Bookshelf Home | Contents | Index | PDF |
Security Guide for Siebel Business Applications > Security Adapter Authentication > Security Adapter Deployment Options > Configuring Roles Defined in DirectoryRoles are an alternate means of associating Siebel responsibilities with users. This option can be implemented in the following authentication strategies:
Responsibilities assigned to each user in Siebel Business Applications provide users with access to particular views. Responsibilities are created in the Siebel application and are stored in the Siebel Database. One or more responsibilities are typically associated with each user in the Administration - Application screen. Roles in the LDAP/ADS directory are another means of associating Siebel responsibilities with users. Roles are useful for managing large collections of responsibilities. A user has access to all the views associated with all the responsibilities that are directly or indirectly associated with the user. CAUTION: It is recommended that you assign responsibilities in the database or in the directory, but not in both places. If you define a directory attribute for roles, but you do not use it to associate responsibilities with users, leave the attribute empty. If you use roles to administer user responsibilities, follow these guidelines:
You can configure Siebel-provided security adapters to retrieve roles for a user from the directory. For each Siebel application that uses roles, set the following parameter value for the LDAP or ADSI security adapter. For example, for the LDAP security adapter, define the following parameter: RolesAttributeType= attribute_in_which_roles_are_stored For information about setting Siebel configuration parameters, see Configuration Parameters Related to Authentication. |
Security Guide for Siebel Business Applications |