Siebel Security Hardening Guide > Securing the Operating System > Securing the Siebel File System >

Assigning Rights to the Siebel File System

This topic describes how to restrict access rights to the Siebel File System directory to the Siebel service owner and the administrator.

The processes and components of the Siebel Server use the Siebel service owner account to operate. Do not give the Siebel service owner account permission to access any directory other than the Siebel File System directory and the Siebel Server directories.

NOTE:  If Active Directory authentication is implemented, then all users require read, execute and modify permissions to the Siebel File System \userpref directory to save their user preferences. In this case, when assigning rights to the Siebel File System, you must assign read, execute and modify permissions to the overall Siebel File System directory to everyone, assign read, execute and modify permissions to the \userpref directory to everyone, then restrict access to all other directories in the Siebel File System to the administrator and the Siebel service owner.

The following procedures describe how to assign rights to the Siebel File System on Windows and UNIX platforms.

Assigning Rights to the Siebel File System on Windows

Use the following procedure to assign the appropriate rights to the Siebel File System on Windows.

To assign the appropriate rights to the Siebel File System on Windows

  1. In Windows Explorer, navigate to the Siebel CRM directory, for example, SBA_82.
  2. Right-click the Siebel CRM directory, and select the Sharing and Security option.
  3. Click the Security tab.
  4. Select the Advanced option.
  5. Deselect the Inherit from parent permissions check box.
  6. When prompted, select the Remove option.
  7. Check the Replace permission entries on all child objects option.
  8. Click Add and assign full control permissions to administrators and the Siebel Service account. Administrators require full rights on the Siebel File System to perform backup or recovery tasks.

    NOTE:  If Active Directory authentication is implemented in your environment, then assign read, execute, and modify permissions to all other users.

  9. Click OK.

    The file permissions are replicated on all child objects.

  10. (Active Directory Only) In an Active Directory authentication environment, for each directory in the Siebel File System except the \userpref directory, remove all permissions for user accounts, except for the administrator and the Siebel Service user accounts.
  11. Repeat this procedure for the Document Server directory. Assign file system rights through the Microsoft Management Console and the security template snap-in.

Assigning Rights to the Siebel File System on UNIX

Use the following procedure to assign the appropriate rights to the Siebel File System on UNIX.

To assign the appropriate rights to the Siebel File System on UNIX

  1. Log in as root to the file system server.
  2. Using the appropriate administrative tools for your UNIX operating system, verify that only the Siebel Service account and the Siebel administrator have read, write, and execute permissions to the Siebel File System directory; remove permissions to the Siebel File System directory for all other users.

    For example, run the following command to remove all permissions (read, write, and execute) to the Siebel File System directory for all users and groups except the owner of the Siebel File System directory (Siebel Service account):

    chmod -R go-rwx FileSystemDirectory

    where FileSystemDirectory is the name of the Siebel File System directory.

Siebel Security Hardening Guide Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices.