Bookshelf Home | Contents | Index | PDF |
Siebel Security Hardening Guide > Securing Siebel Business Applications > About Implementing Authorization and Access ControlThis topic describes the mechanisms that you can use to restrict access to data and Siebel Business Applications functionality for authenticated users after they have accessed Siebel Business Applications. Siebel Business Applications use two primary access-control mechanisms to determine the privileges or resources that a user is entitled to within Siebel Business Applications:
View-Level Access ControlOrganizations are generally arranged around functions, with employees being assigned one or more functions. View-level access control determines what parts of a Siebel application a user can access. This access is based on the functions assigned to that user. In Siebel Business Applications, these functions are called responsibilities. Responsibilities define the collection of views to which a user has access. Each user's primary responsibility also controls the user's default screen tab layout and tasks. You can choose to store users' Siebel responsibilities as roles in a directory attribute instead of in the Siebel database if you are using LDAP, ADSI, or custom security adapters, or if you are using Web SSO authentication. Record-Level Access ControlRecord-level access control assigns permissions to individual data items within an application. This access level allows you to configure a Siebel application so that only authenticated users who need to view particular data records can access that information. Siebel Business Applications use three types of record-level access: position, organization, and access group. When a particular position, organization, or access group is assigned to a data record, only employees within that position, organization, or access group can view that record. Adhere to the following general guidelines when authorizing access to views and records:
For additional information on view and data access control, see Siebel Security Guide. |
Siebel Security Hardening Guide | Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |