Implementation Guide for Oracle Billing Insight > Customizing User Management >
About Resource Authorization
Authorization in the Oracle Billing Insight applications is based on user roles and associated resource permissions. By default, each user is assigned one role. You can customize the application resources each role can access by customizing and assigning high-level sets of resource permissions, which are grouped and granted together. You can add additional user roles and permission sets for your organization. For details, see:
When a user logs into the Assisted Service and Self-Service applications, Oracle Billing Insight validates the user's role and displays only that functionality permitted for the permissions to which the user role is assigned. For business users, Oracle Billing Insight also displays only that billing data associated with the part of the hierarchy tree to which the user is assigned. Oracle Billing Insight is preconfigured with the user roles in the azcfg.properties file, as shown in Table 10.
Table 10. Preconfigured User Roles in the azcfg.properties File
|
|
Admin |
A business user, associated with an individual company or parent company, who is responsible for managing company-related data, managing business and billing hierarchies and hierarchy assignments, and creating and managing users in the Self-Service application. |
Manager |
A business user, typically assigned to the hierarchy at the account level, who can see billing data from that position to the bottom in the hierarchy tree. |
PayerManager |
A business user who can make and manage payments on billing data from that position to the bottom in the hierarchy tree. |
Subscriber |
A business user, typically assigned at service agreement level, who can see data from that position to the bottom in the hierarchy tree. |
User |
A consumer end-user who uses the Self-Service application to make payments and manage their bills. |
CSRAdministrator |
An administrator of the Assisted Service application who can perform all of the application's functionality for assisting users, plus can create and manage other agents. |
CSR |
An Assisted Service application user, such as a customer service representative, who assists users, merchants, and managers. CSRs can view the same data available to a user and perform any function on their behalf using the Assisted Service application. |
Merchant |
A business owner user who can use the Assisted Service application to view various Return On Investment reports and monitor statistics of user activity and billing loads. |
Oracle Billing Insight azpolicy.xml file is preconfigured with the permission sets described in Table 11.
Table 11. Preconfigured Permission Sets Defined in the azpolicy.xml File
|
|
perm_Hierarchy |
Use cases for viewing the user's hierarchy information. |
perm_HierarchyAdmin |
Use cases for creating and managing hierarchies for an organization. |
perm_Payment |
Use cases for making payments and managing payment accounts. |
perm_CompanyGeneral |
Use cases for viewing and updating company profile and contacts. |
perm_CompanyAdmin |
Use cases for managing company information, including viewing and updating all company hierarchies, settings and users. |
perm_CSRGeneral |
General Assisted Service application functionality for assisting customer users and managing an agent's personal profile. |
perm_CSRAdmin |
General Assisted Service application functionality plus the ability to create and manage other Assisted Service application users. |
perm_Provisioning |
Use cases for creating provisioning data in the Assisted Service application. |
perm_Impersonation |
Use case for impersonating a customer user from the Assisted Service application. |
perm_Integration |
Lets users of the Assisted Service application access the URL for integration with Siebel CRM. |
perm_BudgetView |
Use cases for viewing budgets. |
perm_BudgetMgmt |
Use cases for creating, managing, and viewing budgets. |
perm_Hier_CSR |
Defines the level of hierarchy data displayed to CSR users within the accessible use cases. |
perm_Hier_Admin |
Defines the level of hierarchy data displayed to ADMIN users within the accessible use cases. |
perm_Hier_MANAGER, PAYERMANAGER |
Defines the level of hierarchy data displayed to Manager and PayerManager users within the accessible use cases. |
perm_Hier_Subscriber |
Defines the level of hierarchy data displayed to Subscriber users within the accessible use cases. |
perm_SysMetrics |
Use cases for viewing system metric reports. |
perm_AccountGroupReports |
This is a context attribute that passes a value to determine whether a user can view billing account or group-related reports for the user's assigned hierarchy position. |
perm_PostPay |
This is a context attribute that passes a value to determine whether a user can view and choose post-payment notification preferences. |
By default, all users are allowed to access functions of the Dashboard, Unbilled, Statements, and Analytics modules in the Self-Service application. No permission is checked for accessing those features. The hierarchy position where the user is assigned is considered both for billing and business hierarchies.
Table 12 shows which principal security roles are assigned to permissions as defined in the azpolicy.xml file for authorization by the Self-Service and Assisted Service applications.
Table 12. Permission to Principal Security Role Mappings in the azpolicy.xml File
|
|
|
|
|
|
|
|
|
perm_Hierarchy |
Y |
Y |
Y |
Y |
N |
Y |
Y |
N |
perm_HierarchyAdmin |
Y |
Y |
Y |
N |
N |
Y |
Y |
N |
perm_Payment |
Y |
N |
Y |
N |
Y |
Y |
Y |
N |
perm_CompanyGeneral |
Y |
Y |
Y |
N |
N |
Y |
Y |
N |
perm_CompanyAdmin |
Y |
N |
N |
N |
N |
Y |
Y |
N |
perm_CSRGeneral |
N |
N |
N |
N |
N |
Y |
Y |
N |
perm_CSRAdmin |
N |
N |
N |
N |
N |
Y |
N |
N |
perm_Provisioning |
N |
N |
N |
N |
N |
Y |
Y |
N |
perm_Impersonation |
N |
N |
N |
N |
N |
Y |
Y |
N |
perm_Integration |
N |
N |
N |
N |
N |
Y |
Y |
N |
perm_BudgetView |
Y |
Y |
Y |
Y |
N |
Y |
Y |
N |
perm_BudgetMgmt |
Y |
Y |
Y |
N |
N |
Y |
Y |
N |
perm_Hier_CSR |
N |
N |
N |
N |
N |
N |
Y |
N |
perm_Hier_Admin |
Y |
N |
N |
N |
N |
N |
N |
N |
perm_Hier_MANAGER, PAYERMANAGER |
N |
Y |
Y |
N |
N |
N |
N |
N |
perm_Hier_Subscriber |
N |
N |
N |
Y |
N |
N |
N |
N |
perm_SysMetrics |
N |
N |
N |
N |
N |
N |
N |
Y |
perm_AccountGroupReports |
Y |
Y |
N |
N |
N |
Y |
Y |
N |
perm_PostPay |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
N |
|