Siebel Access Control, Views and Data

Access Control + Views + Data

Mechanisms used to control user access to views + data records in Siebel

Two (only) Types of Access Control

View-level Access Control: controls access to views (based on job function/role)

Responsibility:

• Determines set of views to which a user has access (based on job role)
• Views can be under more than one responsibility (different responsibility. Can share a common set of views)
• User can have more than one responsibility (after logging-in, user sees “union” of all views available to them)

If a user does not have a view, he/she will not see a reference in:

• Site map
• Show drop-down list
• Detail tabs

If user does not have access to any views in a screen:

• Screen tab is not displayed
• Screen will not appear in the Site map

Data-level Access Control: Controls user access to data records

**types are not mutually exclusive.. can be restricted by more than one**

Types of Data (not interface or repository data)

• Customer Data :

• Includes dynamic, transactional data such as Accounts, Optys, Orders; Created + Managed by users of App; Access controlled at record level

• Master Data

• Includes static, referential data such as products + literature
• Created + maintained by admins
• Grouped into Catalogs + categories (which control access)

Three ways to control:

• Personal Access Control

• Limited to records that a user has created or to which a user has been assigned (user id restricted)

• Position-based Access Control

• Limited to users based on their position within an organization (I.e. Arlington Hotel position for Marriott receives all Reservations -- Opportunities -- for that territory)

• People may change, but position is static
• Some positions have single EE (i.e. CEO) ; Some have Multiple (i.e. Sales group) à in later case there is a primary EE
• Primary Employee: only this person’s name appears in a record’s team field
• EEs can have M positions; has a primary position that is the default when logging in;
• Since users can only log in as one position at a time, they may “Change Postions” while in an active session. 

• SINGLE vs. TEAM access control:

• (1) Single Position Access Control: only one position can be assigned to record; all users with that position have access to the record
• (2) Team Access Control: allows multiple positions to be assigned to a single record; all users associated with both positions have access

E.g. Opportunities View, Contacts View, Accounts View

• Every team has one position designated as primary for each record, but default is person who creates record, that person can change the primary (or an Admin or AM)
• Organization-based Access Control
• Limited to organization to which a user’s positions are assigned
• Provides another level at the business organization level
• User belongs to one organization at a time
• Allows you to partition company into logical groups
• Types:
• Single Organization: assigns single org to record
• Multiple Organization: assigns multiple orgs to individual record (similar to multiple positions)

at 12/09/2011