Configuring Permission Sets for 5.0
The information in this section pertains to version 5.0 of OneSpan Sign for Salesforce. In addition to these configurations, you must also perform the procedures described in Basic Permission Set Configurations
If you are configuring permission sets for an older version of OneSpan Sign for Salesforce, you can skip this section and go directly to Basic Permission Set Configurations
The following standard objects and fields must have at least Read access granted for each OneSpan Sign for Salesforce user:
-
Account object
-
Case object
-
Contract object
-
Opportunity object
-
Product object
-
Contact object
-
Contact fields:
-
Account
-
Email
-
Title
-
MobilePhone
-
-
Lead object
-
Lead fields:
-
Email
-
Title
-
MobilePhone
-
While it is possible to manually configure these permissions, the following script can be used by advanced OneSpan Sign for Salesforce administrators to automate the creation of this permission set. This script will create a permission set that grants Read access to the fields above.
To grant permissions using a script:
- Log into OneSpan Sign for Salesforce.
- Click the Setup icon.
- Click Developer Console.
- Click Debug, and then Open Execute Anonymous Window.
- In the Enter Apex Code window that appears copy and paste the following code:
PermissionSet ps = new PermissionSet(Name = 'StandardFields', Label = 'Standard Fields Permissions', LicenseId = [SELECT Id FROM UserLicense WHERE Name = 'Salesforce' LIMIT 1].Id, Description='This is permission set which grants access to standard fields needed by OSS application'); insert ps; List<ObjectPermissions> objPerms = new List<ObjectPermissions>(); List<FieldPermissions> fieldPerms = new List<FieldPermissions>(); Map<String, List<String>> objectsAndFieldsForReadAccess = new Map<String, List<String>>(); objectsAndFieldsForReadAccess.put('Account', new List<String>()); objectsAndFieldsForReadAccess.put('Case', new List<String>()); objectsAndFieldsForReadAccess.put('Contact', new List<String>{'Email', 'Title', 'MobilePhone', 'Account'}); objectsAndFieldsForReadAccess.put('Contract', new List<String>()); objectsAndFieldsForReadAccess.put('Document', new List<String>()); objectsAndFieldsForReadAccess.put('Lead', new List<String>{'Email', 'Title', 'MobilePhone'}); objectsAndFieldsForReadAccess.put('Opportunity', new List<String>()); objectsAndFieldsForReadAccess.put('Product2', new List<String>()); for(String objectName :objectsAndFieldsForReadAccess.keySet()){ ObjectPermissions objPermission = new ObjectPermissions(); objPermission.ParentId = ps.Id; objPermission.PermissionsRead = true; objPermission.SobjectType = objectName; objPerms.add(objPermission); for(String fieldName :objectsAndFieldsForReadAccess.get(objectName)){ FieldPermissions fieldPermission = new FieldPermissions(); fieldPermission.SobjectType = objectName; fieldPermission.PermissionsRead = true; fieldPermission.ParentId = ps.Id; fieldPermission.Field = objectName + '.' + fieldName; fieldPerms.add(fieldPermission); } } insert objPerms; insert fieldPerms; - Click Execute.
- Assign this permission set to your users.
Custom Fields
When a user opens a Transaction or Transaction Template, the OneSpan Sign for Salesforce connector queries all fields on the transaction or transaction template object. If you are creating and adding custom fields to either of these pages you must ensure that your users have at least Read access privileges to these custom fields. If you do not, they may receive an insufficient privileges error.
If you are adding a custom field that is of a Lookup or Master-Detail type, then you must also give your users Read access to the related object of that new custom field.
If you are using Field Mappings, the custom fields that you are creating must be accessible (for insert), and editable (for writeback). As such, ensure that your users have the proper access as needed.
Basic Permission Set Configurations
If you are configuring permission sets for version 5.0 of OneSpan Sign for Salesforce you must also complete the procedures described above, in Configuring Permission Sets for 5.0.
Any combination of the following three Permission Sets can be configured on a given OneSpan Sign for Salesforce account:
- OneSpan Sign User
- OneSpan Sign Template Admin
- OneSpan Sign Admin
OneSpan Sign Admins must have the profile of a Salesforce System Administrator. OneSpan Sign Admins can prepare transactions or templates only if they own them.
To enable the above Permission Sets to view and access the OneSpan Sign option in the Salesforce.com App Menu, see Configuring the Salesforce.com App Menu.
OneSpan Sign User
These users: (1) have access to the Transactions page; (2) can create, modify, and send document transactions; (3) can create transactions from scratch or from templates.
A OneSpan Sign User must have the following permissions enabled:
| Permission Name | Reason |
|---|---|
| API Enabled | Allows the user to perform any transaction-related operation. |
OneSpan Sign Template Admin
These users can: (1) create, modify, activate and deactivate templates; (2) create and modify transactions from scratch or from templates; (3) send transactions; (4) create, modify, and delete OneSpan Sign Conventions.
A OneSpan Sign Admin must have the following permissions enabled:
| Permission Name | Reason |
|---|---|
| API Enabled | Allows the user to perform any transaction-related operation. |
OneSpan Sign Admin
These users: (1) have all the permissions of the previous two Permission Sets; (2) can access the OneSpan Sign Admin page; (3) can modify the Permission Sets of other users.
A OneSpan Sign Template Admin must have the following permissions enabled:
| Permission Name | Reason |
|---|---|
| API Enabled | Allows the user to perform any transaction-related operation. |
| Customize Application | To select the URLs to connect to, and to connect with the backend. The backend allows you to modify settings on Admin page. |
| Manage Custom Permissions | Required by the Customize Application permission. |
| Manage Connected Apps | Used to setup a Connected App, if the user is connecting to a custom OneSpan Sign instance. |
| View Roles and Role Hierarchy | Required by the View Setup and Configuration permission. |
| View Setup and Configuration Permission | Required by the Customize Application permission. |