Understanding Permissions

The Permissions page allows you to assign specific permissions to specific roles inside Epicor CPQ. Some permissions grant users partial admin access, while others determine what is visible to an end-user, particularly for quotes, customers, and contact features.  Permissions simply exist in Epicor CPQ: they cannot be edited or changed.  As an administrator, you grant permissions to roles.  Once you grant a permission to a role, then you can assign that role to a user and your users will then have the permission.

Listing all permissions

To see all the permissions, open the Admin portal and click
Users & Groups > Permissions.

Assigning roles to permissions

To add or remove permissions to a role,

  1. Click the field underneath the desired permission and add or remove one or more roles.
  2. Save or cancel changes with the buttons at the bottom of the browser window.


Permissions List

Permissions related to products and quotes can change as that quote and its products moves through the various stages of a workflow. As an administrator, you can create rules to make these permissions as dynamic as you like. 

For example, if the global permission "add attachments" is granted to no users, and a quote enters a "manager review" workflow stage where "add attachments" is granted to the role Sales Manager, then sales managers can add attachments to any quote in the "manager review" stage.  But once the quote leaves that stage, the ability also disappears.

 

Find following a list of the permissions in Epicor CPQ.

The Workflow icon reminds you this permission can change as a quote moves from one workflow stage to another.

The Key icon icon reminds you to be cautious when assigning these permissions.
Permission Name Description   Examples & Notes

Add Attachments

grants users the ability to add attachments to customer and quote records.

For example, grant all users the ability to add attachments by using the "all" role.

Login to Output Builder

grants users the ability to log in to the output builder program and receive local builds. 


If you use a computer on your own network as an output builder, it should log in to Epicor CPQ as a user with a role that includes this permission.

This permission grants several permissions through the REST API that would normally only be available to Company Administrators, so care should be used when giving a role this permission.

Add Comments

grants users the ability to add comments to quotes, products, and customers. 

Example:

  1. In this global permissions list, grant this permission to nobody.
  2. In a "Pending Sales Manager Approval" stage of a workflow, grant this permission to any user with the "sales manager" role.

The result: sales managers can add a comment to a quote when it's in this one stage, but when the quote moves to any other stage, they cannot add any other comments.

Modify All Attachments

grants users the ability to edit or delete all attachments regardless of who uploaded them. 

This is intended for administrative-level users or first-level support personnel.

Modify All Comments

grants users the ability to modify and delete all comments regardless of who created them. 

This is intended for administrative-level users or first-level support personnel.
Modify Currencies

grants users the ability to change the list of currencies available to end-users on the quotes screen, and the exchange rates. of those currencies.

This is intended for administrative-level users or first-level support personnel.  

Modify Media

grants users access to the media folder in the admin portal, where they can add or remove media items.

This is intended for administrative-level users or first-level support personnel.

Modify Products

grants users access to modify configurators, categories, and products in the admin portal.

Note that all users with access to Epicor CPQ have the ability to use active configurators in your catalog outside of the admin portal.  This permission is to modify them through the admin portal. This is intended for administrative-level users.  

Modify 3D Scenes

grants users the ability to add, delete, or modify 3D scenes in the admin portal

This is intended for administrative-level users.  

Modify Users

grants users the ability to change all users in the admin portal. This includes the ability to reset passwords and delete users.

This is intended for administrative-level users or first-level support personnel.  
View Users

grants users the ability to see the Users list in the admin portal.



View Products

grants users access to the products in the admin portal


Note that all users with access to Epicor CPQ have access to all active products in your catalog outside of the admin portal.
View Customers

grants users view-only access to customers in Epicor CPQ.



Modify Customers

grants users the ability to add, delete, and modify customers in Epicor CPQ.


View Comments

grants users the ability to view comments on quotes, products, and customers.


Set Quote Currency

When a quote is first created, it inherits the default currency defined under Settings. The Set Quote Currency permission grants users the ability to change the currency on a quote to any other currency currently active in your organization. 


Note that when the currency on a quote changes, the amount of the old currency will be converted to the new one by following the currency conversion rates.
Set Quote Customer

grants users the ability to set the customer on unsubmitted quotes. When submitted, this permission is left to the workflow rules.


Set Quote Discount

grants users the ability to set discounts on unsubmitted quotes to adjust the price of products and the total. When submitted, this permission is left to the workflow rules.


Set Quote Product Description grants the ability to edit descriptions on quote products if the quote is unsubmitted.  When submitted, this permission is left to the workflow rules.


View Attachments

grants users the ability to view files attached to customers and quotes. 


Set Quote Shipping Price

grants users the ability to set the shipping price on unsubmitted quotes. When submitted, this permission is left to the workflow rules.


View Quote Currency grants users the ability to view the currency of an unsubmitted quote. When submitted, this permission is left to the workflow rules.


View Quote Customer grants users the ability to view the customer assigned to an unsubmitted quote. When submitted, this permission is left to the workflow rules.


View Discounts

grants users the ability to view the discount percentage on an unsubmitted quote. When submitted, this permission is left to the workflow rules.


View Quote Shipping Price

grants users the ability to view the shipping price on an unsubmitted quote. When submitted, this permission is left to the workflow rules.


View Prices


grants users the ability to view the price of products and the total price on an unsubmitted quote. When submitted, this permission is left to the workflow rules.


View Cost grants users the ability to view the cost on an unsubmitted quote. When submitted, this permission is left to the workflow rules.


View Quote Header 

grants users the ability to view all custom fields defined within a quote header on an unsubmitted quote. 



 

Special Roles 

When editing some permissions, you may see some roles which are built in to the Epicor CPQ platform.  These roles cannot be edited, but you can use them to make permission management easier.

Company Admin has all permissions.
Users with the special "Company Administrator" role always have full access to Epicor CPQ.  For example, even if that role is not shown in the list of roles for the "Edit Quotes" permission, anyone with the Company Administrator role can always edit quotes.

Anonymous Users permissions limited.
Some companies can allow anonymous users on the web to launch configurators. Learn more about the special limited permissions for the anonymous user.

Special "all" role includes all other roles.
For some permissions, you may see a special "all" role listed in the roles available for that permission.  This is a handy shorthand way to specify that all users, regardless of their role, have this permission.

Was this article helpful?