I. External Data Permission Overview

System permissions include functional permissions and data permissions. Data permissions determine whether a user can view specific records, such as Sales Orders. For example, a Sales Order submitted by Zhang San would not be visible to Li Si by default (unless Li Si is added to Related Teams or granted access through sharing rules).

Data permissions are categorized into internal and external data permissions. External data permissions apply to interconnected applications like ShareOrder and SharePartner. When procurement officer “Wang Wu” from Account A places an order online, they can view it by default due to automatically assigned external data permissions. However, orders placed by salesperson “Zhang San” on behalf of Account A are not visible to “Wang Wu” in ShareOrder by default, as internal data doesn’t automatically grant external viewing permissions.

External data permissions consist of External Owner, External Related Teams, and External Sharing Rules, which we’ll explore in detail below.

1.1 External Owner

When a record is created by a Downstream Distributor, the [External Owner] field is automatically populated, allowing the distributor’s procurement staff to view this data. Conversely, records created through Place Order on Behalf of Customer will have an empty [External Owner] field by default.

Note: When a distributor has multiple procurement staff, orders submitted by A can also be viewed by B.

picture coming soon:

1.2 External Related Teams

In addition to the External Owner field, there’s the concept of External Related Teams. This feature enables granular permission management within distributor organizations and facilitates data visibility between hierarchical Accounts (e.g., when distributors need to view order data from subordinate Stores).

Common use cases include: - For orders placed by sales representatives on behalf of customers, Downstream Distributors must be added to External Related Teams for visibility. You can add individuals or entire organizations. - Multi-level channel data visibility, such as when distributor owners need to view subordinate Store orders. In this case, the owning distributor must be added to the Store order’s external data permissions - either as individual owners or as an organization (granting all distributor personnel access to Store data).

picture coming soon:

1.3 External Sharing Rules

When individual record authorization isn’t practical for company-wide scenarios, you can configure External Sharing Rules. Current rules are based on related records. For example, distributors submitting orders should be able to view associated Payment Collections and Shipping Orders, which can be enabled through External Sharing Rules.

Navigation: [Order Management] > [Store Settings] > [Business Objects]

Click on the External Related Teams data permissions for Sales Orders and set the permissions for related Payment Collections and Shipping Orders to “Read-only”.

Similar configurations apply to Account objects. For instance, you can set rules so that users who can view an Account can also see its addresses, Contacts, and account balances.

picture coming soon:

picture coming soon:

II. Core Application Scenarios

2.1 Automatically Adding External Data Permissions for Orders Placed on Behalf of Customers

As mentioned earlier, Downstream Distributors cannot view orders placed on their behalf by default. To enable distributor visibility without manually configuring External Related Teams for each order, you can adjust system parameters:

1) In the Sales Order detail page layout (or create/edit page layout if enabled), set the associated external data permission for the [Account Name] field to “External Owner”. This automatically assigns an External Owner when Upstream creates an order, enabling Downstream visibility.

Navigation: [Admin Console] > [Object Management] > [Sales Order] > [Detail Page Layout]

picture coming soon:

2) In Object Management, configure the Sales Order’s external data permissions by setting up related Account fields.

Navigation: [Order Management] > [Store Settings] > [External Data Permissions] > [Select Specific Object] > [External Related Teams]

Note: The same approach applies to external data permission settings for other objects.

picture coming soon:

picture coming soon:

2.2 Viewing Account-Related Historical Data (Orders, Payments, etc.)

(Note: This configuration only applies to Primary Objects related to Accounts; Sub-objects are not currently supported) Configure the Account object’s external data permissions:

Navigation: Order Management > Business Objects > Account > External Related Teams Permissions

picture coming soon:

picture coming soon:

picture coming soon:

Note: External users also require corresponding permissions to view this data:

picture coming soon:

2.3 Restricting Downstream Access to Sensitive Account Information

You can set field-level permissions for Account objects:

Navigation: Interconnection Roles > Permission Settings > Locate the target role (e.g., Order Personnel) > Find the target object and click “Set Field Permissions” > Set to “Invisible”

picture coming soon:

2.4 Configuring Newly Connected Enterprises

Before implementing standard solutions, you must manually configure the Account’s External Owner and External Related Teams:

picture coming soon:

We recommend configuring Account-related data permissions at the organizational level, eliminating the need for individual configurations when adding new interconnected users:

picture coming soon: