This article explains the User and Person objects. Managing users with the flexibility of Vault objects allows you to create reports based on user data, create custom fields, and reference users directly from documents with lookup fields.
Note: The User object is provisioned with multiple system-owned user records that appear in all Vaults. These accounts are used to capture actions that are performed by Vault instead of by a user. Although these records are visible when viewing and exporting the User record list, the records are not included in license counts, are read-only, and cannot be referenced by another User or document. The System user record is inactive, is not synchronized with Legacy Users, and does not appear in the Users & Groups tab.
About the User Object
You can create and manage users with User object records. The User object contains a record for each existing member of your Vault. Additionally, if a user is a member of multiple Vaults, the user will have a record in each of the Vaults to which they have membership.
Creating User Records
Starting in the 20R1 release, Admins create all users with User object records. You can access the User object list page from the Admin > Users & Groups > Vault Users page. You can also access User records from a custom User object tab or Admin > Business Admin, if available. When creating a new User record, you can add a user from the domain to the current Vault, including cross-domain users, or create a new user.
The User object page layout is the same across all User object pages and the Admin > Users & Groups > Vault Users page. If you edit the User object page layout, the changes apply to the Admin > Users & Groups > Vault Users page as well as all User object pages.
About the Person Object
The Person object allows you to add individuals who aren’t domain users to your Vault. This is useful for keeping records of individuals outside of your organization, such as contractors, that you may have worked with, but who aren’t users in your Vault.
You can also reference existing users from a Person record. This allows you to maintain user and non-user records within a single object.
Creating Person Records
To create Person records, navigate to Admin > Business Admin > Persons and click Create. Select a User and Vault populates the First Name, Last Name, Language, Locale, Timezone, and Email fields with data from the referenced user when you save. This creates an outbound reference to the User object.
If you do not specify a user, Vault requires you to populate the First Name, Last Name, Email, Language, and Timezone fields manually.
If Admins configure duplicate match rules on the Person object, Vault can detect the creation of duplicate records. A warning may appear beneath the Email field if its input is a match to that of an existing record. Additionally, when Vault detects duplicate records, it may disable the Save button, or prompt you to review similar records in a dialog.
Configuring Duplicate Person Detection
To reduce the need for data clean-up, Vault can detect and prevent the creation of duplicate Person records. Based upon your configuration, Vault can use exact or fuzzy matching rules to detect duplicate records before users create them. Admins can also allow users to proceed with the creation of a duplicate record. Detection only applies when a record is created from a custom Person object tab or from the Business Admin menu.
To configure duplicate Person detection:
- Navigate to Admin > Settings > Person Settings. Select the Enable duplicate detection on new person records checkbox. This setting is enabled by default.
- Optional: Select Match persons only in the same object type to enable Vault to search for duplicate records that share the same Person object type when creating records. If disabled, Vault does not take the object type into account when returning results.
- Optional: Select Allow user to proceed with creating duplicate person records to allow users to save a record that is detected as a duplicate. If disabled, users will be unable to save the duplicate record.
To configure duplicate match rules:
- Optional: Select Exact match on Email.
- Optional: Select Exact match on First Name and Last Name.
- Optional: Select Fuzzy match on First Name and Last Name; Exact match on Mobile Phone. Unlike exact match, fuzzy match identifies texts that closely match with a difference of up to 2 characters. Fuzzy match works best with Latin characters. If users are working with international data (for example, Chinese characters), we recommend using exact match.
- Optional: Select Exact match on First Name Initial and Last Name; Exact match on Mobile Phone.
- Optional: Select Fuzzy match on First Name and exact match on Last Name.
- Optional: Select Enable duplicate detection in an additional field to enable duplicate detection in an additional field on the Person object, along with the preferred matching method. Some field types only allow for one matching method, while others are excluded from both fuzzy and exact match.
- When finished editing, click Save.
Reviewing Duplicate Person Records
When duplicate record detection is enabled on the Person object, Vault displays a dialog when it detects a user is about to create a duplicate Person record. If the user has permission to view at least one of the detected duplicate records, this dialog shows up to 25 results for the user to review.
To review duplicate records:
- Optional: Click the record name to view an existing record in a new tab.
- Optional: Click Cancel to return to your record and make edits.
- Optional: Click Create to proceed with creating the record. Depending on your Vault’s configuration, this button may not be available.
About the Manager Field
Both the User and Person objects contain an optional Manager field with self-referencing relationships to the User object to show hierarchy. For example, you can add a related list to the object page layout to display a list of direct reports for a specific user.
Synchronizing Legacy Users and User Object Records
Vault synchronizes User object records with Legacy User accounts and all other Vaults to which the user has membership. Because the User object shares many of the same fields with Legacy User accounts, Vault populates those fields across all Vaults; this includes cross-domain users. Special purpose fields related to authentication, such as the user password, are not included on the User object. Vault does not synchronize updates to custom fields.
About the Vault Membership Lifecycle
Vault provisions the User object with the Vault Membership object lifecycle. The Vault Membership object lifecycle includes the Inactive and Active states, allowing you to change a user’s state with a user action.
Vault Membership Lifecycle Restrictions
The Vault Membership lifecycle has the following restrictions:
Membership Lifecycle Details Page
- Only the label and description are editable.
- You cannot delete or deactivate the Active, Inactive, or Pending lifecycle states. Additionally, you cannot add any new states.
- Vault runtime does not use role permissions configuration at this time and will be enforced once Vault supports matching sharing rules on the User object in a future release.
Membership Lifecycle States Details Page
- Only the state label and description are editable.
- Entry Criteria & Entry Actions
- These features are disabled on all states of the Vault Membership lifecycle.
- User Actions
- You cannot delete or add conditions to the system actions Make User Inactive (Active state), Make User Active (Inactive states), or Make User Pending (Pending state). However, you can add lifecycle state user actions to any state.
Vault allows you to create object and document fields that reference the User object. Like other object references, these fields point to the record ID and allow User object fields to be included as lookup fields. When selecting from these fields, you see all active User records in your Vault. Domain users who don’t have membership to the current Vault do not appear in the selection menu.
About Legacy User Reference Fields
In previous releases, User was not an object like Product or Study. However, you could still create document and object reference fields to users that did not reference a true object. Although users are now represented as objects, the following document and object fields do not reference the User object:
- Created By
- Last Modified By
- Checked Out By
- Version Created By
- Last Auto-Filed By
Enabling User Reference Links
To prevent user information from being exposed in your users’ Vaults, reference links to User object records are disabled by default. You can choose to enable user reference links, however, we recommend configuring Field Level Security before doing so. Although some legacy user reference fields do not reference the User object, enabling user reference links allows the Created By and Last Modified By fields to link to User records.
To enable links to User records, navigate to Admin > Settings > General Settings and select the Enable User Reference Links checkbox.
Applying Reference Constraints
You can apply reference constraints on User object fields based on their relationship with the User object. You cannot apply reference constraints onsystem-managed user reference fields that do not reference the User object, such as Created By or Last Modified By.
Configuring Object Page Layouts
You can configure page layouts for the User object to show related object records referencing the domain user. For example, the User Role Setup object includes the User field, which points to the User object. When you add a related object to the User object’s page layout, Vault displays User Role Setup as an option.
Managing users with the User object allows you select User as the primary reporting object and create reports based on user data. For example, you can create a report based on the related Activity object to view productivity or the Last Login field.