Print      Open PDF Version of Online Help


Previous Topic

Next Topic

How Access Rights for Displaying Related Record-Type Records are Determined

When a user successfully views the Detail page for a record, Oracle CRM On Demand uses the following process to determine which related records the user can see:

  • Oracle CRM On Demand verifies that the user’s role has the necessary privileges to view the record type. If the user's role does not have the necessary privileges to view the record type, the records of this related record type are not shown.
  • If the related record type is based on a primary record type, Oracle CRM On Demand verifies that the Has Access check box for the related record type is selected. If the Has Access check box is deselected for the related record type, the records of this related record type are not shown.
  • If the owner of the parent record is the current user, Oracle CRM On Demand extracts the access level for the related record type from the current user’s owner access profile.
  • If the owner of the parent record is the current user’s subordinate at any level in the reporting hierarchy, Oracle CRM On Demand extracts the access level for the related record type from the current user’s owner access profile.
  • If the owner of the parent record is an unrelated user:
    • If the Can Read All Records option is selected for the related record type on the current user’s role, Oracle CRM On Demand extracts the access level for the related record type from the current user’s default access profile.
    • If the Can Read All Records option is deselected for the related record type on the current user’s role, the current user's default access profile is not used.

      In this case, the current user gains access to the Detail page of the parent record in one or more of the following ways:

      • The current user is a member of the team on the parent record.
      • The current user has a direct or indirect subordinate who has access to the parent record.
      • The current user is a member of a book that contains the parent record, or the parent record is in a subbook of a book where the current user is a member.
      • The current user has been delegated by another user who has access to the parent record.

        Oracle CRM On Demand therefore extracts the access levels for the related record type from the access profiles for the parent record through each of the applicable access-control components.

  • Oracle CRM On Demand then evaluates all the related access levels to determine if the Inherit Primary access level is present in the set of access levels and determines what records to display, as follows:
    • If the Inherit Primary access level is not found:
      • If the most permissive access level is No Access, then the related records are not shown.
      • If the most permissive access level is anything other than No Access, then all related records are shown, including records the current user is not authorized to see.
    • If the Inherit Primary access level is found, and the Can Read All Records check box is selected for the related record type in the current user’s role, then all related records are displayed.
    • If the Inherit Primary access level is found, and the Can Read All Records check box is deselected for the related record type in the current user’s role, then the set of related records that is shown includes all records where any one of the following is true:
      • The current user owns the related record.
      • The current user is a member of the team on the related record.
      • The current user has a direct or indirect subordinate who has access to the record.
      • The current user is a member of a book that contains the related record, or the related record is in a subbook of a book where the current user is a member.
      • The current user has been delegated by another user who has access to the related record.

        NOTE: The Activities, Open Activities, and Closed Activities related record types are exceptions to the rules stated above. If the Inherit Primary access level is found for an activities related record type, and the Can Read All Records check box is deselected for the Activity record type in the current user's role, then the set of related activities that is shown includes only the activities that the user owns, activities that the user delegated to another user, and activities that are owned by a group that includes the user. Activities that the current user can access only through books, activities that the current user can access only because the user is a delegate for another user, and activities that the current user can access only through the reporting hierarchy are not included in the set of related activities.

Related Topics

See the following topics for related information:


Published 5/4/2012 Copyright © 2005, 2012, Oracle. All rights reserved. Legal Notices.