Security Guide for Siebel Business Applications > Configuring Access Control > Implementing Access Control >
View Access Control Properties
A view's access control properties determine what applet is used to drive visibility and what access control mechanism is applied to the business component on which the view is based.
You use Siebel Tools to work with properties of views.
To see a view's access control properties
- Launch Siebel Tools.
- In the Object Explorer, click the Views object type.
The Views list appears as shown in the figure below. Its fields include those that influence visibility.
The following fields in the Views list help determine data visibility.
- Title. The title is the name given to a view in the user interface. It should suggest the level of access control on the view's data. For example, My Accounts suggests more restricted visibility than My Team's Accounts.
- Visibility applet. Typically, this is the master in a master-detail applet relationship. This applet defines the business component on which the view is based and how fields of the business component are displayed.
When the view property Visibility Applet is defined on a view, this view is considered to be associated with its own, independent visibility. The Siebel application will re-query this view when you choose it, according to the Visibility Applet Type (the default Visibility Applet Type is All).
NOTE: Do not specify the Visibility Applet property on detail views, where the current record context and the current query should be retained.
- A view has an entry in this field if the view is not derived from another view. For example, a view that is listed in the link bar for any screen has a visibility applet, but a view that results from drilling down from another view does not. A view with no visibility applet typically inherits access control properties from the view from which it is derived.
- Multiple views can have the same visibility applet. For example, both All Account List View and Manager's Account List View have Account List Applet as their visibility applet.
- Visibility Applet Type. This field determines the access control mechanism that is applied to that view. It specifies which of the business component's view modes are applied and how they are applied. Following are the choices available in the picklist for this field:
- All. A view of this type applies All access control.
The user can access all records, except for those with a missing or invalid owner.
- Personal. A view of this type applies personal access control.
The user can access records with which the user's Person record is associated, as determined by the business component's Visibility Field.
To use this visibility applet type, the business component must have a view mode with owner type Person.
NOTE: The Personal view mode of the Quote business component is specialized to display quotes created by the user and assigned to somebody else.
- Sales Rep. A view of this type applies single-position or team access control.
The user can access records owned by the user's position or records whose team contains the user's position, as determined by the business component's Visibility Field or Visibility MVField.
To use this visibility applet type, the business component must have a view mode with owner type Position.
- Manager. A view of this type applies manager access control.
The user can access records associated with the user's own position, positions that report directly to the user's position, and positions subordinate to those direct reports. Specifically, the user has access to the following data:
- Organization. A view of this type applies single-organization or multiple-organization access control, as determined by the business component's Visibility Field or Visibility MVField.
The user can access records associated with the organization to which the user's position is associated.
To use this visibility applet type, the business component must have a view mode with owner type Organization.
- Sub-Organization. A view of this type applies suborganization access control. The user has access to the following data:
- Group. A view of this type applies Group access control, which is one mechanism of access-group access control. The user is associated with an access group if, during the current session, the user is associated with a position, organization, account, household, or user list that is a member of the access group.
The user can access categories of master data that are associated with any of the access groups with which the user is associated. In a view that provides a navigable tree, the user sees accessible first-level subcategories (child categories) in the current category. In a view that provides a list of master data records, the user sees all the records in the current (already accessed) category.
To use this visibility applet type, the business component must have a view mode with an owner type of Group.
- Catalog. This view applies Catalog access control, which is one mechanism of access-group access control. The user is associated with an access group if, during the current session, the user is associated with a position, organization, division, account, household, or user list that is a member of the access group.
The user sees a flat (uncategorized) list of all the data in all of the categories across catalogs to which all of the user's access groups have access. This visibility type is typically used in product picklists and other lists of products.
To use this visibility applet type, the business component must have a view mode with an owner type of Catalog Category.
NOTE: Despite setting the visibility type to Catalog, you may be able to see extra products in product picklists and other lists of products. This is expected behavior for products that belong to public catalogs.
- Admin Mode. This property requires a
FALSE value. When
TRUE, the view operates in Admin mode. When the view is in Admin mode, all insert, delete, merge, and update restrictions for the business component used by applets of the view are ignored (including those restrictions specified by the following business component user properties: No Insert, No Delete, No Merge, No Update).
Examples of Admin mode views include Account Administration view, Opportunity Administration view, and Product Administration view.
Admin mode does not override pop-up visibility. It does not override Read Only restrictions on fields in a business component.
In Admin mode, every record in a view that uses team access control is visible, even those with no primary position designated. (This mode is distinct from All visibility, which shows all records that have a primary team member designated.)
CAUTION: Views using Admin mode are intended for access by administrators and are typically included in a grouping of like views in an administration screen, such as Administration - Application. Do not include views in Admin mode in a screen with views not set for Admin mode. When a user transitions from a view that is in Admin mode to one that is not, the target view remains in Admin view, thereby exposing data that is not intended to be seen.