| Bookshelf Home | Contents | Index | Search | PDF | |
Security Guide for Siebel eBusiness Applications > Authentication Details > Authentication Options >
Roles
Roles are an alternate means of associating Siebel responsibilities with users. This option can be implemented in the following authentication strategies:
- Siebel security adapter authentication
- Web SSO
Responsibilities assigned to each user in Siebel eBusiness Applications provide the user access to views the appropriate view in Siebel applications. Responsibilities are created in the database. One or more responsibilities are typically associated with each user through the user's Responsibility field in the Siebel user interface.
Roles in the directory are another means of associating Siebel responsibilities with users. Roles are useful for managing large collections of responsibilities. A user has access to all the views contained in all the responsibilities associated with the user's record in the database, and in all the responsibilities listed in the attribute used for roles in the directory.
CAUTION: It is recommended that you assign responsibilities in the database or in the directory, but not in both places. If you define a directory attribute for roles, but you do not use it to associate responsibilities with users, leave the attribute empty.
If you use roles to administer user responsibilities, follow these guidelines:
- Do not assign users any responsibilities through a Siebel application interface.
- To allow assigning more than one responsibility to any user, you must define a directory attribute for roles that is multi-value. Siebel-supported security adapters cannot read more than one responsibility from a single-value attribute.
- The attribute for roles should contain the names of the Siebel responsibilities that you want the user to have. Enter one responsibility name, such as Web Registered User, in each element of the multi-value field. Role names are case-sensitive.
You can configure Siebel-supported security adapters to retrieve roles for a user from the directory. For each Siebel application that uses roles, set the following parameter value in the application's configuration file. For example, edit the eservice.cfg file for Siebel eService.
- In the [adapter_name] section, for example [LDAP], set
RolesAttributeType= attribute_in_which_roles_are_stored
For information about setting Siebel application configuration file parameters, see Siebel Application Configuration File Parameters.
Roles are discussed in a usage context in Requirements for Directory.
NOTE: Do not confuse roles defined by an LDAP or ADS directory with roles defined in the Siebel application interface. Roles in LDAP or ADS directories are collections of responsibilities that strictly enforce access to views and data records within Siebel applications. Roles defined in the application interface allow application administrators to increase the usability and deployability of the application by tailoring the product to groups of users. For more information about roles defined in an application interface, see Creating and Administering Roles.
| Bookshelf Home | Contents | Index | Search | PDF | |
Security Guide for Siebel eBusiness Applications Published: 23 June 2003 |