Object user actions are configurable instances of a Record Action that you can define for an object and its object types. Defining user actions for an object allows your users to perform specific actions on that object. Once configured, users can select these actions from an object record’s Actions menu. Unlike document user actions, object user actions are not tied to a specific lifecycle. Record Actions are created with the Vault Java SDK to meet your organization’s specific business needs.
Managing Object Actions
You can manage available object actions from Admin > Configuration > Record Actions.
Accessing Object Action Administration
You can assign object actions to a specific object from the Actions tab in Admin > Configuration > Objects > {Object} > Actions.
Assigning Actions to an Object
To assign an action to an object:
- Navigate to Admin > Configuration > Objects > {Object} > Actions.
- In the Actions tab, click Create.
- In the Create Action dialog, select a custom action from the Select Action drop-down. This drop-down shows all custom actions available for this object.
- Click Continue.
- Optional: Modify the Label, Status, and Name. The Label appears to users throughout your Vault. The Status indicates whether the action is active or inactive. The Name identifies the action through the API.
- Optional: Enter a Description. This description only appears on the action’s configuration page.
- Click Save. If this object is associated with a lifecycle, Vault prompts you to set Atomic Security defaults for each lifecycle state.
Configuring Action Level Security
Action Level Security (ALS) provides a unified way to secure object actions. You can configure ALS at two levels:
- Profile Level Security allows you to configure permissions at the Security Profile level for actions across all lifecycle states. See details about configuring Profile Security below.
- Atomic Security allows you to control which object actions or lifecycle actions are hidden, viewable (visible but grayed out), or executable (visible and clickable) for object records by lifecycle state and role. See Configuring Atomic Security for Objects for more information.
Configuring Profile Level Security on Actions
You can modify permission sets to assign View and Execute permissions on object actions at the Security Profile level. Security at this level provides another layer of control and allows your organization to dictate which users can see and select an object action from an object record’s Actions menu.
To assign object action permissions at the Security Profile level:
- Navigate to Users & Groups > Permission Sets > {Permission Set} > Objects > {Object}.
- In the Object Action Permissions section, click Edit. This section only appears for objects with configured actions, and also appears for permission sets configured with the All Object Record Read or All Object Record Edit permissions.
- Select the View and Execute checkboxes to assign permissions for All Object Actions or for specific actions. Note that when you assign an All Object Actions permission, the permission will apply to all future actions added to the object.
- Click Save.
Object actions execute with System-level permissions. For example, if a user has access to execute the Create Related Product Records object action but does not have explicit permission to create Product records, they can still execute the action to successfully create the related Product records.