1. External Data Access Overview

The system’s permissions comprise functional permissions and data permissions. Data permissions determine whether a user can view a particular record—for example, an order submitted by Zhang San should not be visible to Li Si unless Li Si is added to the Related Teams or granted access via sharing rules.

Data permissions are categorized as internal data permissions and external data permissions. External data permissions apply to interconnection applications such as ShareOrder and SharePartner. For example, when a buyer from Account A (user: Wang Wu) places an order by themselves, the system automatically grants external data access so they can view that order. If salesperson Zhang San places an order on behalf of Account A (Place Order on Behalf of Customer), Wang Wu cannot view that order in ShareOrder by default because internal records do not automatically grant external data access—external users are not authorized to view them unless explicitly granted.

External data access is managed via External Owner, External Related Teams, and External Sharing Rules. Details follow.

1.1 External Owner

When a record is created by a downstream Distributor, the record’s External Owner field is automatically populated so the Distributor’s purchasing users can view that record. Conversely, orders created via Place Order on Behalf of Customer default to an empty External Owner.

Note: If a Distributor has multiple purchasers, any purchaser (e.g., B) can view orders submitted by another purchaser (e.g., A).

1.2 External Related Teams

In addition to External Owner, the External Related Teams concept enables finer-grained access control among users inside a Distributor and supports hierarchical customer visibility (Upstream / Downstream). For example, a Distributor can view orders placed by its Stores.

Common scenarios: - If a salesperson places an order on behalf of a customer and the downstream Distributor needs to view it, add the Distributor to the External Related Teams. You can add individual users or add the entire company. - For multi-level channel visibility (e.g., a Distributor owner wants to view orders from their Stores), add the owning Distributor to the Store order’s external data permissions. You may add the Distributor owner as an individual or grant company-level access so all Distributor owners can view Store data.

1.3 External Sharing Rules

When granting access on a per-record basis is impractical, configure External Sharing Rules. Current rules are set by related objects. For example, if a Distributor who submitted a Sales Order should also be able to view related Payment Collection and Shipping Order records, configure external sharing rules accordingly.

Navigation: ShareOrder Management > Store Settings > Business Objects

Open Sales Order external related team data permissions and set related objects such as Payment Collection and Shipping Order to “Read Only”.

Similar settings apply to the Account object—for example, if users can view an Account they should also be able to view the Account’s addresses, Contacts, and account balances—these relationships can be configured via the same rule.

2. Common Usage Scenarios

2.1 Automatically Grant External Data Access for Orders Placed on Behalf of Customers

As described above, orders created via Place Order on Behalf of Customer are not visible to downstream Distributors by default. If you want Distributors to see these orders without manually adding External Related Teams to each order, configure the following.

1) In the Sales Order detail page layout (or the new/create/edit page layout if that is enabled), set the related field in Customer Name to assign external data access as External Owner. When an Upstream user creates an order, the system will automatically populate the External Owner and downstream users can view it.

Navigation: Admin Console > Object Management > Sales Order > Detail Page Layout

2) In Object Management, configure the Sales Order external data permissions and specify the related Customer field.

Navigation: ShareOrder Management > Store Settings > External Data Permissions > Select Target Object > External Related Teams

Note: The external data configuration for other objects follows the same pattern—use this Sales Order example as a reference.

2.2 Allow Downstream Users to View Account-related Orders, Payments, and Historical Records

Note: You can only configure permissions for other primary objects related to Account here; sub-objects are not yet supported. To enable this, configure the Account object’s external data permissions.

Navigation: ShareOrder Management > Business Objects > Account > External Related Teams Permissions

Note: External individual users also need to be granted the corresponding permissions to view these records.

2.3 Hide Sensitive Account Fields from Downstream Users

If certain sensitive fields on the Account object must not be visible to downstream users, set field-level permissions on the Account object to hide those fields.

Navigation: Interconnection > Roles > Permissions > select the relevant Role (for example, Order Placing Role) > find the target object > Field Permissions > set fields to Invisible

2.4 For Newly Connected Interconnection Companies

Before the standard automation is rolled out, you must manually configure the Account External Owner and External Related Teams.

We recommend configuring customer-related data permissions at the company level so that adding new interconnection users later does not require separate permission adjustments.