Closed JasonCare closed 5 years ago
amervitz
commented
5 years ago It could be that the service account's (what you refer to as the CRM portal user) custom security role doesn't have the privilege to read contacts that belong to other business units than the one the service account belongs to. To fix this you could try granting the custom security role the global access level privilege on the contact entity. The global access privilege is documented at Security roles and privileges.
JasonCare
commented
5 years ago Hi thanks for replying. I thought about that too. I tried a few things like leaving the service account at the root and having the service account own the portal user records. The copied role that the service account uses has full access to contacts too.
Taking an exact copy of the system admin role and changing nothing other than changing the name of the role stops contacts from being able to log in.
amervitz
commented
5 years ago I've remembered there is also a field security profile called Local Identity Credentials which restricts access to authentication related fields on the contact entity. The service account would definitely need to be added to the users list of this field security profile when creating a custom security role in order for portal authentication to work properly.
JasonCare
commented
5 years ago I'll give this a try! Thanks!
JasonCare
commented
5 years ago That was it! Thank you so much I was banging my head against this one for a while.
I noticed that if the CRM portal user isn't a System Administrator regular portal users can't login to portal. Even a direct copy of the role doesn't work. Is this by design? Seems like the role is hard coded somewhere.
Our scenario: We have one CRM and two portals. Each portal is used to see certain knowledge articles. Our CRM portal users are in their own business unit and their role allows them to only see knowledge articles that are within their BU. Everything else in the role is the same as System Admin. It appears that since we copied the System admin role regular users can no longer log into the site. If we revert the CRM portal user role back to system administrator it works again.