About CRM Territory Hierarchy-Based Security for Oracle Fusion

Territory hierarchy-based security is widely used in many CRM subject areas, such as Sales, Marketing and Partner Management. Territory based security control starts with the list of territories that the login user works for and the levels these territories belong to in the territory hierarchy. The list of territories and the levels in the territory hierarchy are then used as part of the data filter condition in queries.

There are variations of territory hierarchy based security when it's actually applied in different areas, although they are all territory based by nature. Visibility is granted to the login user:

  • As member of the territory team that the opportunity is assigned to for Opportunity and Revenue.

  • As team member of the territory that the Quota is created on for Territory Quota and Resource Quota.

  • As team member of the territory that the Forecast is created on for Forecasting.

  • As team member of the territory that is assigned to lead for Leads.

Note:

Visibility is also granted to owner or administrator of a parent territory in the hierarchy.

Configuring Resource Hierarchy-Based Security

There are 3 session variables used in territory hierarchy based data security roles.

  • TERR_LIST contains the list of Ids of the territory, in which the login user is a team member. This variable is initialized via the session Init Block 'Territory List'.

  • SUPER_TERR_LIST contains the list of Ids of the territory, in which the login user is an owner or administrator. This variable is initialized via the session Init Block 'Super Territory List'.

  • TERR_HIER_LEVEL_LIST contains the list of the levels in territory hierarchy that the login user is an owner or administrator of the territory. This variable is initialized via the session Init Block 'Territory Hierarchy Level List'.

BI Duty Roles Options

All the Territory Hierarchy Based security roles should be defined as member of the internal role OBIA_TERRITORY _HIERARCHY_DATA_SECURITY, under which, all the necessary data filters are defined. In the default configuration, OBIA_TERRITORY_HIERARCHY_DATA_SECURITY has the following members:

  • OBIA_LEAD_ANALYSIS_DUTY

  • OBIA_PARTNER_ANALYSIS_DUTY

  • OBIA_PARTNER_ADMINISTRATIVE_ANALYSIS_DUTY

  • OBIA_PARTNER_CHANNEL_ACCOUNT_MANAGER_ANALYSIS_DUTY

  • OBIA_PARTNER_CHANNEL_ADMINISTRATIVE_ANALYSIS_DUTY

  • OBIA_PARTNER_CHANNEL_ANALYSIS_DUTY

  • OBIA_OPPORTUNITY_LANDSCAPE_ANALYSIS_DUTY

  • OBIA_SALES_EXECUTIVE_ANALYSIS_DUTY

  • OBIA_SALES_MANAGERIAL_ANALYSIS_DUTY

  • OBIA_SALES_TRANSACTIONAL_ANALYSIS_DUTY

These Duty Roles control the subject areas and dashboard content to which the user has access. These Duty Roles also ensure the data security filters are applied to all the queries. For more information about how to define new groups and mappings for Users and BI Roles, see How to Define New Groups and Mappings for Users and BI Roles.