Bookshelf v7.8: Access Control and Business Environment Structure

Security Guide for Siebel Business Applications > Configuring Access Control > Planning for Access Control >

Access Control and Business Environment Structure

As part of implementing an access control strategy for your application, you must define your company's structure, outside partner relationships, and so on. You also define the types of data and objects that people will need to access and work with to perform their job functions. How you define the structure of your business environment directly impacts how access control applies to your users.

This section provides some background information about business environment structure. If your enterprise is large and complex, you can accurately reflect its structure as you set up your Siebel Business Applications. You can build multilevel hierarchies of organizations, divisions, and positions. You build a hierarchy by associating positions, for example, with other positions through parent-child relationships.

Defining your business environment structure involves setting up the elements shown in Table 24.

Table 24. Elements of Business Environment Structure
Element	Parent-Child	Description
Divisions	Y	Subunits of your company's (or partner company's) organizations. Used to set default currencies. Can be used in Actuate reports. Not used to control visibility of data.
Organizations	Y	The major parts or entities that make up your company (or your partner companies). Used to control visibility of data. See About Organization Access Control.
Positions	Y	Control the data set (records) to which a user has access. See About Position Access Control.
Responsibilities	N	Control the views to which a user has access.
Employees	N	Individual users in your company and in partner companies who have access to your company's data.

You can set up divisions, organizations, positions, responsibilities, and employees in any order. You can also associate these types of records with one another in a variety of ways. For example, to link a responsibility and an employee, you can associate the employee with the responsibility from the responsibility record, or you can associate the responsibility with the employee from the employee record.

NOTE: Because organizations are based on divisions, it may be best to create your hierarchy of divisions first, and then to determine which of these divisions will be designated as organizations.

CAUTION: Changing your company structure—such as positions and divisions—can cause Siebel Remote components (Transaction Router) to reevaluate access control for all objects related to the objects that have changed. This can result in diminished performance. For more information, see Siebel Remote and Replication Manager Administration Guide.

Benefits of Multiple Organizations

Using organizations provides the following benefits:

It allows your company to partition itself into logical groups, and then display information appropriate to each of those groups.
It provides the ability to limit visibility (access) to data based on the organization to which positions are assigned.
It affects both customer data (accounts, opportunities, service requests, and so on) and master data (price lists, literature, and so on).
It allows you to assign skills to organizations, which allows Assignment Manager to make assignments based on organization.
It allows you to set up multitenancy for call centers. For more information, see Siebel Communications Server Administration Guide.

Deciding Whether to Set Up Multiple Organizations

If your Siebel application is already deployed and you do not need to change your users' visibility (access), your company may not need more organizations. Some circumstances where your company could benefit from multiple organizations are as follows:

Internal business units. If you have a small number of distinct internal business units, you may want to use organizations to support specific versions of a limited number of data entities such as products and price lists.
Complex global enterprise. If you have a full-scale global enterprise that encompasses multiple internal and external businesses, each of which is made up of multiple business units, your company will benefit from implementing organizations. In this circumstance, some data should be available only to some business units, while other information must be shared at the corporate level.
Internal and external units. If your company shares data with external partner companies, you can set up each of these companies as an organization. You may make fewer views available to these external organizations than to your internal organizations. You may also configure the employee drop-down list so that it shows only employees who belong to the user's organization.
Different rules for business units. If you would like to make different Siebel Assignment Manager or Siebel Workflow rules apply to different parts of your company, then your company will benefit from implementing organizations. For example, a company might want some Assignment Manager rules to apply to a telesales organization and other rules to apply to customers of its Web site.
Web-enabled enterprise. If you have customers that log in through a Web site, you can set up a customer organization to control their access to views and data. If you have channel partners who log in through a Web site, you set up channel partner organizations to control their access.
For more information on using organizations with Siebel customer and partner applications, see Siebel Partner Relationship Management Administration Guide.

Security Guide for Siebel Business Applications