You can give both internal users and external users access to your instance. However,
you might not want both types of users to have the same level of access. To provide added
security, every user must have at least one role so that the instance can distinguish between
internal and external users.
External users must obtain, at minimum, the snc_external role. The snc_external role indicates
that the user is external to your organization and should not have any access to resources
unless explicitly allowed through ACLs for the snc_external role or additional roles. By
default, users with the snc_external role are unable to access non-record type resources as
well, such as processors and UI pages.
Do not mark the snc_internal role as elevated. Otherwise, internal users cannot access the
You can Set up encryption contexts
snc_internal and snc_external roles. However, adding encryption contexts to more detailed
roles is recommended.
Explicit Roles plugin
The Explicit Roles (
com.glide.explicit_roles) plugin provides the
snc_external and snc_internal roles.
When this plugin is activated:
Do not move System update sets
among instances with and without the Explicit Roles plugin
Providing access to external users
You can grant external users access to tables by creating a set of ACLs for the table. See
Provide external users access to a table.
Another approach you can take is to give all external users access to all tables, and then
restrict access to specific tables. You can do this by adding the snc_external role to the
* ACL that is of Type ui_page.
The hasRoles() method
hasRoles() method is still available, but is deprecated in the Geneva
release. Use the
hasRole(role name) method instead.
If you do use the
method, note these changes:
- This method automatically excludes the default snc_internal role when it checks for roles.
This means that if a user has only the snc_internal role, the
hasRoles() method still returns false.
- If the user has the snc_external role, the method returns false because the instance
considers external users to be without a role.