This chapter provides overviews of distributed security for partners and the distributed security process flow and discusses how to:
Set up distributed security for partner users.
Manage partner user groups in self-service.
Distributed security or delegated administration provides the ability to delegate administrative responsibility to multiple administrators and managers in an organization in a secured fashion. Distributed security for partners enables partner administrators to set up team members for the user groups they manage and also define subordinate user groups. Given the potentially large numbers of partners that an enterprise can do business with, it is critical for a partner to be able to manage application access and permissions for their own employees.
Centralized administration in a partner-intensive environment is extremely complex to manage and often doesn’t scale in practice. By allowing partners to self-register, set up users, maintain their own profiles, and create and manage their own organizational groups, PeopleSoft’s PRM solution addresses the need to simplify and decentralize partner management.
For distributed security and partner self-service requirements, the enterprise channel operations manager determines what roles and access privileges a partner administrator is allowed to assign when he creates additional accounts for partner employees. Ideally, a partner administrator should be able to customize the access privileges and further restrict what a partner user has access to, as long as any new access combination still remains within the confines of what the enterprise channel manager delegated in the first place.
The following example shows delegated security where the Enterprise Administrator or Channel Manager sets up user groups in the organization hierarchy for each partner company; for example, ABC Warehouse, B&Y Inc, and Classic Warehouse:
Example of organization hierarchy
The following diagram illustrates a distributed security process flow. Your enterprise may define a different process flow to suit your unique business needs.
Distributed security process flow for the enterprise channel manager
As the first step in the distributed security process, the partner company applies and provides information about the company and a single point of contact, such as a partner administrator. The enterprise administrator sets up user groups in the organization hierarchy for each partner company. Once the enterprise completes the task of setting up partner user groups, an email notification is sent to the partner administrator. The enterprise grants the designated partner administrator access to the system.
This diagram illustrates a distributed security process flow for a partner administrator:
Distributed security process flow for the partner administrator
The partner administrator can now define teams and maintain the hierarchy for their organization. For example, the partner administrator for ABC Warehouse has the ability to set up multiple team members in the ABC Warehouse user group. This feature enables the partner administrator to add subordinate groups to the ABC Warehouse user group. The Territory tree is used to model the partner organization hierarchy.
The partner administrator can create partner employees in the system by defining User IDs and default passwords and automatically emailing this information to the respective users.
Distributed security also provides the partner administrator with maintenance functionality. The partner administrator can:
Add subordinate user groups.
Transfer partner users from one user group to another.
Activate and deactivate partner users.
Reset passwords.
See Also
Setting Up Security for Partners
This section discusses how to:
Create a partner organization structure.
Add partner users.
Add partner user groups and child territories to the territory tree.
Page Name |
Definition Name |
Navigation |
Usage |
Partner Company |
RD_PTNR_ORG |
Partners CRM, Search Partner Company, Partner Company, Summary, Organization |
Create a partner organization structure. |
Manage Partner Users |
RD_PTNR_USER_SRCH |
Partners CRM, Manage Partner Users, Manage Partner Users |
Add partner users. |
Tree Manager |
PSTREEMGR |
Sales, Manage Territories |
Add partner user groups to the territory tree. |
Access the Partner Company - Organization page (Partners CRM, Search Partner Company, Partner Company, Summary, Organization).
Organization Tree |
Select the organization tree that the partner organization will belong to. Note. The tree prompt is restricted to those that the enterprise user can access. |
Parent Organization |
Select the parent organization for the tree. The prompt is restricted to those organizations or territories with Business Units that are related to the setID of the Partner company. |
Partner Organization |
Enter the name of the partner organization. |
Description |
Enter a short description of the partner organization. |
Lead Assignment |
The system displays the lead assignment. The lead assignment is provided by default from the Parent Organization lead assignment and copied to the Partner Organization. |
Business Unit |
The system displays the business unit. The business unit is provided by default from the Parent Organization business unit and copied to the partner organization. |
Create Partner Organization Group |
Click the Create Partner Organization Group button to create the partner group. |
Access the Manage Partner Users page (Partners CRM, Manage Partner Users, Manage Partner Users).
Use this page to add users to the user group. The user can also update password information through self-service. Select a role for each user.
See Creating and Managing Partner Users.
Access the Search Territories page (Sales, Manage Territories).
The Sales Territory tree is used to model the partner organization. This organization hierarchy can be set up using the Tree Manager, or the enterprise administrator or channel manager can access the territory tree in Sales to add partner user groups and sub-organizations.
See Working with Territories and Assignment Groups.
This section discusses how to:
Manage profiles.
Manage partner user groups.
Maintain partner organization groups.
Search Territories .
Page Name |
Definition Name |
Navigation |
Usage |
Manage Profile |
RX_NAME_SIGNIN |
Change Profile Info, Manage Profile |
Change user name or password. |
Register Users - User Information |
RD_PTNR_USER_SRCH |
Register Users, Register Users, User Information |
Administer users in the partner user group. The Register Users page lists all of the partner users for the partner company associated with the partner administrator who is logged in. The partner company is derived from the User Preference information associated with the partner administrator. |
Additional Roles |
RD_PTNR_USER_ROLES |
Click the Additional Roles icon. |
View, add, or delete additional roles for the user. |
Manage Partner Users |
RD_PTNR_USER_SRCH |
Register Users, Register Users, Organization Group |
Add users to groups within the partner organization. |
Search Territories |
RSF_TR_PTNORG_SRCH |
Register Users, Search Territories |
Search for groups in which the user is the owner, the manager, or both. |
Access the Manage Profile page (Change Profile Info, Manage Profile).
Users can change their names or passwords on this self-service page.
Access the Manage Partner Users (Register Users, Register Users, User Information).
The partner administrator uses this self-service page to administer the users in the partner organization. The administrator can add or delete users and keep track of all users within the partner organization. Multiple roles can be selected for the user. You must add EOPP_USER and PAPP_USER roles to get access to the PeopleSoft system. In addition to these two roles, the Partner Administrator should select additional roles, such as Partner Representative or Partner Sales Manager, as appropriate for each user created. To view, assign, or delete multiple roles for a user, use the Additional Roles icon next to the role drop-down list box.
Adding Multiple Roles for a User
Access the Additional Roles page (click the Additional Roles icon).
You can view all roles for a user and add or delete roles as required.
Access the Manage Partner Users page (Register Users, Register Users, Organization Group).
Partner administrators can view or change the organization group for registered users. Users can also be defined as the Group Owner.
Access the Search Territories page (Register Users, Search Territories )
Partner administrators can search for and view organization groups for which they are the manager, the owner, or both.