Happy Business Starts Here

Read Only Custom Role.

I want to create a view only role where the user can only view the customer record. I created a role where all the customer permission are inactive but that doesn't satisfy my requirement. If I cannot restrict to edit customer fields, can I hide certain fields.  I'm wonder if other companies developed a workaround?

11 Comments
Guru

@mpastore Not sure if you are using Salesforce or not, but we expose a lot of our read-only information there for our Sales and Support staff. The field level visibility controls there give us the ability to show exactly what we want to the end user.

 

Thats how we work with read-only users. It would still be nice to have this native in Zuora with more granular access rights.

Zuora Product Team
Status changed to: Unlikely

Hi @mpastore, we don't currently plan to allow the ability to hide Zuora standard fields on the customer record (or other objects). I'd love to hear from you which fields you were interested in hiding and why.

 

The solution that @feisley proposes is a great way to go. Other customers have created custom portals for their Zuora users, so that they could enforce workflow, field validations, etc.

 

Have said the above, we are looking to add more permissions around what actions are controlled and letting our customers edit the Standard/Administrator roles. Stay tuned!

Guru

@lukasz while I totally understand the not hiding of fields based on permissions (we use many other products that operate the same way). I do want to reiterate that I think its critical to have a true read-only role/account. We can get close to it today but there are still things that can be modified by a user with even the most restrictive permission set.


Also while field granularity might be overly complex to implement in Zuora. Large segments of access (i.e. account read, invoice read, subscription read) could be simpler and very beneficial.

 

My vote would be to take it in phases:

Phase 1: Most critical - read only access to all objects in that module (i.e. Z-Billing / Z-Finance)

Phase 2: permissions based on objects or groups of objects (accounts, invoices, subscriptions)

Phase 3: Maybe someday consider field level security, though honestly for us object level would likely be the limit of our needs (especially if there are extensive audit logs coming soon ;-) )

Zuora Product Team

@feisley thanks for the feedback. The longer term is likely going to end up with us not only providing a read-only role, but providing the ability to configure attributes for each field (standard and custom).

 

In the short-term, we're adding additionl permissions around the key Zuora objects that should get us closer to a read-only role, and I'd love to hear your feedback on that. i'll ask my colleague, @nharlow, to comment on what we're planning on doing.

Master

@feisley thanks for the workaround, I'll look into it.

 

My use case revolves around my collections team and sales team.

 

The collection and sales team needs visibility to see invoice and payment information.  There were times when payment terms and default payment were accidently changed.  I need to control who is elligible to modify billing and payment sectoin on the customer record.

 

Melvin

Zuora Product Team

Hi @feisley,

 

As @lukasz said, we are in the process of prioritizing permission gaps and closing them, starting with the July, 2016 release. We added several new permissions around several create/modify/delete (write) operations in Billing and Payments. These permissions move us closer to a read-only capability in the product. In the short-term, we will likely continue to add new permissions as the need arises to close key gaps. In the longer term, we are starting to think about enhancing the permission system to provide field-level controls. Thanks!

Student

Hello ,

 

We at PTC are looking for a TRUE Read-Only profile for users.

 

Currently users with No-Access user roles are still able to edit the addresses.

 

Thus , we cant give access to users who just need Read-only ability as they would still have the access to EDIT addresses which voilates our SOX controls.

 

Would appreciate if you can understand the gravity of the situation and provide us with a solution,

 

I have opened multiple tickets with Zuora support regarding this.

 

Thanks !!!

-Ashima

asharma@ptc.com

Savvy Scholar
@lukasz - I wanted to follow up on this note "The longer term is likely going to end up with us not only providing a read-only role, but providing the ability to configure attributes for each field (standard and custom)." 
 
Can you provide an update on that status of that? This is a big ask from our team, thanks.
Zuora Product Team

Just a quick update here, we're done with the design of a revamp of User Roles & Permissions. It includes the concept of a true Read Only role. We're currently working on staffing this within this calendar year. Nothing set in stone, but we're getting closer!

Newly Enrolled

Hello @lukasz, is it also possible to create a read-only user in Salesforce?