Appendix B: Security Matrix
The following table describes all the security settings required for each feature. Administrators and others who manage the application require visibility to additional objects.
The Matrix is arranged in the following columns:
- Feature – A feature spans multiple objects
- Object Visibility – The objects listed here are required for this feature to work and must be set properly on the users’ security profiles
- API Name – The API name of the object
- Minimum Object Rights – This column lists the minimum security rights for the corresponding object that must be set on the users’ security profiles
- Other Security Requirements – Refer to this column for special fields which are critical for this feature to be used and to function properly
|
Feature |
Object Visibility |
API Name |
Minimum Object Rights for the End User |
Other Security Requirements |
|---|---|---|---|---|
|
General Application |
Veeva Messages Accounts Address Contacts Product Catalog My Setup Products |
Message_vod Account Address_vod Contact Product_vod My_Setup_Products_vod |
Read Read-Create-Edit Read Read-Create-Edit Read Read |
|
|
Accounts Lists |
Account List Account List Item |
Account_List_vod Account_List_Item_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete |
|
|
Account Planning and Execution (requires Call Reporting Basic with Product Discussions) |
Product Plans Product Strategies Product Tactics Account Plans Account Tactic |
Product_Plan_vod Product_Strategy_vod Product_Tactic_vod Account_Plan_vod Account_Tactic_vod |
Read Read Read Read-Create-Edit-Delete Read-Create-Edit-Delete |
Must have Read access to product_plans.active_vod, product_strategy.active_vod, product_tactic.active.vod to use the Apply Product Plan button.
Must have RW access to account_plan.active_vod |
|
Account Hierarchy |
Child Account |
Child_Account_vod |
Read-Create-Edit-Delete |
Enable Visualforce page access for the following objects:
Do this for all profiles where Account Hierarchy will be configured. On the Account object, make sure the Primary_Parent_vod field is editable with field level security, but is set to read-only in the Page Layout. |
|
Add New Professional Wizard |
Affiliations Territory Fields |
Affiliation_vod TSF_vod |
Read-Create-Edit Read-Create-Edit |
Need read access to Address.primary_vod, Account.territories. |
|
Affiliations/Sphere of Influence |
Affiliations |
Affiliation_vod |
Read-Create-Edit-Delete |
|
|
Assessments |
Assessments |
Assessment_vod |
Read-Create-Edit-Delete |
|
|
Assign Territory |
Zip to Terr |
Zip_to_Terr_vod |
Read |
Need RW access to Account.Territories, Account.Territory_vod |
|
Budget Management |
Territory Budget Territory Budget Transaction |
Territory_Budget_vod Territory_Budget_Transaction_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete |
|
| Business Events |
Business Event Business Event Target Call Objective
|
Business_Event_vod Business_Event_Target_vod Call_Objective_vod |
Read Read Read-Edit |
|
|
Calendar Functionality |
Call Cycle Entries |
Call_Cycle_Entry_vod |
Read-Create-Edit-Delete |
|
|
Call Booking |
Call |
Call2_vod |
Read-Create-Edit-Delete |
Only calls with status ‘planned’ should be visible Enable the new Visual Force Page for Call_Booking_vod to make it visible to the necessary profiles (assigners) Give access to the Apex class VOD_CALL_BOOKING to the assigners. |
| Call Objectives | Call Objective |
Call_Objective_vod |
Read-Create-Edit-Delete | Create and delete permissions are required for recurring call objectives. |
|
Call Reporting Basic (includes product detailing) |
Call
Call Detail
Territory Fields
Account Plan |
Call2_vod
Call2_Detail_vod
TSF_vod
Account_Plan_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete Read Read |
Must have Read access to account.territories Must have at least one product selected in My Setup page. Must have Visibility to the following Account fields: Preferred_Names_vod__c, Suffix_vod__c, Middle_vod__c, Credentials_vod__c Must have visibility to Active_vod__c field on Account Plan |
|
Call Reporting with Key Messages |
Call Key Message Key Message |
Call2_Key_Message_vod Key_Message_vod |
Read-Create-Edit-Delete Read |
|
|
Call Reporting with Product Discussions |
Call Discussion |
Call2_Discussion_vod |
Read-Create-Edit-Delete |
|
|
Call Reporting with Follow-up Activities |
Call Followup Template |
Call_Followup_Template_vod |
Read |
|
|
Call Reporting with Medical Events |
Medical Event |
Medical_Event_vod |
Read |
|
|
Call Reporting with Expenses |
Call Expense |
Call2_Expense_vod |
Read-Create-Edit-Delete |
|
|
Call Reporting with Promo Items/Reprints |
Samples
|
Call2_Sample_vod |
Read-Create-Edit-Delete |
|
|
Call Reporting with PDMA-Compliant Sampling |
Samples Sample Lots Sample Transactions |
Call2_Sample_vod Sample_Lot_vod Sample_Transaction_vod |
Read-Create-Edit-Delete Read-Edit Read-Create |
Must have at least one Sample Lot marked Active per sample for each User Must have Read access to License fields on the Address record (License #, License Expiration Date, License Valid to Sample, Sample Status) |
|
Call Reporting with Sample Limits |
Sample Limit Sample Limit Transaction |
Sample_Limit_vod Sample_Limit_Transaction_vod |
Read |
Provide read-write access to Sample Limits for administrators. The Sample Limit Transactions is an administrative object, and therefore end users should not be provided visibility to this object (i.e. as a Tab or Related List). Must have Field Level Security for the Call_Sample_vod.Limit_Applied_vod field as Hidden for all end users. Must have Field Level Security for the Call_Sample_vod.Apply_Limit_vod field as Read/Write for the Sample Limit process to execute. |
|
Clinical Trials |
Clinical Trials |
Clinical_Trial |
Read-Create-Edit-Delete |
|
| CLM |
CLM Presentation CLM Presentation Slide Key Message
|
Clm_Presentation_vod Clm_Presentation_Slide_vod Key_Message_vod |
Read Read Read |
|
|
Coaching Reports |
Coaching Reports |
Coaching_Report_vod |
Read-Create-Edit-Delete |
|
|
Collaborative Relationships |
Account Authorization |
Account_Authorization_vod |
Read |
Users must have access to:
Users must have visibility to:
|
|
Cycle Plans |
Cycle Plan Cycle Plan Target Cycle Plan Detail |
Cycle_Plan_vod Cycle_Plan_Target_vod Cycle_Plan_Detail_vod |
Read Read Read |
Enable Visualforce Page Access for the following Visualforce pages: View_Cycle_Plan_vod and Edit_Cycle_Plan_vod. Enable Apex Class Access for VODDatabaseApi. For Real Time cycle Plans, all objects need Read, Create, Edit, and Delete permissions. |
| Engage Integration User |
Multichannel Content Multichannel Content Assets Multichannel Activity Multichannel Activity Line Site Content Deployment Account External Id Map
|
Multichannel_Content_vod Multichannel_Content_Asset_vod Multichannel_Activity_vod Multichannel_Activity_Line_vod Site_vod Content_Deployment_vod Account_External_ID_Map_vod |
Read-Create-Edit Read-Create-Edit Read-Create-Edit Read-Create-Edit Read-Create-Edit Read-Create-Edit Read-Create-Edit |
|
| Engage Rep Profile |
Multichannel Content Multichannel Content Assets Multichannel Activity Multichannel Activity Line Site
|
Multichannel_Content_vod Multichannel_Content_Asset_vod Multichannel_Activity_vod Multichannel_Activity_Line_vod Site_vod |
Read Read Read Read Read |
|
|
Formulary for Rep |
Benefit Designs Benefit Design Lines Formulary Product Analytics Product Group Product Group Map Analytics Files Analytics Layouts Sales Transaction Account Analytics Market Analytics File Market Map My Setup |
Benefit_Design_vod Benefit_Design_Line_vod Formulary_Products_vod Analytics_Product_Group_vod Product_Group_Map_vod Analytics_Files_vod Analytics_Layouts_vod Sales_Transactions_vod Account Analytics_Markets_vod Analytics_File_Market_Map_vod My_Setup_Products_vod |
Read Read Read Read Read Read Read Read Read Read Read Read |
|
|
Formulary Matrix |
Benefit Designs Benefit Design Lines Formulary Products |
Benefit_Design_vod Benefit_Design_Line_vod Formulary_Products_vod |
Read-Create-Edit Read-Create-Edit Read |
Need RW access to Benefit_design_type_vod, Benefit_design_line_type_vod |
|
Material Orders |
Material Orders |
Material_Order |
Read-Create-Edit-Delete |
|
|
Medical Events |
Medical Inquiry Event Attendee |
Medical_Inquiry_vod Event_Attendee_vod |
Read Read |
|
|
Medical Inquiries |
Medical Inquiry |
Medical_Inquiry_vod |
Read |
Non-Admins should not have Edit Privileges to Medical_Inquiry_vod.Lock_vod |
|
My Accounts |
Product Metrics Territory Fields Preferences Views |
Product_Metrics_vod TSF_vod Preferences_vod View_vod |
Read-Create-Edit Read-Create-Edit Read-Create-Edit Read-Create-Edit-Delete |
Need Read access to Address_vod.Primary_vod Territory Fields also requires Territory Management to be configured.
|
|
My Schedule |
Territory Fields Call |
TSF_vod Call2_vod |
Read Read-Create-Edit-Delete |
Need RW access to Address.longitude, Address.latitude. Need Read access to Address.Best_times_vod |
| Network Integration |
Account Address Child Account Data Change Request Data Change Request Line DCR Field Type Network Mapping Network Object Mapping Network Field Mapping Network Reference Mapping
|
Account Address_vod Child_Account_vod Data_Change_Request_vod Data_Change_Request_Line_vod DCR_Field_Type_vod Network_Mapping_vod Network_Object_Mapping_vod Network_Field_Mapping_vod Network_Reference_Mapping_vod |
Read Read Read Read-Create Read-Create Read Read-Edit Read Read Read |
Provide Visualforce page access to the user profile for the following pages:
|
|
Office Hours |
Addresses |
Address_vod |
Read-Create-Edit |
Need RW access to Address.Best_times_vod |
|
Order Management |
Order Order Line Order Campaign Pricing Rule |
Order_vod Order_Line_vod Order_Campaign_vod Pricing_Rule_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete Read Read |
Enable the Visualforce Page Access for the following Visualforce pages: Clone_Order_vod, Edit_Order_vod, New_Order_vod, and View_Order_vod. Enable Apex Class Access for VODDatabaseApi. |
|
Package Labels |
User Rep Roster Sample Transactions Call |
User Rep_Roster_vod Sample_Transaction_vod Call2_vod |
Read Read Read Read |
|
|
Product Metrics (Ratings) |
Product Metrics Metric Configurations |
Product_Metrics_vod Metric_Configuration_vod |
Read-Create-Edit Read |
Must have at least one product selected in My Setup page. |
|
Publications |
Publications |
Publication |
Read-Create-Edit-Delete |
|
|
Sample Inventory Management
(For Primary Care Sales Representatives – the defined Object privileges should be considered Maximum Object Rights) |
Sample Inventory Sample Inventory Items Sample Receipts Sample Transactions Sample Lots Lot Catalog Rep Roster |
Sample_Inventory_vod Sample_Inventory_Item_vod Sample_Receipt_vod Sample_Transaction_vod Sample_Lot_vod Lot_Catalog_vod Rep_Roster_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create Read-Edit Read Read-Create-Edit |
Must have Rep Roster set up for each user
No RW field level access to Sample_Inventory_vod.Audit_vod and Sample_Inventory_vod.Unlock_vod fields
No RW field level access to Sample_Transaction_vod.Unlock_vod field. |
|
Sample Inventory Management
(For Samples Administrators) |
Sample Inventory Sample Inventory Items Sample Receipts Sample Transactions Sample Transaction Audit Sample Lots Lot Catalog Rep Roster |
Sample_Inventory_vod Sample_Inventory_Item_vod Sample_Receipt_vod Sample_Transaction_vod Sample_Transaction_Audit_vod Sample_Lot_vod Lot_Catalog_vod Rep_Roster_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete Read Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit |
Must have Rep Roster set up for each user
Must have RW field level access to Sample_Inventory_vod.Audit_vod and Sample_Inventory_vod.Unlock_vod fields
Must have RW field level access to Sample_Transaction_vod.Unlock_vod field. |
|
Sample and Promotional Item Inventory Ordering
(For Rep/DM) |
Inventory Order Inventory Order Line Inventory Order Allocation |
Inventory_Order_vod Inventory_Order_Line_vod Inventory_Order_Allocation_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete Read |
Grant access to Inventory Order tab or utilize the links available on the “My Samples” page
Grant access to the following Visualforce pages: o Edit_Inventory_Sample_Order_vod o New_Inventory_Sample_Order_vod o View_Inventory_Sample_Order_vod o Clone_Inventory_Sample_Order_vod (optional) o Inventory_Order_Reallocate_vod (optional for Reps) |
|
Sample and Promotional Item Inventory Ordering
(For Sample Admin) |
Inventory Order Inventory Order Line Inventory Order Allocation |
Inventory_Order_vod Inventory_Order_Line_vod Inventory_Order_Allocation_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete
|
Grant access to Inventory Order tab Grant access to the following Visualforce pages: o Edit_Inventory_Sample_Order_vod o New_Inventory_Sample_Order_vod o View_Inventory_Sample_Order_vod o Clone_Inventory_Sample_Order_vod (optional) o Inventory_Order_Reallocate_vod |
|
Sample Requests (BRCs) |
Sample Order Transaction |
Sample_Order_Transaction_vod |
Read |
|
|
Speaker Evaluations |
Speaker Evaluations |
Speaker_Evaluation |
Read-Create-Edit-Delete |
|
| Surveys |
Survey Survey Target Survey Question Question Response
|
Survey_vod Survey_Target_vod Survey_Question_vod Question_Response_vod |
Read Read-Edit Read Read-Create-Edit |
If using open surveys, users also need create permission to Survey_Target_vod |
|
Territory Fields |
Territory Fields |
TSF_vod |
Read-Create-Edit |
Need RW access to Account.Territories. |
|
Territory Utilities (Territory Management) |
Zip to Terr Brick to Terr Server Job Status |
Zip_to_Terr_vod Brick_to_Terr_vod Server_Job_Status_vod |
Read Read Read-Create-Edit-Delete |
Need RW access to Account.Territories, Account.Territory_vod, and Account.Territory_test_vod. Need Administrative permissions to use Territory Management. |
|
Time Off Territory |
Time Off Territory |
Time_Off_Territory_vod |
Read-Create-Edit-Delete |
|
|
Veeva Analytics Process (Admins) |
Veeva Analytics Process |
Veeva_Analytics_Process_vod |
Read-Create-Edit-Delete |
To enable, create a Scheduled Job (Admin Setup Monitoring Scheduled Jobs) for the VEEVA_RUN_ANALYTICS_PROCESS Apex Class. |
|
VInsights Analytics End User |
Analytics Product Group Product Group Map Product Event Analytics Files Analytics Layouts Sales Transaction Account Analytics Market Analytics File Market Map Zip to Terr Brick to Terr Brick Hierarchy Data Map Template Data Map Template Field |
Analytics_Product_Group_vod Product_Group_Map_vod Product_Event_vod Analytics_Files_vod Analytics_Layouts_vod Sales_Transactions_vod Account Analytics_Markets_vod Analytics_File_Market_Map_vod Zip_to_Terr_vod Brick_to_Terr_vod Brick_Heirarchy_vod Data_Map_Template_vod Data_Map_Template_Field_vod |
Read Read Read Read Read Read Read Read Read Read Read Read Read Read |
Must have visibility to the ID_vod__c, ID2_vod__c, PDRP, and PDRP Opt Out fields on Account. Visibility to Brick related objects is required only if Brick based alignments are used. Visibility to Data Map Template and Data Map Template Field is required only if loading zip level data and/or utilizing the Analytics Data Channel report on Account Summary |
|
VInsights Analytics Admin |
Analytics Product Group Product Group Map Product Event Analytics Files Analytics Layouts Data Map Template Date Map Template Fields Sales Transaction Account Analytics Market Analytics File Market Map Zip to Terr Brick to Terr Brick Hierarchy |
Analytics_Product_Group_vod Product_Group_Map_vod Product_Event_vod Analytics_Files_vod Analytics_Layouts_vod Data_Map_Template_vod Data_Map_Template_Field_vod Sales_Transaction_vod Account Analytics_Markets_vod Analytics_File_Market_Map_vod Zip_to_Terr_vod Brick_to_Terr_vod Brick_Heirarchy_vod |
Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete Read-Create-Edit-Delete Read Read-Create-Edit-Delete Read-Create-Edit-Delete Read Read Read Read |
Must have visibility to the ID_vod__c, ID2_vod__c, PDRP, and PDRP Opt Out fields on Account. Visibility to Brick related objects is required only if Brick based alignments are used. |
