Bookshelf v7.5: Access Control for Data

Security Guide for Siebel eBusiness Applications > Access Control > Access Control Overview >

Access Control for Data

The following groupings of data are necessary for purposes of discussing access control:

Master data

Master data includes the following referential data: products, literature, solutions, resolution items, decision issues, auctions, events, training courses, and competitors.

Master data can be organized into catalogs, which are hierarchies of categories. By categorizing master data, access can be controlled at the catalog and category levels through access groups. This is the recommended strategy for controlling access to master data.

Master data can be associated with organizations. By associating master data with organizations, access can be controlled at the data item level. This strategy requires more administration than the access group strategy.

NOTE: Although you can add divisions to access groups, doing so has no effect on visibility. Use organizations instead.

Customer data

Customer data includes contacts and transactional data such as opportunities, orders, quotes, service requests, and accounts.

Access is controlled at the data item level.

Other data

Other data includes referential data that is not master data, such as price lists, cost lists, rate lists, and SmartScripts.

Access is controlled at the data item level.

Data Categorization for Master Data

Master data can be organized into catalogs made up of hierarchical categories. Organizing data this way serves two purposes:

Ease of navigation. Categorized data is easier to navigate and search. For example, it is easy to find products of interest in a product catalog organized by product lines and subgroups of related products.

Access control. Access to catalogs and categories of master data can be granted to collections of users. This is an efficient means to control data access in given business scenarios. For example, you can control partner users' access to your internal literature.

You can categorize master data to represent hierarchical structures, such as product catalogs, geographical categories, service entitlement levels, training subject areas, or channel partners.

A catalog is a single hierarchy of categories, as illustrated in Figure 15.

Figure 15. Catalogs and Categories

The following properties apply to catalogs and categories:

A catalog can be thought of as the name for an entire hierarchy of categories.

Individual data items are contained in categories.

A category can contain one or more types of master data.

A category can be a node in only one catalog.

A data item can exist in one or more categories, in one or more catalogs.

A catalog can be public or private. If it is private, some access control is applied at the catalog level. If it is public, then all users can see this catalog, but not necessarily categories within this catalog, depending on whether the categories are private or public.