Configuring Permission Sets for 5.0

The information in this section pertains to version 5.0 of OneSpan Sign for Salesforce. In addition to these configurations, you must also perform the procedures described in Basic Permission Set Configurations

If you are configuring permission sets for an older version of OneSpan Sign for Salesforce, you can skip this section and go directly to Basic Permission Set Configurations

The following standard objects and fields must have at least Read access granted for each OneSpan Sign for Salesforce user:

  • Account object

  • Contact object

  • Contact fields:

    • Email

    • Title

    • MobilePhone

  • Lead object

  • Lead fields:

    • Email

    • Title

    • MobilePhone

While it is possible to manually configure these permissions, the following script can be used by advanced OneSpan Sign for Salesforce administrators to automate the creation of this permission set. This script will create a permission set that grants Read access to the fields above.

To grant permissions using a script:

  1. Log into OneSpan Sign for Salesforce.
  2. Click the Setup icon.
  3. Click Developr Console.
  4. Click Debug, and then Open Execute Anonymous Window.
  5. In the Enter Apex Code window that appears copy and paste the following code:

    PermissionSet ps = new PermissionSet(Name = 'StandardFields', Label = 'Standard Fields Permissions', LicenseId = [SELECT Id FROM UserLicense WHERE Name = 'Salesforce' LIMIT 1].Id, Description='This is permission set which grants access to standard fields needed by OSS application');
    insert ps;

    List<ObjectPermissions> objPerms = new List<ObjectPermissions>();
    List<FieldPermissions> fieldPerms = new List<FieldPermissions>();

    Map<String, List<String>> objectsAndFieldsForReadAccess = new Map<String, List<String>>();
    objectsAndFieldsForReadAccess.put('Account', new List<String>());
    objectsAndFieldsForReadAccess.put('Contact', new List<String>{'Email', 'Title', 'MobilePhone'});
    objectsAndFieldsForReadAccess.put('Lead', new List<String>{'Email', 'Title', 'MobilePhone'});

    for(String objectName :objectsAndFieldsForReadAccess.keySet()){
         ObjectPermissions objPermission = new ObjectPermissions();
         objPermission.ParentId = ps.Id;
        objPermission.PermissionsRead = true;
        objPermission.SobjectType = objectName;
         objPerms.add(objPermission);
         for(String fieldName :objectsAndFieldsForReadAccess.get(objectName)){
              FieldPermissions fieldPermission = new FieldPermissions();
              fieldPermission.SobjectType = objectName;
              fieldPermission.PermissionsRead = true;
              fieldPermission.ParentId = ps.Id;
             fieldPermission.Field = objectName + '.' + fieldName;
              fieldPerms.add(fieldPermission);
       }

    }

    insert objPerms;
    insert fieldPerms;

  6. Click Execute.
  7. Assign this permission set to your users.

Basic Permission Set Configurations

If you are configuring permission sets for version 5.0 of OneSpan Sign for Salesforce you must also complete the procedures described above, in Configuring Permission Sets for 5.0.

Any combination of the following three Permission Sets can be configured on a given OneSpan Sign for Salesforce account:

OneSpan Sign User

These users: (1) have access to the Transactions page; (2) can create, modify, and send document transactions; (3) can create transactions from scratch or from templates.

A OneSpan Sign User must have the following permissions enabled:

Permission Name Reason
API Enabled Allows the user to perform any transaction-related operation.

OneSpan Sign Template Admin

These users can: (1) create, modify, activate and deactivate templates; (2) create and modify transactions from scratch or from templates; (3) send transactions; (4) create, modify, and delete OneSpan Sign Conventions.

A OneSpan Sign Admin must have the following permissions enabled:

Permission Name Reason
API Enabled Allows the user to perform any transaction-related operation.

OneSpan Sign Admin

These users: (1) have all the permissions of the previous two Permission Sets; (2) can access the OneSpan Sign Admin page; (3) can modify the Permission Sets of other users.

A OneSpan Sign Template Admin must have the following permissions enabled:

Permission Name Reason
API Enabled Allows the user to perform any transaction-related operation.
Customize Application To select the URLs to connect to, and to connect with the backend. The backend allows you to modify settings on Admin page.
Manage Custom Permissions Required by the Customize Application permission.
Manage Connected Apps Used to setup a Connected App, if the user is connecting to a custom OneSpan Sign instance.
View Roles and Role Hierarchy Required by the View Setup and Configuration permission.
View Setup and Configuration Permission Required by the Customize Application permission.
Was this information helpful?
X