Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Configuring Access Control > Implementing Access-Group Access Control >

Associating Access Groups with Data

The individual users in an access group are provided access to data by associating the access group with catalogs or categories of data.

Be aware of the following user interface behaviors related to associating an access group with a catalog or category:

  • Access inheritance. When you associate an access group with a category, its descendant groups are also associated with the category. However, this inheritance is implemented at run time, and is not represented in the database. As such, the descendant access groups associated with the category are not displayed in the list of groups associated with the category.
  • Cascade button. Clicking the Cascade button provides the given access group with visibility to all of the child categories of the current catalog or category. Clicking this button repeatedly has no effect. You must manually disassociate the group from the child categories to undo the access cascade.
  • Private catalog. If you specify a catalog to be private, its categories are all set as private. If you remove privacy at the catalog level, the categories retain privacy. You must then set or remove category privacy individually.

Associating an Access Group with a Catalog

By associating an access group with a catalog of master data, you grant access to the data in the catalog to individual users in the access group.

NOTE:  For a catalog and all of its categories to be visible only to the access groups associated with it, the catalog's Private flag must be set.

To associate an access group with a catalog

  1. Navigate to the Administration - Catalog screen, then the Access Groups view.

    The Catalogs list appears.

  2. Select a catalog.
  3. In the Access Groups list, add a new record.

    A pop-up list appears that contains access groups.

  4. Select an access group, and then click Add.

    The access group appears in the Access Groups list.

  5. In the Access Groups list, save the record.
  6. Select an access group, and then click Add.

    The access group appears under the Access Group tab.

  7. Complete the following fields, then save the record. Use the guidelines provided below.
    Field
    Guideline

    Admin

    Set this flag to allow users in this access group to administer the catalog.

    Cascade

    Set this flag to automatically associate this access group with the catalog's descendant categories (child, grandchild, and so on). The resulting behavior is that users in the access group have access to the data in the descendant categories.

You can disassociate an access group from a catalog similarly.

Associating an Access Group with a Category

By associating an access group with a category of master data, you grant access to the data in the category to individual users in the access group.

NOTE:  For a category and all of its subcategories to be visible only to the access groups associated with it, the category's Private flag must be set or the Private flag of the catalog or a category from which the category descends must be set.

To associate an access group with a category

  1. Navigate to the Administration - Catalog screen, then the Access Groups view.

    The Catalogs list appears.

  2. Drill down on a catalog name.

    The Categories list for the catalog appears.

  3. Click the Access Groups view tab.
  4. In the Access Groups list, add a new record.

    A multi-value group appears that lists access groups.

  5. Select an access group, and then click Add.

    The access group appears in the Access Groups list.

  6. In the Access Groups list, save the record.
  7. Select an access group, and then click Add.

    The access group appears under the Access Group tab.

  8. Complete the following fields, and save the record. Use the guidelines provided below.
    Field
    Guideline

    Admin

    Set this flag to allow users in this access group to administer this category.

    Cascade

    Set this flag to automatically associate this access group with this category's descendant categories (child, grandchild, and so on). The resulting behavior is that users in the access group have access to the data in the descendant categories.

You can disassociate an access group from a catalog similarly. When an access group is disassociated from a category, it is automatically disassociated from all of the category's descendant categories.

Related Topic

Implementing Access-Group Access Control

    
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.