You are here:
Get Started with Salesforce CPQ Permissions
Salesforce CPQ ships with package-specific permission sets that you can assign to users based on their roles. (Salesforce CPQ Managed Package)
Salesforce CPQ Permission Sets
Review the different types of Salesforce CPQ permission sets. (Salesforce CPQ Managed Package)
Salesforce CPQ permission sets are organized by four user types.
| User Type | Description | Permission Sets |
|---|---|---|
| Admin | For users who configure Salesforce CPQ features and settings for end users. |
|
| User | For users who use Salesforce CPQ features to deliver services to a customer or end user. |
|
| Partner | For partners who implement Salesforce CPQ as part of their own product offering. |
|
| Customer | For customers and end users who use Salesforce CPQ services. |
|
Default CPQ Permission Sets
Default permission sets consist of the Salesforce CPQ Admin User, Salesforce CPQ User, Salesforce CPQ Partner User, and Salesforce CPQ Customer User sets. We created them based on the types of permissions that help users in each role perform their tasks in Salesforce CPQ. You can’t edit them, but you can clone them and customize the cloned versions as needed.
When you upgrade to a new version of Salesforce CPQ, the default permission sets receive updated permissions for new or revised features in the release. However, sets cloned from the default permission sets don’t receive updated permissions. If you’re using cloned permission sets, review the Salesforce CPQ release notes to find new or revised permissions, then edit your cloned permission sets as needed. You can find revised permission information in the New Objects, Fields, and Permissions knowledge article included with each set of Salesforce CPQ and Billing release notes.
Access-type CPQ Permission Sets
Access permission sets were introduced in Salesforce CPQ Summer ‘21. They contain a small collection of permissions that are important for Salesforce CPQ data security. While most CPQ admins clone and then edit default permission sets for org users, we designed Access sets to be assigned directly to users without any cloning or editing. This way, your users will never risk missing important data security updates for new releases.
Data restrictions for the Access permission sets won't be enforced until Salesforce CPQ Spring ‘22. Before then, you have some options for testing them in your org. When the CPQ package setting Perform Enhanced Data Access Checks is active, Salesforce CPQ enforces data restrictions for the Access permission sets. When Perform Enhanced Data Checks is inactive, the Access permission set restrictions aren't enforced. Perform Enhanced Data Access Checks is available in the Additional Settings tab of CPQ package settings.
You can turn Perform Enhanced Data Access Checks on and off as needed before Spring ‘22. In Spring ‘22, we will be removing the Perform Enhanced Data Access Checks setting and enforcing data restrictions for the Access permission sets.
Order and Order Product Standard Permissions
As of Salesforce CPQ Spring ’22, CPQ users who use orders and/or create contracts from orders require Read and Write access to standard (non-CPQ) order and order product fields.
Visualforce User Permission
To use Visualforce pages in any edition of Salesforce CPQ, assign the API Enabled user permission to the necessary user profiles. See API Usage.
Guidelines for Salesforce CPQ Permissions
Review tips and guidelines for Salesforce CPQ permissions, and look at topic links for more permission information about specific features. (Salesforce CPQ Managed Package)
- To modify CPQ objects and fields, users must have a CPQ license.
- To map one field to another, a user must have Edit permission on the initial field.
- In Salesforce CPQ Spring '19 and earlier, the Salesforce CPQ User permission set doesn’t have Read, Create, Edit, or Delete permissions for CPQ objects. Salesforce CPQ can’t enable access to these objects in that permission set owing to backward compatibility requirements with earlier package versions. If you use one of these versions, we recommend that you create and assign a separate permission set with Read and Write access to quote, quote line group, quote line item, quote template, and quote document objects.
- The QuoteLine Delete permission is required to delete quote lines in the quote line editor.
For information on object-specific Read, Create, Edit, and Delete permissions for Salesforce CPQ actions, review these topics. They're helpful if you want to clone and customize one of the default Salesforce CPQ permission sets.
