Access Control Management - Access Forwarding
3 min read
Access Forwarding Functionality
Let's assume you are a sales representative assigned to an account on an account's team.As a member of the team, you should have access to that account.
Let's assume you are also allowed to make changes to that account (read and write access), as a member of that account. Let's say for whatever reason, you opened that account, deleted yourself from the Account Team assignment (see the example in the screenshot for the account team member Mini Gross), and saved your changes. As a result, you would no longer be a member of that account.
Did you inadvertently remove yourself from the account team member list? Can you still access this account?
No worries, you would handle this situation using Access Forwarding. Please not that in our example, you still have access to that customer.
How does Access Forwarding work?
Access forwarding is an access control behavior that can be implemented for the following business objects:
- Business Partners (Account, Contact, etc.)
- Sales Quote
- Sales Order
- Service Request
For these business objects, the access control list adds the last change user.
The access control list is a structure attached to the business object that determines the current access. The last change user to be added to the access control list will have access to the object instance until another user makes a change. This allows the last user to revert any changes that lead to a loss of access right at that moment.
There is one additional exception for business partners; their access control list is time-dependent. Which means, it's only valid until the end of the day (by UTC system time). Therefore, a user who made a change to an account can access that account until the end of the day, even if no other user made any changes that day.
This article introduced you to Access Forwarding functionality, an exceptional access control behaviour. Now, it's your turn to try it out!