Introduction

Wattyo CPQ uses two different approaches to manage security from the record sharing/visiblity point of view:

• Catalog and Product Visibility: the different engine respect the record sharing/visibility rules defined in the Salesforce platform as the queries are executed in the With Sharing mode or using the User mode for DML and SOQL operations.

This way, if apart from the Visibility Rules defined in the Wattyo CPQ Engine, the Salesforce platform has other sharing rules defined, the Wattyo CPQ Engine will respect them. So you can model the Catalog and Product visibility in a more powerful and flexible way.

• Order / Asset / Agreement Management: In general, for the Order, Asset and Agreement management, the Wattyo CPQ Engine uses the Without Sharing mode for the Apex Classes and the System mode for the DML and SOQL operations. The reason for this is that Wattyo must ensure the process and data consistency and integrity. For example, if a user activate an Order all the Order Items must be activated, even if the user doesn’t have access to some of them. Or if a user cancel an Order, all the Order Items must be cancelled, even if the user doesn’t have access to some of them.

Org Wide Defaults Recommendation

As stated earlier, for Product and Catalog it’s up the implementation to decide which is the best security model.

For Order, Asset and Agreement management, you can make them private if you don’t want the users to be able to see all records, but remember that the engines will process all the required records, even if the user doesn’t have access to them.

Permission Sets