Role Permissions and User Permissions are great, but I can’t figure out how to mix them.
Let’s take the
Sales Order for example, and we have 3 Roles: Sales Manager, Sales User, and Field Agent.
Then we have
Territory as a (restrictor) or controller field to use on User Permissions.
The challenge here is that if I used User Permissions, then ALL Sales Orders that don’t belong to the same
Territory will be completely hidden.
My optimal output would be to allow the Sales User to READ/SELECT ALL Sales Orders, BUT WRITE/EDIT only the same
Territory, and use the rest of Role Permissions capabilities like Perm Level and so on.
Sales Managers will have permissions on all Sales Orders
Sales Users will have
DELETE IF CREATOR, CREATE, READ and
WRITE IF SAME TERRITORY
Field Agent will have down to Perm Level options across all Sales Order, and another set of options on the same
Another minor question: what is
Select in the Role Permissions? How is it different from Read?