Parental Scope Example
Global permissions to Tasks related to leads
In one scenario, one might want to use an entity list and entity form(s) to surface all leads on the portal, to anyone in a custom "Lead Manager" Web Role. On the Lead Edit Form, which is launched whenever a lead row is clicked on the List, there will be a subgrid displaying related Task records. These records should be accessible to anyone in the Lead manager role. As the first step, we'll give Global Permissions to leads to anyone in our Lead Manager Role.
This role has a related Entity Permission for the "Lead" entity, with a Global scope.
Users in this role can access all leads via Entity Lists or Forms on the portal.
We will now add a Child Permission to the Global Lead Permission. With the Parent permission record open, first navigate to the Child Entity Permissions subgrid and click New to open a lookup for entity permissions, then click the magnifying glass and click New to add a new record.
Select the entity as Tasks and the Scope as Parental. Note that you can then select the parent relationship (Lead_Tasks). This permission implies that a contact that is in a web role with the parent permission will then have global permission to all tasks that are related to leads.
Remember that in order for your list to respect these permissions, you must have enabled Entity Permissions on the list AND there must be actions that will actually allow the users to perform the actions for which their permissions have been granted. Furthermore, Permissions must also be enabled on the Entity Form record, and that form must be surfacing a CRM that has a subgrid on it for the entity that you want to enable with child permissions, in this case Tasks. Furthermore, in order to enabled read or created for tasks, you will need to configure those Entity Forms too, and edit the forms to remove the Regrading lookup field from said forms.
This then grants permissions for all tasks that are related to leads. If Tasks are being surfaced on an entity list, a filter is essentially added to the list so that only tasks that are related to a lead will show up in the list. In our example, they are being surfaced with a subgrid on an entity form.
Contact-Scoped Permissions to Tasks
Another example would be if you wanted to allow access to tasks for which a contact is related to the parent Lead for that task. This scenario is nearly identical to the above except that in this case the parent permission has a scope of Contact, instead of global. A relationship must be specified on the parent relationship between the Lead entity and the Contact Entity.
Once these permissions are in place, users in the Lead Manager role can access leads that are related to them directly as specified by the contact-scope permission, and Tasks related to those same Leads as specified by the child permission record.