Print      Open PDF Version of Online Help


Previous Topic

Next Topic

Example 3: Securing Data Through Books

This topic provides one example of how Oracle CRM On Demand calculates the access rights of users.

In this example, a company uses custom books to organize its data by territory. Two books are used in this example: South West and East.

The South West book has three members:

  • Amanda Jacobsen
  • David Bloom
  • Carlos Guzman

All users in the South West book have the Read-Only access profile on their book role.

The East book has three members:

  • Rick Rogers
  • Raj Kumar
  • Jonathan Hope

All users in the East book have the Read-Only access profile on their book membership record.

When any of the users creates an account or opportunity record, an automated (workflow) process assigns the appropriate book to the record. It assigns the book based on the territory attribute of the record.

All of the users have the Sales Rep role. They can create new accounts and opportunities. They can see all account and opportunity records in their territory, but not in other territories.

The following table shows the record-type settings on the Sales Rep role.

Primary Record Type

Has Access

Can Create

Can Read All Records

Account

Yes

Yes

No

Opportunity

Yes

Yes

No

All of the users have full control over the accounts and opportunities that they create, but they have restricted rights on records that they do not own. The Sales Rep role requires two access profiles: an owner access profile and a default access profile.

The following table shows the settings for the Sales Rep Owner Access Profile.

Primary Record Type

Access Level

Related Record Type

Access Level

Account

 

Read/Edit/Delete

 

Opportunities

Inherit Primary

Books

Read-Only

Opportunity

Read/Edit/Delete

Books

Read-Only

The following table shows the settings for the Sales Rep Default Access Profile.

Primary Record Type

Access Level

Related Record Type

Access Level

Account

 

Read-Only

 

Opportunities

Inherit Primary

Books

Read-Only

Opportunity

Read-Only

Books

Read-Only

NOTE: For all primary record types that support books, the relationship with the Books related record type is a one-to-child relationship.

In this example, it is assumed that the Enable Parent Team Inheritance check box is deselected on the company profile. For more information about the Enable Parent Team Inheritance check box, see About Access Propagation Through Team Inheritance.

When Amanda Jacobsen views the list of the accounts in her company, she can see the accounts in the South West book and the accounts she owns. She cannot see any other accounts.

The following table shows the records Amanda sees when she clicks the Account 1 account name to drill down on the record. For this example, only the relevant fields and columns are shown.

Account Detail: Account 1

Account Detail

Account Name:

Account 1

Owner:

Jonathan Hope

Opportunities

Opportunity Name

Owner

Opportunity X

Amanda Jacobsen

Opportunity Y

David Bloom

Account Team

Last Name

First Name

Account Access

Hope

Jonathan

Owner

Amanda can see two opportunities because those opportunities are in the South West book, where she is a member. All other members of the South West book can see those opportunities.

Jonathan Hope is a member of the East book. When Jonathan signs in to Oracle CRM On Demand, he can also see Account 1, because he owns the account. However, he cannot see any opportunities that are related to Account 1, but which he does not own. The Inherit Primary access level on the Opportunities related record type on accounts provides this security.

Rick Rogers and Raj Kumar, who are members of the East book, cannot see the Account 1, Opportunity X, or Opportunity Y records. They cannot see the account because it is not in the East book, and their role prevents them from seeing account records that they do not own. Similarly, they cannot see Opportunity X or Opportunity Y because these opportunities are not in the East book, and their role prevents them from seeing opportunities they do not own.

Amanda cannot modify the Opportunity Y, which is owned by David Bloom. This is because of the following:

  • Amanda does not own the account, therefore her owner access profile is not used.
  • Amanda’s role prevents her from accessing opportunity records that she does not own, therefore her default access profile is not used.
  • The only access profile that is active at this point is the Read-Only access profile that Amanda has through her membership of the South West book.

Therefore, Amanda’s access level to Opportunity Y is Read-Only.

Related Topics

See the following topics for additional examples:


Published 5/4/2012 Copyright © 2005, 2012, Oracle. All rights reserved. Legal Notices.