This article explains the User and Person objects. Managing users with the flexibility of Vault objects allows you to create reports based on user data, create custom fields, and reference users directly from documents with lookup fields.

About the User Object

You can create and manage users with User object records. The User object contains a record for each existing member of your Vault. Additionally, if a user is a member of multiple Vaults, the user will have a record in each of the Vaults to which they have membership.

Creating User Records

Starting in the 20R1 release, Admins create all users with User object records. You can access the User object list page from the Admin > Users & Groups > Vault Users page. You can also access User records from a custom User object tab or Business Admin > Objects > Users, if available. When creating a new User record, you can add a user from the domain to the current Vault, including cross-domain users, or create a new user.

The User object page layout is the same across all User object pages and the Admin > Users & Groups > Vault Users page. If you edit the User object page layout, the changes apply to the Admin > Users & Groups > Vault Users page as well as all User object pages.

About the Person Object

The Person object allows you to add individuals who aren’t domain users to your Vault. This is useful for keeping records of individuals outside of your organization, such as contractors, that you may have worked with, but who aren’t users in your Vault.

You can also reference existing users from a Person record. This allows you to maintain user and non-user records within a single object.

Creating Person Records

To create Person records, navigate to Business Admin > Objects > Persons and click Create. If you select a User, Vault populates the First Name, Last Name, Language, Locale, Timezone, Email, Mobile, Image, and Manager fields with data from the referenced user when you save. This creates an outbound reference to the User object. Vault syncs any changes to shared fields between both object records. For example, if an Admin updates Dave’s email address on his Person record, Vault updates the Email field on his User record to match.

If you do not specify a user, Vault requires you to populate the First Name, Last Name, Email, Language, and Timezone fields manually.

If Admins configure duplicate match rules on the Person object, Vault can detect duplicate records when you create a Person record from:

  • Business Admin > Objects or a custom object tab
  • Copying an existing Person record
  • Object reference field on a document or object record

A warning may appear beneath the Email field if its input is a match to that of an existing record. Additionally, Vault may disable the Save button or prompt you to review similar records in a dialog when it detects duplicate records.

Reviewing Duplicate Person Records

When duplicate record detection is enabled on the Person object, Vault displays a dialog when it detects you are about to create a duplicate Person record. If you have permission to view at least one of the detected duplicate records, this dialog shows up to 25 results to review.

To review duplicate records:

  1. Click the record name to view an existing record in a new tab.
  2. Optional: Click Cancel to return to your record and make edits.
  3. Optional: Click Create to proceed with creating the record. Depending on your Vault’s configuration, this button may not be available.

You may also need to review duplicate records when creating a Person record from an object reference field on a document or object record. If you have permission to view at least one of the detected duplicate records, this dialog shows up to 25 results to review. Select the new record or an existing record to populate the object reference field. Depending on your Vault’s configuration, you may not be able to select the new record and must select an existing record.

About the Manager Field

Both the User and Person objects contain an optional Manager field with self-referencing relationships to the User object to show hierarchy. For example, you can add a related list to the object page layout to display a list of direct reports for a specific user.

Synchronizing Legacy Users and User Object Records

Vault synchronizes User object records with Legacy User accounts and all other Vaults to which the user has membership. Because the User object shares many of the same fields with Legacy User accounts, Vault populates those fields across all Vaults; this includes cross-domain users. Special purpose fields related to authentication, such as the user password, are not included on the User object. Vault does not synchronize updates to custom fields.

About the Vault Membership Lifecycle

Vault provisions the User object with the Vault Membership object lifecycle. The Vault Membership object lifecycle includes the Inactive and Active states, allowing you to change a user’s state with a user action.

Vault Membership Lifecycle Restrictions

The Vault Membership lifecycle has the following restrictions:

Membership Lifecycle Details Page

Only the label and description are editable.
You cannot delete or deactivate the Active, Inactive, or Pending lifecycle states. Additionally, you cannot add any new states.
Vault runtime does not use role permissions configuration at this time and will be enforced once Vault supports matching sharing rules on the User object in a future release.

Membership Lifecycle States Details Page

Only the state label and description are editable.
Entry Criteria & Entry Actions
These features are disabled on all states of the Vault Membership lifecycle.
User Actions
You cannot delete or add conditions to the system actions Make User Inactive (Active state), Make User Active (Inactive states), or Make User Pending (Pending state). However, you can add lifecycle state user actions to any state.

User References

Vault allows you to create object and document fields that reference the User object. Like other object references, these fields point to the record ID and allow User object fields to be included as lookup fields. When selecting from these fields, you see all active User records in your Vault. Domain users who don’t have membership to the current Vault do not appear in the selection menu.

About Legacy User Reference Fields

In previous releases, User was not an object like Product or Study. However, you could still create document and object reference fields to users that did not reference a true object. Although users are now represented as objects, the following document and object fields do not reference the User object:

  • Created By
  • Last Modified By
  • Checked Out By
  • Version Created By
  • Last Auto-Filed By

To prevent user information from being exposed in your users’ Vaults, reference links to User object records are disabled by default. You can choose to enable user reference links, however, we recommend configuring Field Level Security before doing so. Although some legacy user reference fields do not reference the User object, enabling user reference links allows the Created By and Last Modified By fields to link to User records.

To enable links to User records, navigate to Admin > Settings > General Settings and select the Enable User Reference Links checkbox.

Applying Reference Constraints

You can apply reference constraints on User object fields based on their relationship with the User object. You cannot apply reference constraints onsystem-managed user reference fields that do not reference the User object, such as Created By or Last Modified By.

Configuring Object Page Layouts

You can configure page layouts for the User object to show related object records referencing the domain user. For example, the User Role Setup object includes the User field, which points to the User object. When you add a related object to the User object’s page layout, Vault displays User Role Setup as an option.


Managing users with the User object allows you select User as the primary reporting object and create reports based on user data. For example, you can create a report based on the related Activity object to view productivity or the Last Login field.