Example 3: Securing Data Through Books
This topic provides one example of how Oracle CRM On Demand calculates the access rights of users.
In this example, a company uses custom books to organize its data by territory. Two books are used in this example: South West and East.
The South West book has three members:
All users in the South West book have the Read-Only access profile on their book role.
The East book has three members:
All users in the East book have the Read-Only access profile on their book membership record.
When any of the users creates an account or opportunity record, an automated (workflow) process assigns the appropriate book to the record. It assigns the book based on the territory attribute of the record.
All of the users have the Sales Rep role. They can create new accounts and opportunities. They can see all account and opportunity records in their territory, but not in other territories.
The following table shows the record-type settings on the Sales Rep role.
All of the users have full control over the accounts and opportunities that they create, but they have restricted rights on records that they do not own. The Sales Rep role requires two access profiles: an owner access profile and a default access profile.
The following table shows the settings for the Sales Rep Owner Access Profile.
The following table shows the settings for the Sales Rep Default Access Profile.
NOTE: For all primary record types that support books, the relationship with the Books related record type is a one-to-child relationship.
In this example, it is assumed that the Enable Parent Team Inheritance check box is deselected on the company profile. For more information about the Enable Parent Team Inheritance check box, see About Access Propagation Through Team Inheritance.
When Amanda Jacobsen views the list of the accounts in her company, she can see the accounts in the South West book and the accounts she owns. She cannot see any other accounts.
The following table shows the records Amanda sees when she clicks the Account 1 account name to drill down on the record. For this example, only the relevant fields and columns are shown.
Amanda can see two opportunities because those opportunities are in the South West book, where she is a member. All other members of the South West book can see those opportunities.
Jonathan Hope is a member of the East book. When Jonathan signs in to Oracle CRM On Demand, he can also see Account 1, because he owns the account. However, he cannot see any opportunities that are related to Account 1, but which he does not own. The Inherit Primary access level on the Opportunities related record type on accounts provides this security.
Rick Rogers and Raj Kumar, who are members of the East book, cannot see the Account 1, Opportunity X, or Opportunity Y records. They cannot see the account because it is not in the East book, and their role prevents them from seeing account records that they do not own. Similarly, they cannot see Opportunity X or Opportunity Y because these opportunities are not in the East book, and their role prevents them from seeing opportunities they do not own.
Amanda cannot modify the Opportunity Y, which is owned by David Bloom. This is because of the following:
Therefore, Amanda’s access level to Opportunity Y is Read-Only.
See the following topics for additional examples:
|Published 5/4/2012||Copyright © 2005, 2012, Oracle. All rights reserved. Legal Notices.|