[This article is for version 1.15 or later. For permission sets in version 1.14 please see this article]


The app includes the following permission sets:

  • Decisions on Demand Administrator
    For users who need full management access to business policies (except delete, see note 2 below)

  • Decisions on Demand Author

    For users who need to view and edit selected business policies
  • Decisions on Demand User
    For users who need to apply business policies to their owned records, or view policy execution records

These permission sets can be used to grant access to individual users at any time after installation. 


Permissions to modify metadata, customize application, and modify all data.

Certain operations like activating triggers and scheduled or periodic invocations require permission to modify metadata. This permission, and the others listed below, are not included in the Decisions on Demand Administrator Permission Set, because it would also grant significant access to features outside of Decisions on Demand. 


Users must have the Customize Application permission to create, update, and delete metadata records. To allow users to create Decisions on Demand invocation settings, you will need to grant them the Modify Metadata Through Metadata API Functions permission. Without this permission, users with the Decisions on Demand Administrator Permission Set will not be able to modify invocation settings. They will still be able to run manual batch jobs, but not store them for reuse. To  run the Scheduled and Periodic Invocations it is necessary to grant Modify All Data.


Use of sharing rules

Access to individual policies for Author users can be controlled using standard Salesforce sharing rules. See tables below for details.


Permissions Overview

Details of the access granted is shown in the tables below.


Assigned Apps


Administrator

Author

User

DecsOnD.Decisions on Demand (DecsOnD__Decisions_on_Demand_Lightning)

Yes (1)

Yes (1)

No

DecsOnD.Decisions on Demand (DecsOnD__Decisions_on_Demand)Yes (1)Yes (1)No


Object Settings


Administrator

Author

User

Assignment Business Hours

Full Access 

Read

Read

Business Policies

Full Access

Read-EditRead

Invocation Records

Full Access

Read

N/A

Policy Execution Records

Full Access

Read

Read


Application components


Administrator

Author

User

Decisions on Demand Setup tab

No (1)

No

N/A

Assignment Business Hours tab

YesYes
Business Policies tabYesYes

Policy Execution Records tab

YesYes

Welcome tab

YesNo


Functionality


Administrator

Author

User

Install template

Yes

No

No

View policyYes

Sharing (RW)

No
Edit policyYesSharing (RW)No
Export policyYesNoNo
Clone or import policyYesNoNo

Change active version

Yes

Sharing (RW)

No

View policy meta-data

Yes

Sharing

Sharing

View policy execution log 

Yes

Sharing

Sharing

View policy audit trail

Yes

Sharing

No

View policy content

Yes

Sharing

No

Apply policy

Yes

Yes

Yes

Archive/restore policy

Yes

No

No

Delete policy

No (2)

No

No

Create Assignment Business HoursYesNo (R)No (R)
View Decisions on Demand reportsYesSharingSharing
Run Batch JobYesNoNo
Create, edit, or delete TriggersYesNoNo
Create, edit, or delete Periodic InvocationsYesNoNo
Create, edit, or delete Scheduled InvocationsYesNoNo
Download Policy as ExcelYesYesNo
Upload Policy from ExcelYesYesNo


In the table above, ‘Sharing’ means that the access to individual policies is controlled by standard Salesforce sharing rules. By default the Sharing Settings are set to 'Private'.


(1) Only a Salesforce Administrator can access this tab

(2) Only a Salesforce Administrator can delete a policy – but a Decisions on Demand administrator can archive it.