ContactManager contact subtype and tag permissions

The Guidewire core applications and ContactManager provide contact subtype and tag permissions that you can use to control access to contacts. The SystemPermissionType typelist lists all the subtype and tag permissions in ContactManager.

The following table lists the subtype and tag permissions provided in the base configuration of ContactManager for contacts:

Code	Permission Description
`abview`	View the details of contact entries in ContactManager
`abviewsearch`	View ContactManager contact search screens
`anytagcreate`	Create a new contact regardless of which contact tag it requires
`anytagdelete`	Delete a contact that has any contact tag
`anytagedit`	Edit a contact that has any contact tag
`anytagview`	See a contact that has any contact tag
`abcreate`	Create a new contact in ContactManager
`abcreatepref`	Create a new preferred vendor in ContactManager
`abdelete`	Delete an existing contact from the address book
`abdeletepref`	Delete an existing preferred vendor address book entry
`abedit`	Edit an existing contact in ContactManager
`abeditpref`	Edit an existing preferred vendor in ContactManager
`abviewmerge`	Review and merge duplicate contacts in the Merge Contacts screens
`abviewpending`	Review and approve or disapprove pending contacts in the Pending Changes screens

The system uses role-based security for these permissions. As described in the previous topic, to implement role-based security, a system administrator associates permissions with roles in the system and assigns roles to users. For each role assigned, the user acquires the permissions associated with that role. For example, a role associated with the abcreate and anytagcreate permissions enables the user who has this role to create any type of contact.

The contact and tag permissions supplied in the base configuration apply across all contact subtypes and tags. If you create a permission that applies to a contact subtype, that permission also applies to all the subtypes of that contact subtype.

ContactManager enables you to restrict permissions according to contact subtype or tag. For example, you can enable a user with abcreate permission to create only PersonVendor contacts, but not CompanyVendor contacts. You configure contact and tag permissions through the SystemPermissionType typelist and the security-config.xml resource.

Note: If you create a set of tag permissions for a specific tag, these permissions enable access to contacts that have only that tag. For example you create a set of Vendor tag permissions and a user has a role with only those tag permissions. That user will not be able to work with a contact that has both Claim Party and Vendor tags. You could also create a set of tag permissions for Claim Party tags. In that case, a user with both Vendor and Claim Party tag permissions would be able to work with contacts that have both Vendor and Claim Party tags.

For examples showing how to create and use permissions for a contact subtype and a contact tag, see Configuring ContactManager contact security.