    14In the Relationships table, select Create and Update for the relationships associated with the hierarchies that you want to import.
    15In the Jobs section, select Run for the file import job.
    The following image shows the privileges selected to import complete hierarchy data including root records and all the relationships within the hierarchy:
    16Click Save.
    The hierarchies for which you assign the privileges for file import appear in the Target Hierarchies section when the user with custom user role imports hierarchy data in your business application.