Security Guide for Siebel eBusiness Applications > Configuring Access Control > Implementing Access Control >

Responsibilities and Access Control

A responsibility corresponds to a set of views. Each user must be assigned at least one responsibility. When you assign responsibilities to a user, the user has access to all the views contained in all of the responsibilities assigned to the user that are also included in the user's current application.

If a view in an application is not included in a user's responsibilities, the user will not see the view or a listing of the view in the Site Map, in the link bar, or in any other picklist. If the user does not have access to any of the views in a screen, then that screen's listing in the Site Map and its screen tab are not displayed.

For example, the responsibility assigned to an administrator might include the views in the Administration - Application screen. The administrator sees this screen listed in the Site Map and can navigate to the views it includes. A customer care agent typically does not have administrative views in a responsibility, so the agent would not see this screen or its views listed in any context.

Each user's primary responsibility also controls the default screen or view tab layout for the user. For more information, see Managing Tab Layouts Through Responsibilities.

A user can have one or more responsibilities. The user has access to all the views in the union of all the responsibilities assigned. For example, you could assign a sales manager both the Sales Manager responsibility and the Field Sales Representative responsibility.

NOTE:  Modifying visibility or responsibility settings for an application may in some cases require that the associated Application Object Manager (AOM) be restarted in order for these new settings to take effect for users of the Siebel Web Client. If you have only modified responsibilities, then you can clear cached responsibilities instead, without restarting the AOM. For more information, see Clearing Cached Responsibilities.

Associating a Responsibility with Organizations

You can associate a responsibility with one or more organizations.

NOTE:  Responsibilities should be associated with organizations only when you are implementing delegated administration of users, such as for Siebel Partner Portal (for Siebel PRM).

A partner user can see responsibilities that are associated with the organization with which the user is associated for the session. A partner user is associated with the organization with which his or her primary position is associated.

A user can be assigned responsibilities across organizations for the purpose of providing the user access to views. However, the user can only see the responsibilities that are associated with the user's active organization.

For example, you could decide that delegated administrator responsibility should only be assigned to users by internal administrators, and not by other delegated administrators. A user can then have a delegated administrator responsibility, but would not be able to see it in a list of responsibilities. Therefore, the delegated administrator could not assign it to other users. You can accomplish this scenario by associating the delegated administrator responsibility with an organization other than that with which the delegated administrator is associated.

NOTE:  You should associate each responsibility with at least one organization if you include views that use either position or organization access control in the responsibility.

Local Access for Views and Responsibilities

Each view and each responsibility has a Local Access flag. Together, these settings determine whether views can be accessed by Siebel Mobile Web Client users with particular responsibilities.

The setting of the Local Access flag does not affect access to a view for users using either the Siebel Web Client or Siebel Dedicated Web Client.

When Local Access is set to TRUE (checked), all users with the view in one of their responsibilities can access the view when using the Siebel Mobile Web Client (connected to the local database). When Local Access is set to FALSE (unchecked), users cannot access the view when using the Mobile Web Client.

The Local Access flag appears in the following locations:

• Default Local Access flag in Views list under Navigate > Site Map > Administration - Application > Views. This setting defines a default setting to be inherited for the view, unless the setting is overridden in another context.
• Local Access flag in Views list under Navigate > Site Map > Administration - Application > Responsibilities. This setting displays or overrides the default setting applicable to a view record that is a child to the current responsibility. The setting affects a view only as it is made available to users through association with a specific responsibility record.
• Local Access flag in Responsibilities list under Navigate > Site Map > Administration - Application > Views. This setting is displays or overrides the default setting applicable to the view record that is the parent to the current responsibility. The setting affects a view only as it is made available through association with a specific responsibility record.

Figure 11 shows the Local Access field specified for views associated with a responsibility (seen here in the Responsibilities view).

Figure 11.  Responsibilities View

The Local Access field is a mechanism for controlling which views mobile users can work in, when using the Siebel Mobile Web Client. In addition to enabling or disabling local access to views based on responsibility, administrators can provide different sets of views for access by different mobile users. For more information, see Siebel Remote and Replication Manager Administration Guide.

CAUTION:  You should disable access to views applying All access control by setting the Local Access field to FALSE. A view with All access control will have unpredictable and possibly undesirable results for a mobile user. For information about All access control, see About All Access Control.

Assigning a Responsibility to a Person

You can add a responsibility to a Person, User, Employee, or Partner record. The following procedure describes how to add a responsibility to a Person record. You can assign a responsibility in the Users list or Employees list in the Administration - User screen.

If the individual does not have a current responsibility, this procedure upgrades the Person to a User. If the individual already has at least one responsibility, then the individual is already a User, an Employee, or a Partner. As such, the individual's record appears in the Persons list also, so this procedure works for any scenario.

To assign a responsibility to a Person

1. Log into a Siebel employee application as an administrator.
2. From the application-level menu, choose Navigate > Site Map > Administration - User > Persons.

   The Persons list appears.

3. Select a Person record.
4. In the form, click the select button on the Responsibility field.

   A list of the responsibilities assigned to this Person appears.

5. In the Responsibilities list, click New.

   A list of responsibilities available for assigning appears.

6. Select one or more responsibilities, and then click OK.

   The selected responsibilities appear in the list of responsibilities for this Person.

7. Click OK.
8. Save the record.

If you want to assign the same responsibility to multiple users, you can alternatively add the users to the responsibility through the Administration - Application screen.