Security Guide for Siebel Business Applications > Configuring Access Control > Planning for Access Control >
Planning for Responsibilities
Responsibilities determine which views users have access to. For example, the System Administrator responsibility allows access to all views. Defining responsibilities lets you limit user access to views, and therefore to your Siebel application's information and functions. You must assign responsibilities to all users. Without a responsibility, a user cannot use the Siebel application, because that user cannot access any views.
You can also assign tab layouts and tasks to responsibilities. For more information, see Managing Tab Layouts Through Responsibilities and Managing Tasks Through Responsibilities.
NOTE: It is recommended that you use the responsibilities that are provided as seed data, where applicable. Then define any additional responsibilities you require that correspond to the major job functions in your organization.
For example, you might use or create responsibilities for the marketing administrator, the sales manager, and sales representatives. The sales representative responsibility might have access to all views except those reserved for sales management, marketing administration, and applications administration. The sales manager responsibility might have access to the same views as the sales representative, plus the sales manager views, and so on.
As appropriate, you can specify that a view will be read-only for a given responsibility.
To define a responsibility, you must specify which views are available to that responsibility. You can use the seed responsibilities that come with your Siebel application. These can be copied and then customized.
NOTE: You cannot modify or delete the seed responsibilities. For instance, you cannot change the Siebel administrator responsibility. You can copy the seed responsibilities and modify the copies.
When you are defining responsibilities, consider the following issues:
- You should grant access to the System Preferences view to only a selected group of administrators. End users should not be given access to the System Preferences view. System preferences control many things throughout the system, including some server logic and processing for Siebel Remote and Siebel Assignment Manager.
- You should not add Administration views to responsibilities associated with end users. Likewise, you should limit access to the Master Forecasts, Mobile Web Clients, Responsibilities, Views, and Territories views. The work performed with these views has far-reaching implications for the entire application.
- Where users require access to data presented in a view, but should not be able to create or modify data, specify that the view will be read-only for this responsibility. (If any one responsibility for a user is associated with a view that is not marked with the Read Only View flag, the view will not be read-only for this user, regardless of how the flag is set for any other responsibility.)
- You may want to hide access to license keys by deleting the license key-related views from a user's responsibility. For more information about license keys, see Applications Administration Guide.
- If you add the Internal Division view to a user's responsibility, all organizations in the Organizational picklist are displayed. By default, only the organization the user belongs to appears in this picklist.
- If you log into the application through the normal Siebel Web Client, you can add new views to responsibilities in the Administration - Application > Responsibilities view.