Bookshelf v7.5: Implementing Basic Access Control

Security Guide for Siebel eBusiness Applications > Access Control >

Implementing Basic Access Control

The particular data exposed in a view and whether a view is exposed at all are determined by settings made for related components.

You configure most of these settings in Siebel Tools. This section specifies where to find these settings within Siebel Tools, but in most cases does not provide procedures to implement them. Changing any settings in Siebel Tools requires recompiling the Siebel repository file.

For more information about required practices when using Siebel Tools, see Siebel Tools Reference.

The following components determine what views a user sees:

Application. Each Siebel application includes a licensed set of views. When a user is in an application, the user has no access to views that are not included in the application.

Responsibilities. Every user has one or more responsibilities, which define the collection of views to which the user has access. If a particular view is not in a user's responsibilities, then the user does not see that view. A wide-ranging view such as All Opportunities Across Organizations is not typically included in the responsibility for an employee such as a district sales rep.

The following components determine the data within a view to which a user has access.

Business component view mode. A view can have several applets—lists, forms, or trees. Each applet is based on a business component. The business component's view mode determines the allowable parties on which access control can be based for that business component. The business component's view modes also determine how the association with the party will be determined, for example "owned by" or "created by."

Applet visibility properties. A view can specify one of its applets as the visibility applet. The visibility applet connects the business component to the view. The visibility applet specifies which business component to use and the display names for the business component's fields.

View visibility properties. A view's visibility properties determines the access control mechanism that is applied to the business component on which the view is based. For example, the business component may have personal or position-based access control available. The view specifies which of these to use, and in which form to use it.

In short, the application and a user's responsibility restrict the views presented to the user. Within a view, view visibility properties determine the applet that drives visibility in the view and specifies the access control mechanism to apply to the business component. The view's visibility applet specifies the business component used in the view. The business component specifies how a user can be associated with data to provide access.