| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
Previous |
Next |
View PDF |
A responsibility corresponds to a set of views. Each user must be assigned at least one responsibility. When you assign responsibilities to a user, the user has access to all the views contained in all of the responsibilities assigned to the user and that are also included in the user's current application.
If a view in an application is not included in a user's responsibilities, the user will not see the view or a listing of the view in the Site Map, in the link bar, or in any other picklist. If the user does not have access to any of the views in a screen, then that screen's listing in the Site Map and its screen tab are not displayed.
For example, the responsibility assigned to an administrator might include the views in the Administration - Application screen. The administrator sees this screen listed in the Site Map and can navigate to the views it includes. A customer care agent typically does not have administrative views in a responsibility, so the agent would not see this screen or its views listed in any context.
Each user's primary responsibility also controls the default screen or view tab layout for the user. For more information, see "Managing Tab Layouts Through Responsibilities".
A user can have one or more responsibilities. The user has access to all the views in the union of all the responsibilities assigned. For example, you could assign a sales manager both the Sales Manager responsibility and the Field Sales Representative responsibility.
|
Note: Modifying visibility or responsibility settings for an application can in some cases require that the associated Application Object Manager (AOM) be restarted in order for these new settings to take effect for users of the Siebel Web Client. If you have only modified responsibilities, then you can clear cached responsibilities instead, without restarting the Application Object Manager. For more information, see "Clearing Cached Responsibilities". |
For additional information on using responsibilities to provide access control, see the following topics:
You can associate a responsibility with one or more organizations. Associate responsibilities with organizations only when you are implementing delegated administration of users, such as for Siebel Partner Portal (for Siebel Partner Relationship Manager).
A partner user can see responsibilities that are associated with the organization with which the user is associated for the session. A partner user is associated with the organization with which his or her primary position is associated.
A user can be assigned responsibilities across organizations for the purpose of providing the user access to views. However, the user can only see the responsibilities that are associated with the user's active organization.
For example, you could decide that delegated administrator responsibility can only be assigned to users by internal administrators, and not by other delegated administrators. A user can then have a delegated administrator responsibility, but would not be able to see it in a list of responsibilities. Therefore, the delegated administrator could not assign it to other users. You can accomplish this scenario by associating the delegated administrator responsibility with an organization other than that with which the delegated administrator is associated.
|
Note: Associate each responsibility with at least one organization if you include views that use either position or organization access control in the responsibility. |
Related Topics
Each view and each responsibility has a Local Access flag. Together, these settings determine whether views can be accessed by Siebel Mobile Web Client users with particular responsibilities.
The setting of the Local Access flag does not affect access to a view for users using either the Siebel Web Client or Siebel Developer Web Client.
When Local Access is set to TRUE (checked), all users with the view in one of their responsibilities can access the view when using the Siebel Mobile Web Client (connected to the local database). When Local Access is set to FALSE (unchecked), users cannot access the view when using the Mobile Web Client.
The Local Access flag appears in the following locations:
Default Local Access flag in Administration - Application, Views. This setting defines a default setting to be inherited for the view, unless the setting is overridden in another context.
Local Access flag in Views list of Administration - Application, Responsibilities. This setting displays or overrides the default setting applicable to a view record that is a child to the current responsibility. The setting affects a view only as it is made available to users through association with a specific responsibility record.
Local Access flag in Responsibilities list of Administration - Application, Views. This setting displays or overrides the default setting applicable to the view record that is the parent to the current responsibility. The setting affects a view only as it is made available through association with a specific responsibility record.
The Local Access field is a mechanism for controlling which views mobile users can work in when using the Siebel Mobile Web Client. In addition to enabling or disabling local access to views based on responsibility, administrators can provide different sets of views for access by different mobile users. For more information, see Siebel Remote and Replication Manager Administration Guide.
|
Caution: Disable access to views applying All access control by setting the Local Access field toFALSE. A view with All access control can cause unpredictable and possibly undesirable results for a mobile user. For information about All access control, see "About All Access Control". |
Related Topic
Each responsibility has a Read Only View flag. Set this flag to True to prevent a user from creating data in a view or modifying existing data in a view. To make sure that a user cannot create or modify data in a view, you must select this flag for all responsibilities associated with the user that allow access to the view.
The Read Only View flag appears in the following locations:
Read Only View flag in Views list under Site Map, Administration - Application, Responsibilities, and then Responsibilities.
Read Only View flag in Responsibilities list under Site Map, Administration - Application, Views, and then Responsibilities.
Related Topic
You can add a responsibility to a Person, User, Employee, or Partner record. The following procedure describes how to add a responsibility to a Person record. You can assign a responsibility in the Users list or Employees list in the Administration - User screen.
If the individual does not have a current responsibility, this procedure upgrades the Person to a User. If the individual already has at least one responsibility, then the individual is already a User, an Employee, or a Partner. As such, the individual's record appears in the Persons list also, so this procedure works for any scenario.
To assign a responsibility to a Person
Log into a Siebel employee application as an administrator.
Navigate to the Administration - User screen, then the Persons view.
The Persons list appears.
Select a Person record.
In the form, click the select button on the Responsibility field.
A list of the responsibilities assigned to this Person appears.
In the Responsibilities list, click New.
A list of responsibilities available for assigning appears.
Select one or more responsibilities, and then click OK.
The selected responsibilities appear in the list of responsibilities for this Person.
Click OK.
Save the record.
|
Note: If you want to assign the same responsibility to multiple users, you can alternatively add the users to the responsibility through the Administration - Application screen. |
Related Topics
You can configure responsibilities to grant specific users access to some, but not all, of the server administration views in Siebel Business Applications. For example, LOV administrators require access to the LOV administration screens to add new LOV values in multiple languages; however, they do not require access to other administration views. Likewise, the system administrator must be able to access the server management views to monitor the server performance, but only the Siebel administrator requires access to the server configuration views through which Siebel Business Applications are configured.
The following procedure describes how to provide access to a defined set of Siebel Server administration views for specific users.
To allow limited access to server administration views
Create a new responsibility, for example, create a responsibility with the name SubAdminRole.
For information on creating responsibilities, see "Setting Up Responsibilities and Adding Views and Users".
In the Views list, associate the new responsibility with the Administration - Server views that you want to allow users with the responsibility to access.
In the Users list, add users to the SubAdminRole responsibility you have just created. Make sure that the users do not have Siebel Administrator responsibility.
Change the value of the AdminRoles parameter for the Server Manager (ServerMgr) component by issuing the following command:
srvrmgr> change param AdminRoles="Siebel Administrator,SubAdminRole" for compdef ServerMgr
Add the following parameter to the Gateway Name Server gateway.cfg file.
| Section | Parameter | Value |
|---|---|---|
| [InfraNameServer] | NSAdminRole | Siebel Administrator,SubAdminRole |
For information on the gateway.cfg file, see "About Authentication for Gateway Name Server Access".
Stop and restart the Siebel Server.
Users assigned the SubAdminRole responsibility can now access the Siebel Server Administration views you associated with that responsibility.
Related Topic
