In addition to configuring user privileges, the Object Creation option allows an administrator to further specify the access of a user who also has privileges to create new objects in STEP. The Object Creation parameter is intended for use on Initiate Item, Mass Creation, and Simple Importer in Web UI, as well as when using Smartsheets and/or the STEP Importer.
Note: The Object Creation option provides additional control for what a user can do when creating an object. Separate user action(s) that allow a user to create object(s) are also required, as defined in the User Actions and Error Descriptions topic here.
For example, when creating a product, a user may be able to populate certain attribute values, but once the object is created, they no longer have access to these data fields, and thus cannot change them. This allows for more granular control over data so that users can be given access to data during the creation process only, but not to the same data after the object has been created. Following creation of the object, any global or workflow specific permissions will take over.
For more on how to set up privileges and how they work, refer to the topic on Users and Groups in the System Setup documentation here.
For more on how to setup global and business rules, refer to the Local and Global Business Rules topic in the Business Rules documentation here.
For more on workflow specific permissions, refer to the Configuring Workflow privileges topic in the System Setup documentation here.
It is worth noting that these object creation privileges do not apply to any new setup type nodes. Also, if an administrator selects to apply the object creation permissions to an unsupported object type, such as eCatalogs, publication sections, pages, attributes, etc., there will not be any kind of warning message.
Note: The Object Creation privilege is not recommended for use when using Web Services and creation in workbench outside of an importer. This is because users do not populate values for new objects in these cases until after creation of the object.
Considerations When Creating New Object
When setting up permissions for Object Creation in STEP, administrators need to keep in mind certain aspects when their users create new objects through the different means: Mass Creation in Web UI, as well as Smartsheets and/or the STEP Importer (e.g., Import Manager or inbound integration endpoints).
General aspects to Consider
If there is data that needs to be provided only once (upon creation only) and never updated again, a specific privilege rule must be created. If the data cannot be provided upon creation, make it available only in subsequent 'states' and exclude it in the creation state. If creation-specific restrictions are not needed, then entries are not required either.
Mass Creation Screen in Web UI
If a field for entering an attribute value is shown on the Mass Creation screen that the user does not have privileges to populate, this will result in a 'privileges' error that will not be detected until after the 'Create' button is clicked. Administrators should take care that the Mass Creation screen is configured appropriately so that only fields that the end user has permission to edit are visible.
For more on mass creation, refer to Onboarding Multiple Objects Using Web UI Screens in the Web User Interfaces documentation here.
Smartsheets
Like the Mass Creation screen, care should be given when creating the Smartsheet template. If fields for attributes, references, etc. are editable that should not be to the end users, this will give a privilege error when attempting to validate the Smartsheet or importing into STEP. Additionally, the author of any business rules that will be executed during a validation or import process will need to consider the 'Object Creation' and other create-privileges rules.
For more on Smartsheets, refer to the Excel Smartsheet Format documentation here.
Importer
This is not recommended for use with imports where the importer is creating references to objects that are being created as part of the same import, as this may result in errors. Furthermore, administrators should ensure that only the attributes that the privilege is applied to are available in the user interface, else the user will receive a privilege error. The author of any business rules that will be executed during an import process will need to consider the Object Creation and other create-privileges rules.
For more about importing, refer to the Data Exchange documentation here.
Privileges and Security
Unlike workflow state-specific privileges, the Object Creation privilege is not associated with any state in any workflow, so it works similar to global privileges, however only while the object is in the process of being created. After the object is created, any global or workflows specific privileges will take place.
The list of actions that can be associated with an Object Creation privilege are limited to the following list:
|
Object (node) Type |
Action |
|---|---|
|
Asset |
|
|
Classification |
|
|
Entity |
|
|
Product |
|