Add a platform access to a contact

Hi,

I have a few questions about how to give some access to my platform for “B2B Clients”.

For example i want to give them access to their statistics, bills, etc..

But by looking at the code, i am not sure to follow the good way.

Let me explain:
At first i was thinking that i only needed to link a “CRM Contact” to a “BAP User”,

then I see that a “CRM Contact” can be related to an “BAP USer” by an owner field, so i think that maybe i can create a “BAP User” for each “CRM contact” who need to have an access to the my platform with a specific “B2B Client” ROLE.

– My first question is, am i right ? Or the “owner” field can only be use for internal users. so i should extend “CRM Contact” entity to create my own relation ?

– My second question is a “BAP User” is related to a “BAP BussinessUnit”, but in my case “BAP BussinessUnit” means “CRM Account” i think.
So how can rely the 2 concept “BAP Bussiness Unit” and “CRM account” ?

subsidiary question:
– Is it planned to connect one account to another account to manage a hierarchy ?

Thanks for your help!!

Topic

[kelton23omParticipant]

No one can help me ?

[Yevhen ShyshkinParticipant]

Hello, kelton23om.

Look’s like there is small misunderstanding related to understanding of entity purposes – you are mixing data entities with system entities used to restrict ACL.

User, Business Unit and Organization are system entities used to restrict access to some part of the system (ACL). In fact User is an entity that stores current logged in user and used to check whether current user has as access to specific system part.

Contact and Account are data entities that used to store your data (emails, phones, addresses etc.). These entities have owner (User, BusinessUnit) and organization used to check permission to data entity for current logged in user.

If I understand you correctly, you are trying to use data entities as system ACL entities – in this case you will not be able to restrict access.

Now let’s return to your cases.

> maybe i can create a “BAP User” for each “CRM contact” who need to have an access to the my platform with a specific “B2B Client” ROLE

You should create new User for each person who wants to access the system. This user will be able to create any data entities and this user used will be set as default owner.

> So how can rely the 2 concept “BAP Bussiness Unit” and “CRM account” ?
> Is it planned to connect one account to another account to manage a hierarchy ?

You should use Business Units to group your users and organize hierarchy of entities. Accounts should be used only as a data storage.

P.S. If you don’t like the names of entities you can rename them, but in this case you should somehow differentiate between contact-user and contact-contact.

If you still have questions about entities – feel free to ask them here.

[kelton23omParticipant]

Hi,

thanks for your answer.

First of all i appreciate you spend some time to explain a bit more the way you think the application, that’s what i am looking for :)

I was pretty clear with entities, in any case i had done the difference between entities responsible for storing customer data and those for user access.
Which is a little less clear to me is just how to link data storage entities and platform access entities.

I will try to describe a little better my background, so maybe you can help me in my choices.

So my context is:
– Basicaly, I have Clients( B2B ), who have some Contacts.
– Each Client owns some specific stuff like devices, etc.. (our own business part).
– Some clients have agencies, so i must manage a hierarchy.

What i have done until now:
– I created an “CRM Account” for each of my Client, and “CRM Contact” for each contact ( physcal person ).
– I created relations between “CRM Account” and my own bussiness entities.

What i want to do now is:
Give my client access to their devices, invoicings and profile informations etc..(a front application in fact)

What i think i should do:
– Create a “BAP User” for each contact to whom I want to give access.
– Linked the “CRM Contact” and “the BAP User” by the owner field.
– Linked “BAP User” to a “Client” “BAP Role”. This way i could manage ACL, and give them some sprecific User and Client access.
– Since the 1.4 version i should also create a B2BCustomer to manage billing information and rely my account correctly to my Sale workflow.

What i am not sure at all:
– How to manage the hierarchy between b2b clients ?
Should I create different “Bussiness Units” and “Organisations”, and linked “CRM Account” to them.
It sounds good for me, but only to give some restricted access to the platform, but i’m not sure about mixing hierarchy in client data,
and hierarchy in access entities, as you seem to preconize.
So how can i handle hierarchical structure in storage data part ?

I hope you can enlighten me on the subject :!

Thanks again for you answers and your great work.

[Yevhen ShyshkinParticipant]

Now I see your problem. Unfortunately, for now it’s not possible to create entity relation to itself from UI, but we already working on that and I hope this possibility will appear in our closest releases.

[Dima SorokaKeymaster]

This is great use case, thanks @kelton23om.

I would recommend following scenario to cover it:

Your client could be mapped one to one to B2B customers (or you can introduce new customer identity entity like “Client”)
Your own business part is developed around B2B customer (or Client)
Each B2B customer has own account. In case of “Agency” you’ll have account that has multiple B2B customers. Do you really need hierarchy or this recommendation solves your case?
In order to provide access to your client you can introduce a role and create a related user for each B2B customer or you can introduce new environment with own security context where you can handle clients security (this is a bit more complicated)

[kelton23omParticipant]

hi guys,

thanks for your explainations.

@DimaSokora,

I am quite close to your scenario for now!

1 – Your client could be mapped one to one to B2B customers (or you can introduce new customer identity entity like “Client”)

I choose to use B2B customers to represent my client:
– “B2b Customers” definition is really close to that i want to use.
– It’s already mapped to a sales workflow.
– I don’t want to redefine too much things for now.

2 – Your own business part is developed around B2B customer (or Client)

that’s what I did.

3 – Each B2B customer has own account. In case of “Agency” you’ll have account that has multiple B2B customers. Do you really need hierarchy or this recommendation solves your case?

To explain a bit more my situation, i am trying to migrate step by step our actual (old ) platform to a new robust one based on OroCRM.

So for now i can adapt my data to use your scenario.
But I’ll be fairly quickly blocked by some features (billing and devices access strategy..), which will force me to interconnect certain entities!
I’m not really sure how to manage this problem, so if you have some suggestions ? I will be grateful!

4 – In order to provide access to your client you can introduce a role and create a related user for each B2B customer or you can introduce new environment with own security context where you can handle clients security (this is a bit more complicated)

Actually, i create a related User for each B2bCustomer who need access to the plaform.
However, i will need to manager different levels access, depending on a hierarchical structure linked to clients strategy.
And again i am not sure how to manager this part !

Thanks again for spending a your times to help us!

[Author]

Replies