Setting Up Distributed Security for Partner Users

This chapter provides overviews of distributed security for partners and the distributed security process flow and discusses how to:

Set up distributed security for partner users.
Manage partner user groups in self-service.

Understanding Distributed Security for Partners

Distributed security or delegated administration provides the ability to delegate administrative responsibility to multiple administrators and managers in an organization in a secured fashion. Distributed security for partners enables partner administrators to set up team members for the user groups they manage and also define subordinate user groups. Given the potentially large numbers of partners that an enterprise can do business with, it is critical for a partner to be able to manage application access and permissions for their own employees.

Centralized administration in a partner-intensive environment is extremely complex to manage and often doesn’t scale in practice. By allowing partners to self-register, set up users, maintain their own profiles, and create and manage their own organizational groups, PeopleSoft’s PRM solution addresses the need to simplify and decentralize partner management.

For distributed security and partner self-service requirements, the enterprise channel operations manager determines what roles and access privileges a partner administrator is allowed to assign when he creates additional accounts for partner employees. Ideally, a partner administrator should be able to customize the access privileges and further restrict what a partner user has access to, as long as any new access combination still remains within the confines of what the enterprise channel manager delegated in the first place.

The following example shows delegated security where the Enterprise Administrator or Channel Manager sets up user groups in the organization hierarchy for each partner company; for example, ABC Warehouse, B&Y Inc, and Classic Warehouse:

Example of organization hierarchy

Understanding the Distributed Security Process Flow

The following diagram illustrates a distributed security process flow. Your enterprise may define a different process flow to suit your unique business needs.

Distributed security process flow for the enterprise channel manager

As the first step in the distributed security process, the partner company applies and provides information about the company and a single point of contact, such as a partner administrator. The enterprise administrator sets up user groups in the organization hierarchy for each partner company. Once the enterprise completes the task of setting up partner user groups, an email notification is sent to the partner administrator. The enterprise grants the designated partner administrator access to the system.

This diagram illustrates a distributed security process flow for a partner administrator:

Distributed security process flow for the partner administrator

The partner administrator can now define teams and maintain the hierarchy for their organization. For example, the partner administrator for ABC Warehouse has the ability to set up multiple team members in the ABC Warehouse user group. This feature enables the partner administrator to add subordinate groups to the ABC Warehouse user group. The Territory tree is used to model the partner organization hierarchy.

The partner administrator can create partner employees in the system by defining User IDs and default passwords and automatically emailing this information to the respective users.

Distributed security also provides the partner administrator with maintenance functionality. The partner administrator can:

Add subordinate user groups.
Transfer partner users from one user group to another.
Activate and deactivate partner users.
Reset passwords.

Setting Up Distributed Security for Partner Users

This section discusses how to:

Create a partner organization structure.
Add partner users.
Add partner user groups and child territories to the territory tree.

Pages Used to Set Up Distributed Security for Partner Users

Page Name	Object Name	Navigation	Usage
Partner Company	RD_PTNR_ORG	Partners CRM, Search Partner Company, Partner Company, Summary, Organization	Create a partner organization structure.
Manage Partner Users	RD_PTNR_USER_SRCH	Partners CRM, Manage Partner Users, Manage Partner Users	Add partner users.
Tree Manager	PSTREEMGR	Tree Manager, Tree Manager	Add partner user groups to the territory tree.

Creating a Partner Organization Structure

Access the Partner Company - Organization page.

Organization Tree

Select the organization tree that the partner organization will belong to.

Note. The tree prompt is restricted to those that the enterprise user can access.

Parent Organization

Select the parent organization for the tree. The prompt is restricted to those organizations or territories with Business Units that are related to the setID of the Partner company.

Partner Organization

Enter the name of the partner organization.

Description

Enter a short description of the partner organization.

Lead Assignment

The system displays the lead assignment. The lead assignment is provided by default from the Parent Organization lead assignment and copied to the Partner Organization.

Business Unit

The system displays the business unit. The business unit is provided by default from the Parent Organization business unit and copied to the partner organization.

Create Partner Organization Group

Click the Create Partner Organization Group button to create the partner group.

Adding Partner Users

Access the Manage Partner Users page.

Use this page to add users to the user group. The user can also update password information through self-service. Select a role for each user.

See Creating and Managing Partner Users.

Adding Partner User Groups and Child Territories to the Territory Tree

Access the Search Territories page.

The Sales Territory tree is used to model the partner organization. This organization hierarchy can be set up using the Tree Manager, or the enterprise administrator or channel manager can access the territory tree in Sales to add partner user groups and sub-organizations.

See Working with Territories.

Managing Partner User Groups in Self-Service

This section discusses how to:

Manage profiles.
Manage partner user groups.
Maintain partner organization groups.
Search organization groups.

Pages Used to Manage Partner User Groups in Self-Service

Page Name	Object Name	Navigation	Usage
Manage Profile	RX_NAME_SIGNIN	Change Profile Info, Manage Profile	Change user name or password.
Register Users - User Information	RD_PTNR_USER_SRCH	Register Users, Register Users, User Information	Administer users in the partner user group. The Register Users page lists all of the partner users for the partner company associated with the partner administrator who is logged in. The partner company is derived from the User Preference information associated with the partner administrator.
Additional Roles	RD_PTNR_USER_ROLES	Click the Additional Roles icon.	View, add, or delete additional roles for the user.
Register Users - Organization Group	RD_PTNR_USER_SRCH	Register Users, Register Users, Organization Group	Add users to groups within the partner organization.
Search Organization Groups	RSF_TR_PTNORG_SRCH	Register Users, Search Organization Groups	Search for groups in which the user is the owner, the manager, or both.

Managing Profiles

Access the Manage Profile page.

Users can change their names or passwords on this self-service page.

Managing Partner User Groups

Access the Register Users - User Information page.

The partner administrator uses this self-service page to administer the users in the partner organization. The administrator can add or delete users and keep track of all users within the partner organization. Multiple roles can be selected for the user. You must add EOPP_USER and PAPP_USER roles to get access to the PeopleSoft system. In addition to these two roles, the Partner Administrator should select additional roles, such as Partner Representative or Partner Sales Manager, as appropriate for each user created. To view, assign, or delete multiple roles for a user, use the Additional Roles icon next to the role drop-down list box.

Adding Multiple Roles for a User

Access the Additional Roles page.

You can view all roles for a user and add or delete roles as required.

Maintaining Partner Organization Groups

Access the Register Users - Organization Group page.

Partner administrators can view or change the organization group for registered users. Users can also be defined as the Group Owner.

Searching Organization Groups

Access the Search Organization Groups page.

Partner administrators can search for and view organization groups for which they are the manager, the owner, or both.

Organization Tree	Select the organization tree that the partner organization will belong to. Note. The tree prompt is restricted to those that the enterprise user can access.
Parent Organization	Select the parent organization for the tree. The prompt is restricted to those organizations or territories with Business Units that are related to the setID of the Partner company.
Partner Organization	Enter the name of the partner organization.
Description	Enter a short description of the partner organization.
Lead Assignment	The system displays the lead assignment. The lead assignment is provided by default from the Parent Organization lead assignment and copied to the Partner Organization.
Business Unit	The system displays the business unit. The business unit is provided by default from the Parent Organization business unit and copied to the partner organization.
Create Partner Organization Group	Click the Create Partner Organization Group button to create the partner group.