ClaimCenter contact subtype and tag permissions

ClaimCenter provides subtype and tag permissions that you can use to control access to contacts. These permissions make a distinction between local contacts and centralized, or address book, contacts. The SystemPermissionType typelist lists all the subtype and tag permissions in your system.

The following table lists the base subtype and tag permissions provided with ClaimCenter contacts:

Code	Description of Permission
`anytagview`	See a contact that has any contact tag.
`anytagcreate`	Create a new contact regardless of which contact tag it requires.
`anytagdelete`	Delete a local, unlinked contact that has any contact tag.
`anytagedit`	Edit a contact that has any contact tag.
`ctcview`	View and search local contacts.
`ctccreate`	Create a new, local contact.
`ctcedit`	Edit local contacts.
`abview`	View the details of contact entries retrieved from ContactManager.
`abviewsearch`	Search for contact entries in ContactManager.
`abcreate`	Create a new vendor contact in ContactManager. In the base configuration, this permission enables a ClaimCenter user to create a vendor contact and have it saved in ContactManager. Without this permission, a ClaimCenter user can create and save non-vendor contacts in ContactManager. Any vendor contacts created by a user without this permission are created in ContactManager with pending status and must be approved by a ContactManager user.
`abcreatepref`	Create a new preferred vendor in ContactManager.
`abedit`	Edit an existing vendor contact stored in ContactManager. In the base configuration, this permission enables a ClaimCenter user to edit a vendor contact and have it saved in ContactManager. Without this permission, a ClaimCenter user can edit and save non-vendor contacts in ContactManager. Any vendor contact changes by a user without this permission become pending changes in ContactManager and must be approved by a ContactManager user.
`abeditpref`	Edit an existing preferred vendor stored in ContactManager.

The system uses role-based security for these permissions. As described in the previous topic, to implement role-based security, a system administrator associates permissions with roles and assigns roles to users. For each role assigned, the user acquires the permissions associated with that role. For example, a role associated with the abcreate and anytagcreate permissions enables the user who has this role to create any type of contact.

The base contact and tag permissions apply across all contact subtypes. If you grant a permission to a contact type, you grant the same permissions to all that contact’s subtypes.

ClaimCenter enables you to restrict permissions according to contact subtype or tag. For example, you can enable a user with abcreate permission to create only PersonVendor contacts, but not CompanyVendor contacts. You configure contact and tag permissions through the SystemPermissionType typelist and the security-config.xml resource.

Note: If you create a set of tag permissions for a specific tag, these permissions enable access only to contacts that have that one tag. For example, you create a set of Vendor tag permissions and a user has a role with only those tag permissions. That user will not be able to work with a contact that has both Claim Party and Vendor tags. You could also create a set of tag permissions for Claim Party tags. In that case, a user with both Vendor and Claim Party tag permissions would be able to work with contacts that have both Vendor and Claim Party tags.