This chapter identifies new security terminology relevant to PeopleSoft Partner Relationship Management (PRM), provides an overview of PRM security, and discusses how to:
Understand transaction security as applied to PRM.
Understand and set up PeopleSoft CRM application security for PRM.
A primary business activity such as campaigns, cases, leads, opportunities, orders, and service orders. |
|
A transaction search page with a common interface that is shared across all CRM transactions. A system administrator can configure the relevant search fields for each transaction. Configurable Searches can use dataset definitions for achieving row-level security in the search results. |
|
A unique code that defines a specific action or privilege that can be performed within a transaction or component. For example, a single functional option could control whether a partner can add a customer address. |
|
A grouping of function options. A partner can maintain orders, can add customers, and view customer addresses. |
|
A dynamically or statically defined group of people—for example partner contacts—whose functional and data access needs to be secured. |
|
A dynamically or statically defined group of objects—for example, customers, accounts—that are being secured for viewing by the Membership List. For example, all Fortune 500 companies in the North America |
|
A logical security container that groups the view lists and functional privileges that can be granted to a membership list. A security profile is given to one or multiple membership lists. An example would be all partners in the gold program (membership list) have access to Fortune 500 companies (view list) with the ability to maintain orders and add customer addresses (functional options). |
One of the foundational components of the PeopleSoft Partner Relationship Management (PRM) Solution is security. Security is a combination of transaction (or PeopleTools) security, application security, and distributed security (for partner users). Transaction security includes the menu navigation and component access achieved through a combination of the existing PeopleSoft portal navigation security, PeopleTools component security, and dataset security frameworks. PeopleTools security provides a mechanism to control PIA menu navigation access through Portal Security, Permission Lists and user roles. Application security includes securing data, prompts, and functions within a transaction. Dataset security controls row-level access to transactions, and is achieved by associating the definition of a dataset to the Configurable Search definition for a transaction that has multiple dataset rules. Dataset rules will be assigned to PeopleTools Roles.
PeopleSoft Partner Relationship Management provides for the most stringent requirements for securing partner access to transactions and customer data. You need to define role-based and characteristics-based security. This includes the transactions that can be accessed, the transaction rows that should be accessible, the customers that can be seen by the partner, and what the partner can do within the general transaction or transaction row. PeopleSoft PRM also requires that user management and security administration of partner users be delegated to partner organizations to manage with minimal intervention from the enterprise organization. Administering partner security is seamless, and easy to implement. An enterprise administrator can set up the partner system and delegate administration responsibility to partner administrators. The partner administrator should then be able to create subsequent partner users and manage security for those users in a distributed manner.
This diagram illustrates the building blocks of Partner Relationship Management security:
Security Building Blocks
This section provides an overview of transaction security in PRM, and identifies:
Partner roles and permissions.
Sample user IDs for PRM.
PRM dataset security in PeopleSoft Partner Commerce, Partner Sales, and Marketing.
Transaction Security (PeopleTools Security) includes PeopleTools Security, Portal Registry, and Dataset Security. This can be implemented with existing PeopleTools functionality.
PeopleTools Security: Set up permission lists, roles, and sample users.
Portal Registry: Define folders and content references; set up security for the folders and content references.
Dataset Security: Define data distribution rules, assign data distribution rules to PeopleTools roles, and attach the dataset to a Configurable Search definition.
This table provides guidelines for defining the roles and permissions to achieve PRM role-based navigation access to PeopleSoft transactions. Although these roles are delivered, you can add or modify, new or existing roles and permissions to fit your business requirements.
Role |
Permissions |
Enterprise Channel Manager |
Responsible for managing the day-to-day transactional sales relationship between the enterprise and the Channel Partner:
|
Partner Administrator |
Responsible for performing any administrative tasks that the enterprise has enabled for the partner:
|
Partner Sales Manager |
Responsible for a team of sales representatives:
|
Partner Marketing Analyst |
Responsible for marketing programs:
|
Partner Marketing Manager |
Responsible for marketing programs and views overall campaign status and progress. |
This table lists the predefined user IDs, passwords, and associated roles for users implementing PeopleSoft Partner Relationship Management:
User ID |
Password |
Roles |
ECM |
ECM |
Enterprise Channel Manager |
PADMIN |
PADMIN |
Partner Administration |
PMGR |
PMGR |
Partner Sales Manager |
PREP |
PREP |
Partner Representative |
PMKTA |
PMKTA |
Partner Marketing Analyst |
PMKTM |
PMKTM |
Partner Marketing Manager |
We deliver dataset security that will be used for the PRM solution. Please reference the table below for the dataset security that is enabled and which PRM product enables that security.
Partner Commerce Dataset Rules
Dataset Rule |
Partner Administration |
Partner Sales Manager |
Partner Representative |
Partner Marketing Analyst |
Partner Marketing Manager |
Orders as Partner Contact |
No |
Yes |
Yes |
No |
No |
Orders as Partner Manager |
No |
Yes |
No |
No |
No |
Dataset Rule |
Partner Administration |
Partner Sales Manager |
Partner Representative |
Partner Marketing Analyst |
Partner Marketing Manager |
Leads as Partner Owner |
Yes |
Yes |
Yes |
No |
No |
Leads as Partner Manager |
Yes |
Yes |
No |
No |
No |
Leads as Partner Team Member |
No |
Yes |
Yes |
No |
No |
All Organization Groups |
No |
No |
No |
No |
No |
Organization Groups as Owner |
Yes |
No |
No |
No |
No |
Organization Groups as Manager |
Yes |
No |
No |
No |
No |
Partner Marketing Dataset Rules
Dataset Rule |
Partner Administration |
Partner Sales Manager |
Partner Representative |
Partner Marketing Analyst |
Partner Marketing Manager |
All Audiences as Owner |
No |
No |
No |
Yes |
Yes |
All Audiences as Team Member |
No |
No |
No |
Yes |
Yes |
Published Audiences |
No |
No |
No |
Yes |
Yes |
Programs as Team Member |
No |
No |
No |
Yes |
Yes |
Partner for Financial Accounts Dataset Rules
Dataset Rule |
Partner Administration |
Partner Sales Manager |
Partner Representative |
Partner Marketing Analyst |
Partner Marketing Manager |
Accounts as Partner |
Yes |
No |
Yes |
No |
No |
Accounts as Owner |
Yes |
No |
Yes |
No |
No |
This section provides an overview of CRM application security as applied to PRM, and discusses how to:
Define partner security objects.
Add partner membership and view lists.
Define functional options and functional option groups.
Add partner security profiles.
Set up other security options.
The application security framework (CRM Application Security) is a characteristic-based security framework that allows PeopleSoft customers to secure data and functions within a transaction. A group of partners—for example, European partners—are given access to a group of customers and this group of partners can add customers, generate quotes, submit orders, etc. Application security involves setting up and defining membership lists, view lists, and functional options. Together these three constructs constitute a PRM security profile.
Define the characteristics of one or a group of users—for example, partner users—to whom system and data access and functional options are being granted.
Users in a security membership list definition are recipients of a security profile. Membership lists can be either dynamic or static.
A dynamic membership list is a set of characteristics that result in a constantly updated list of members for a membership list object. Even if the domain type is dynamic, you can still edit the membership criteria using the appropriate configurable search definition.
A static membership list contains a specific list of members that you may associate with any security profile available in the system. So if you wish to specify the partners who will be part of a membership list you would use a static list, but if you want the list to continually update its list of partners, old and new, depending on defined criteria, you would use a dynamic selection.
Define characteristics of the viewing object—for example, partner customers, accounts—that are being secured from the Membership List.
Determine what a user can do within an application. For example, you can create functional options that enable users to submit orders or add new customers.
To group view lists and functional options, you define a security profile. The security profile is then granted or associated to one or multiple membership lists. A functional option group is a grouping of functional options, which you can associate with a security profile.
The following example illustrates how security can be set up for partners:
Application Security Data Model
Create a dynamic membership list that contains All Platinum Reseller type partners in the state of California.
Run the list builder process to insert the list results into a list table.
Create a dynamic list of All Consumers in the state of California.
Run the list builder process to insert the list results into a list table.
Create a security profile that has the membership list from step 1 and view list from step 2.
Log in and enter an order as:
A partner using the Platinum Reseller group.
An agent, entering an order on behalf of a partner using the Platinum Reseller group.
Note. In both cases, the view list (all consumers in state of California) will be restricted based on the fact that the order contains the partner who is a member of the Platinum Reseller membership list.
See Also
Setting Up Security and User Preferences
Page Name |
Object Name |
Navigation |
Usage |
Security Object |
RSEC_OBJECT_DEFN |
Set Up CRM, Security, CRM Application Security, Security Object, Security Object |
View or edit the Partner security object. |
Add Membership List |
RSEC_MEMBER_SMRY |
Set Up CRM, Security, CRM Application Security, Add Membership List, Add Membership List |
Add a partner membership list. You can activate or deactivate the membership list. The membership list you create here will be associated to a security profile. |
Add Membership List |
RSEC_SRTY_WIZ1 |
Click the Nextbutton on the first Add Membership List page. |
Select the partner membership object and the partner members to which you want the security object to apply. |
Add Membership List |
RSEC_SRTY_WIZ2 |
Click the Nextbutton on the second Add Membership List page. |
Select a partner Membership Type of either dynamic or static. |
Add Membership List (Dynamic) |
RSEC_PARTNER_SRCH |
Select the Dynamic radio button and click the Next button on the third Add Membership List page. |
Choose the dynamic criteria that you want to use to select partners. |
Add Membership List (Static) |
RSEC_ML_PARTNER |
Select the Static radio button and click the Next button on the third Add Membership List page. |
Select the specific partners you want to add to the membership list. |
Add View List |
RSEC_VIEW_SMRY |
Set Up CRM, Security, CRM Application Security, Add View List, Add View List |
Enter the view list name and description. You can activate or deactivate the view list here. |
Add View List |
RSEC_SRTY_WIZ1 |
Click the Next button on the first Add View List page. |
Select the Security Object type and the members to which you want the security object to apply. |
Add View List |
RSEC_SRTY_WIZ2 |
Click theNext button on the second Add View List page. |
Select either a Dynamic or Static view type. |
Add View List (Dynamic) |
RSEC_CUSTOMER_SRCH |
Select the Dynamic radio button and click Next at the bottom of the third Add View List page. |
Choose the dynamic criteria that you want to use to select customers, or view list objects. |
Add View List (Static) |
RSEC_VL_CUSTOMER |
Select the Static radio button and click Next at the bottom of the third Add View List page. |
Choose the specific customers (or other view list objects) that you want to use. |
Functional Option |
RSEC_FUNC_DEFN |
Set Up CRM, Security, CRM Application Security, Functional Option, Functional Option |
Define functional options, including enabling amount-related fields, conditional operators, application classes, and messages. |
Functional Option Group |
RSEC_FUNC_GROUP |
Set Up CRM, Security, CRM Application Security, Functional Option Group, Functional Option Group |
Group functional options. |
Security Profile |
RSEC_PROFILE |
Set Up CRM, Security, CRM Application Security, Add Security Profile, Security Profile |
Define a partner security profile. |
Security Profile - Membership |
RSEC_PROFILEMEMBER |
Set Up CRM, Security, CRM Application Security, Add Security Profile, Membership |
Add partner membership lists to the partner security profile |
Refresh Dynamic Lists |
RSEC_BUILDER_RUN |
|
Set run controls for the List Build process. |
Static Menu Transfer |
RSEC_STAT_MENU |
Set Up CRM, Security, CRM Application Security, Static Menu Transfer Path, Static Menu Transfer |
Enter static menu transfer paths. |
Access the Security Object page.
PeopleSoft PRM is delivered with several security objects. For example, Partner is a member security object and Customer is a view security object.
Note. Any new security objects created or any changes to the out of the box delivered security object definitions may require some customization to get the intended functionality working.
See Also
Access the Add Membership List page.
See Also
Adding Membership List Names and Descriptions
Adding View List Names and Descriptions
To define functional options and functional option groups, access the Functional Option and Functional Option Group pages.
The functional options that can be used with PRM are:
Description |
Application/Function |
|
CORE_RSF_FCAST_ROLLUP |
Forecast will begin in rollup; otherwise it begins in summary. |
Sales |
CORE_RSF_FCAST_SIMPLE |
Forecast simple reduces options presented to the forecast user. |
Sales |
CORE_RSF_ADVANCED |
Controls basic versus advanced mode for lead and opportunity components. |
Sales |
CORE_RSF_AUTO_ASSIGN_OFF |
Controls the ability to automatically assign a lead or opportunity at save in add mode. |
Sales |
CORE_RSF_DEFAULT_OWNER |
When lead or opportunity is in add mode at save time, the current user is assigned as the primary sales representative by default. If revoked, then leave lead or opportunity unassigned. |
Sales |
CORE_RSF_SEARCH_PRODUCT_GROUP |
Allows the end user to search for product group on leads and opportunities. |
Sales |
CORE_RSF_SHOW_SITE |
Controls the ability to add a site to a lead or opportunity. |
Sales |
CORE_RSF_SUMMARY |
Control the display of the summary page in lead and opportunity. |
Sales |
RO_MAX_DISCOUNT_PERCENT |
Maximum discount percent. |
Order Capture |
RO_MAX_ORDER_TOTAL |
Maximum order total reached. |
Order Capture |
RO_MAX_SURCHARGE_PERCENT |
Maximum surcharge percent. |
Order Capture |
RO_MIN_MARGIN_PERCENT |
Maximum profit margin percent. |
Order Capture |
SEARCH_ALL_PRODUCTS |
When searching for products in Order Capture, this functional option give the user the ability to search for any products that are defined in the system instead of limiting them to the products that are defined in a catalog. |
Order Capture |
MKTHIDE |
Hides marketing fields. |
Marketing |
MKTDISP |
Makes marketing fields display-only. |
Marketing |
See Also
Defining Functional Option Groups
To define partner security profiles, access the Security Profile page and the Security Profile - Membership page.
See Also
Adding Functional Option Groups and View Lists to the Security Profile
Adding Membership Lists to the Security Profile
You can set up run controls for the List Build process. This allows you to refresh the dynamic membership lists and view lists, all security objects, and profiles that you have created to implement security for PRM. If the content of the lists, objects, and profiles changes frequently, you can set up this process to run daily, every few minutes, or every few hours.
You can also create static menu transfer paths for entering or viewing static list data that is either dynamically created or entered manually. Irrespective of how a membership or view list is created, the results of the list or the list members are stored in a list table. In order to see the list members, a page and a component are created and attached to a menu. The static menu transfer path shows the location of the transfer component.
See Also
Setting Run Controls for the List Build Process
Entering Static Menu Transfer Paths