.png)
Users and roles
This chapter explains the different business roles to be implemented in the CPQ system and the the organisation of the different valio users within these roles:
Valio Business Roles
At Valio, business roles have been identified to guide how each user interacts with the CPQ system. These roles are mapped to specific CPQ role types to ensure consistency with individual responsibilities, access rights, and approval workflows, reflecting Valio’s organizational structure and business processes.
CPQ role types are categorized into three main profiles:
System Admin: Full access to all system functionalities, including configuration, user management, and technical setup.
Business Admin: Access to features supporting back-office functions, such as catalog management, product updates, and data administration.
End User: Assigned to users directly involved in the sales process, such as sales representatives and managers, who use the CPQ platform to create and manage quotes.
The following table introduces the key business roles within Valio, along with a description of their responsibilities and how they are represented in the CPQ system:
Valio Business Role | Description | CPQ Role Type |
|---|---|---|
Pricing Team | The Pricing Team role has access to the Pricing Manager and can approve quotes below the target threshold. | Business Admin |
Sales support, key people | The Key Sales Support Personnel are responsible for updating the system and excuste admin role activites to faciliate Sales activities | Business Admin |
Sales support | The Sales Support is a Back office role that is responsible for facilitating the day-to-day work of sales representatives | End User |
Sales representative | Sales representatives can view each other's quotes and send their quotes to management for approval | End User |
Sales Leadership | Sales Leadership can approve quotes sent by Sales Representatives | End User |
Role definition is made in CPQ,and is completely independent from Role and user management in PM.
Roles permissions and access
To keep the system simple. End user type roles will have no restrection for accessing each others records, for example Quote and opportunitiies
Authentication
As the sales process will be using the embeded CRM in Zilliant CPQ and as there is a relatively small number of users, local authentication with username and password is the selected option. however it’s important to note that this type of authentication will also ensure system security facilitates access administration.
Integration User
The Integration User is a dedicated system user created specifically to manage and execute automated integration tasks between the PM and CPQ systems. This user serves as a technical bridge, enabling seamless data synchronization, system communication, and background operations without requiring manual intervention.
While the Integration User is configured like any standard user in terms of authentication and access setup, it differs significantly in its purpose and usage:
Automated Execution: It is used exclusively by APIs to perform scheduled or triggered tasks such as data imports, pricing in the agreements, product catalog synchronization, or customers updates.
System-Level Permissions: The Integration User is granted elevated permissions limited to the scope of integration operations. These include read and write access to relevant modules but no access to user interfaces or business workflows.
Non-Interactive Usage: This user account is not intended for human interaction. Its credentials are securely stored within integration platforms and used exclusively for machine-to-machine operations.
Proper configuration of the Integration User is essential to ensure secure, reliable, and efficient data flows between PM and CPQ systems. It is also considered best practice to limit this user's access strictly to the necessary objects and data domains, applying the principle of least privilege.
Relate Technical Document : User Management
This document is structured as follow:
Users
The Users tab lists all users information access that will be necessary for the creation and setup of the users in the setup with the corresponding roles.
The complete set of attributes is presented in the columns of the “Product List” tab, with the following details:
User name : Used for system login
First name : user first name
Last name : user last name
Email : user last name
Role : defined in the “roles list” tab
Authentication : Type of authentication to the system
Status : Active or inactive
Assign Licence : to signal that a licence is associated with the user.
Roles list
This tab list all defined roles during the Design phase and the differents acces rights associated to the.
Technical Document | Status |
|---|---|
DONE |