Creating external companies

Back to Creating company authorizations

Procedures on this page:

In the example scenario (see Tutorial), the company 'Smart Logistics AG', as the operator of the Lobster Data Platform / Orchestration system, seeks to include its industrial partners ('suppliers') and service providers ('transport companies') outside the immediate company hierarchy, which are referred to as external companies here:

images/download/attachments/78252033/image2020-11-27_8-59-12-version-1-modificationdate-1627309429895-api-v2.png

Create additional companies

In order for these external companies to participate in the processes of 'Smart Logistics AG' (e.g. 'Printing of shipping labels', 'Creation of delivery bills', etc.) represented in Lobster Data Platform / Orchestration, they must be created in the system.

The central 'administrator' (user 'jabend' with the role 'administrator' in the context of 'Smart Logistics AG') is primarily responsible for the necessary data maintenance.

In contrast to already created companies, external companies are not assigned to a Parent company:

images/download/attachments/78252033/image2020-11-27_11-52-22-version-1-modificationdate-1627309429876-api-v2.png

Now create all external companies according to this model (see the overview above), except the two subsidiary companies of 'Slim Foods AG', since this company will later manage its own structure itself.

  • Assign the Supplier ('Slim Foods AG', 'Fancy Fireworks Corp.') the Company types 'Exporter', 'Consignor', 'Bill to party', 'Principal' and 'Recipient' respectively.

  • Assign the Transport companies ('GLS Germany', 'DPD' and 'IDS') the Company types 'Shipping freight forwarder' and 'Receiving freight forwarder' respectively.

The company overview should now look like this:

images/download/attachments/78252033/image2020-11-27_11-54-18-version-1-modificationdate-1627309429872-api-v2.png

  • The external companies added to this list are highlighted by selection in the screenshot.

Enable self-administration for 'Slim Foods AG'

Create role ('SlimFoodsAdmin')

The supplier 'Slim Foods AG' should now have the possibility to create child companies in order to map its own hierarchy.

For this purpose, a new specific role 'SlimFoodsAdmin' for the self-administration of 'Slim Foods AG' is created via the role overview:

The new role is assigned the Role name 'SlimFoodsAdmin', by which its purpose can be easily recognized in the role overview.

Technically, Roles are unaware of any relationship between companies. Even if an owner is formally assigned to a role, access to the definition of roles in the role overview only depends on the role of the session. When logging in, if there are any other options, you can select exactly the roles that are assigned to the Users in the account.

  • The Role description is optional and shows in plain text what the role name already conveys in short form.

  • The 'Administrator' is selected as the Parent role, which inherits its restrictions ('Owner restriction') to the new role. By definition, only the same or a subset of the permissions defined for the parent role can be assigned.

The Permissions tab controls the permissions profile for the 'SlimFoodsAdmin':

  • When the Mode is switched to 'Custom', the tree with the selectable Permissions below appears without any selection.

  • In the Administration node, only the sub-nodes Accounts, Masterdata and System should be selected together. This gives a user with the role 'SlimFoodsAdmin' qualitative access to all permissions or functions contained in these sub nodes and can – insofar as the exercise of permissions is bound to their ownership – create, modify and delete its own objects. In addition, the user can, for example, access the default help, edit global master data and use all 'system functions', such as the File manager for uploading files.

images/s/-95e2zf/9012/8yg2g7/_/images/icons/emoticons/warning.svg CAUTIONimages/s/-95e2zf/9012/8yg2g7/_/images/icons/emoticons/warning.svg The authorization configuration shown here is explicitly not to be considered best practice, since full access to the System node offers possibilities that should NEVER be granted to an 'external' administrator in this form. However, the definition of the role might look like this in practice if all security-critical permissions are already 'deselected' for the selected Parent role and therefore not available.

images/download/attachments/78252033/image2020-11-27_12-15-58-version-1-modificationdate-1627309429853-api-v2.png

images/download/attachments/78252033/image2020-11-27_12-17-3-version-1-modificationdate-1627309429850-api-v2.png

Create user ('sfadmin')

In order for 'Slim Foods AG' to act independently in the system, a specific user must now be created, which is linked to the company 'Slim Foods AG' and the role 'SlimFoodsAdmin'.

Open the user overview and create a new user with the name 'sfadmin' (see First steps)

images/download/attachments/78252033/image2020-11-27_12-21-54-version-1-modificationdate-1627309429839-api-v2.png

  • The newly created user 'sfadmin' should use the Password sfadmin123! The field Name 1 should be set to "sfadmin", as well.

  • Under Roles, the new role 'SlimFoodsAdmin' is selected and under Companies the company 'Slim Foods AG'.

When Save is clicked, the new user immediately appears in the user overview list.

The user is set to Active by default, so that the login data (sfadmin/sfadmin123!) can be passed to 'Slim Foods AG', so the company can start its system maintenance.

The following steps should be executed in the context of a logon as user 'sfadmin', for whom the role 'SlimFoodsAdmin' and the company 'Slim Foods AG' are preset.

Log off from the system now and then log on again as user 'sfadmin'!

images/download/attachments/78252033/image2020-11-27_15-20-47-version-1-modificationdate-1627309429823-api-v2.png

In the logon context for the user 'sfadmin', the reduced Menu (1) bar, which contains only the items Administration and Help, is immediately noticeable. The available sub-items are reduced depending on the definition of the role used.

images/download/attachments/78252033/image2020-11-27_15-22-48-version-1-modificationdate-1627309429820-api-v2.png

Create a company structure for 'Slim Foods AG'

As described under Creating company structures, the company structure for 'Slim Foods AG' is now created with the existing login as user 'sfadmin'.

NOTE◄ As 'Slim Foods AG' is the company of the session, it is by default assigned as the owner of all companies created.

Create the companies 'Slim Foods Germany' and 'Slim Foods UK' as child companies of 'Slim Foods AG'!

images/download/attachments/78252033/image2020-11-27_15-24-17-version-1-modificationdate-1627309429816-api-v2.png

Create customers for 'Slim Foods AG' as companies

In addition to its own company structure, 'Slim Foods AG' also seeks to create its customers as companies in the system, including the retail chain '99cents Discounter' (see 'Orderer' in the example scenario under Documentation).

Registration of this customer in the product name system is not planned until further notice. However, the 'Slim Foods AG' administrator needs to map the company structure with the various branches for the customer '99cents Discounter' in the system.

Create the company '99 cents Discounter' and its branches as child companies (see screenshot for details). Assign address data at will!

images/download/attachments/78252033/image2020-11-27_16-56-41-version-1-modificationdate-1627309429806-api-v2.png

  • Again, 'Slim Foods AG' is automatically assigned as owner of the four added companies, which is welcome, as 'Slim Foods AG' aims to keep the administration of this company structure completely within its own hands.

  • On this basis, 'Slim Foods AG' has the necessary access to all companies of this customer without the need for Company authorizations (see Creating company authorizations).

  • In this constellation, future extensions of the company hierarchy of '99 cents Discounter' should be configured by the administrator of 'Slim Foods AG' ('sfadmin').

Result: Strictly separated areas of responsibility

An important objective of the previous work steps for the configuration of the Lobster Data Platform / Orchestration system is the strict differentiation of responsibilities between the parties involved.

Change user from the currently logged in 'sfadmin' ('Slim Foods AG' Administrator) to the user 'jabend', who administers the entire system for 'Smart Logistics AG'!

A look at the company overview from the perspective of Smart Logistics AG shows the separation of responsibilities based on the visibility of the companies:

images/download/attachments/78252033/image2020-11-27_17-8-26-version-1-modificationdate-1627309429795-api-v2.png

  • The companies created by 'Slim Foods AG' are invisible to 'Smart Logistics AG' because 'Slim Foods AG' is the owner of these companies and no corresponding Company authorizations have been set up.

  • Conversely, the companies listed for 'Smart Logistics AG' are invisible to 'Slim Foods AG' – apart from 'Slim Foods AG' itself.

The following image illustrates the separation and overlapping of the areas of responsibility in a graphic way:

images/download/attachments/78252033/image2020-11-27_17-16-44-version-1-modificationdate-1627309429788-api-v2.png

NOTE◄ 'Slim Foods AG' sees its own account, which is owned by 'Smart Logistics AG', only because the access to the company of the session is given in principle, regardless of ownership and company permissions, provided that the role of the session has appropriate permissions for 'companies' at all.


Continue with Companies as groups