Set up vendor collaboration security roles
A procurement professional or a vendor that has enough permissions can request that a contact person be provisioned as a user by enabling the Provision vendor user option on the contact person record.
During the provisioning process, user permissions are selected for the new external user, and the new vendor user request is submitted. It's important that you correctly set up the user permissions that are available for selection in the vendor user request. Otherwise, vendors might be granted access to information that they should not have access to in finance and operations.
To set up the security roles that are available for selection when a new user request is used for a contact person, select System administration > Security > External roles, select New, and then select a security role and the Vendor party role.
You might want to add the Vendor admin (external) and Vendor (external) roles that are provided in Supply Chain Management. Alternatively, you can use security roles that your company has created.
Note
You should consider that there is an Extensible Data Security (XDS) policy that is implemented. This ensures that a user can only see the documents that are related to their vendor account. If someone creates new roles, then this XDS policy for this new role does not exist and a developer must add it by code. Also, if someone adds more privileges and permissions to a role, for example "view products," then there are no automatic restrictions for vendors seeing only their products. You need to properly discuss and plan the creation of the security role. Therefore, we recommend that you always use the existing out-of-the-box security roles and that you create new security roles only if necessary.
You should make the Vendor admin (external) role available only if vendors should be able to create new contacts, submit vendor collaboration user requests for new users and changes to user information, and handle those requests through a workflow.
If you plan to manually set up vendor contacts and users, you can make just the Vendor (external) role available. This role will then be the only role that can be requested through a vendor user request.
Note
The SystemUser role is automatically granted when you manually create a new user account in Supply Chain Management. Therefore, you must remove that role and assign the SystemExternalUser role.
If new user accounts are created through the workflow that is initiated by a vendor user request to provision a new user, one or more of the roles that you've set up for vendor collaboration and the SystemExternalUser role will be assigned.
Vendor admin (external) security role
The Vendor admin (external) role can be used for external vendors that maintain vendor contact information and make requests to provision new vendor collaboration users. External users who have this security role can perform the following tasks:
- View and modify contact person information, such as the person's title, email address, and telephone number.
- Add a new or existing contact person to the vendor accounts that they are a contact for.
- Delete any contact person that they have created.
- Activate or inactivate the association between a contact person and a vendor account. After the association between a contact person and a vendor account is inactivated, the contact person can't be referred to on new purchase orders or other documents.
- Deny or allow a contact person's access to documents on the vendor collaboration interface that are specific to the vendor account. After the association between a contact person and a vendor account is inactivated, access to documents that are specific to the vendor account is always denied.
- Request a new user account for a contact person by using the Provision user action.
- Request that a contact person's user account be inactivated.
- Request that a contact person's user account be modified to add or remove security roles.
- View RFQs.
Vendor (external) security role
The Vendor (external) role can be used for external vendors that will work with purchase orders. External users who have this security role can perform the following tasks:
- Respond to and view information about purchase orders.
- Maintain vendor collaboration invoices.
- View consignment inventory.
- View and respond to RFQs.
- View vendor information.