Bookshelf Home | Contents | Index | PDF |
Security Guide for Siebel eBusiness Applications > Configuring Access Control > Implementing Access Control > Responsibilities and Access ControlA responsibility corresponds to a set of views. Each user must be assigned at least one responsibility. When you assign responsibilities to a user, the user has access to all the views contained in all of the responsibilities assigned to the user that are also included in the user's current application. If a view in an application is not included in a user's responsibilities, the user will not see the view or a listing of the view in the Site Map, in the link bar, or in any other picklist. If the user does not have access to any of the views in a screen, then that screen's listing in the Site Map and its screen tab are not displayed. For example, the responsibility assigned to an administrator might include the views in the Administration - Application screen. The administrator sees this screen listed in the Site Map and can navigate to the views it includes. A customer care agent typically does not have administrative views in a responsibility, so the agent would not see this screen or its views listed in any context. Each user's primary responsibility also controls the default screen or view tab layout for the user. For more information, see Managing Tab Layouts Through Responsibilities. A user can have one or more responsibilities. The user has access to all the views in the union of all the responsibilities assigned. For example, you could assign a sales manager both the Sales Manager responsibility and the Field Sales Representative responsibility. NOTE: Modifying visibility or responsibility settings for an application may in some cases require that the associated Application Object Manager (AOM) be restarted in order for these new settings to take effect for users of the Siebel Web Client. If you have only modified responsibilities, then you can clear cached responsibilities instead, without restarting the AOM. For more information, see Clearing Cached Responsibilities. Associating a Responsibility with OrganizationsYou can associate a responsibility with one or more organizations. NOTE: Responsibilities should be associated with organizations only when you are implementing delegated administration of users, such as for Siebel Partner Portal (for Siebel PRM). A partner user can see responsibilities that are associated with the organization with which the user is associated for the session. A partner user is associated with the organization with which his or her primary position is associated. A user can be assigned responsibilities across organizations for the purpose of providing the user access to views. However, the user can only see the responsibilities that are associated with the user's active organization. For example, you could decide that delegated administrator responsibility should only be assigned to users by internal administrators, and not by other delegated administrators. A user can then have a delegated administrator responsibility, but would not be able to see it in a list of responsibilities. Therefore, the delegated administrator could not assign it to other users. You can accomplish this scenario by associating the delegated administrator responsibility with an organization other than that with which the delegated administrator is associated. NOTE: You should associate each responsibility with at least one organization if you include views that use either position or organization access control in the responsibility. Local Access for Views and ResponsibilitiesEach view and each responsibility has a Local Access flag. Together, these settings determine whether views can be accessed by Siebel Mobile Web Client users with particular responsibilities. The setting of the Local Access flag does not affect access to a view for users using either the Siebel Web Client or Siebel Dedicated Web Client. When Local Access is set to The Local Access flag appears in the following locations:
Figure 11 shows the Local Access field specified for views associated with a responsibility (seen here in the Responsibilities view). The Local Access field is a mechanism for controlling which views mobile users can work in, when using the Siebel Mobile Web Client. In addition to enabling or disabling local access to views based on responsibility, administrators can provide different sets of views for access by different mobile users. For more information, see Siebel Remote and Replication Manager Administration Guide. CAUTION: You should disable access to views applying All access control by setting the Local Access field to Assigning a Responsibility to a PersonYou can add a responsibility to a Person, User, Employee, or Partner record. The following procedure describes how to add a responsibility to a Person record. You can assign a responsibility in the Users list or Employees list in the Administration - User screen. If the individual does not have a current responsibility, this procedure upgrades the Person to a User. If the individual already has at least one responsibility, then the individual is already a User, an Employee, or a Partner. As such, the individual's record appears in the Persons list also, so this procedure works for any scenario. To assign a responsibility to a Person
If you want to assign the same responsibility to multiple users, you can alternatively add the users to the responsibility through the Administration - Application screen. |
Security Guide for Siebel eBusiness Applications |