Index

A B C D E F G H I J K L M N O P Q R S T U V W X

Numbers

56-bit encryption, upgrading, 4.16.4

A

access control

access-group, about, 9.2.10

accessible data, suborganization view, 9.11

All access control, 9.2.9

business environment structure, about and elements (table), 9.3.1

business services, configuring, 9.17, 9.18

Catalog access control view, 9.11

catalogs, overview, 9.1.3

customer data, 9.1.2

defined, 9.1

divisions, setting up, 9.3.2

drilldown visibility, configuring, 9.21

license key, role of, 9.6

manager access control, 9.2.5, 9.11

master data, 9.1.2

organization, 9.2.6, 9.11

organizations, setting up, 9.3.3

party data model, S_PARTY table, 9.22

party types, about and table, 9.1.1

party types, relationship among, 9.22.1

personal, 9.11

personal access control, 9.2.1

pick applets, configuring visibility, 9.20

Pick List Object, setting visibility, 9.20.1

position, 9.2.2

positions, setting up, 9.3.4

record level, 2.5.3.2

responsibilities, configuring access to business services, 9.17, 9.18

responsibilities, defining and adding views and users, 9.3.5

responsibilities, role of, 5.12.7

single-position access control, about, 9.2.3

single-position access control, Manager view, 9.11

special frame class, using, 9.20.3

strategies, list of, 9.3

suborganization access control, 9.2.8

tab layouts, managing through responsibilities, 9.15

team, 9.11

team access control, about, 9.2.4

troubleshooting issues, 10.3

view level, 2.5.3.1

view properties, displaying, 9.11

view-level mechanisms, 9.1

visibility applet type, 9.11

Visibility Auto All property, using, 9.20.2

access control, business component view

manager setting, 9.2.5.2

role of, 9.5

single or multiple organization, 9.2.7

single-position view mode, 9.2.3

suborganization setting, 9.2.8

team setting, 9.2.4

access control, implementing

applet access control properties, 9.10

application, role of, 9.5

application-level access control, 9.6

business component view modes, 9.8

Owner party type, 9.8

responsibilities, about, 9.5

responsibilities, associating with users, 9.7

view access control properties, 9.11

view construction example, 9.12

visibility applet, role of, 9.5

visibility properties, role of, 9.5

Access Group base and extension tables, illustration, 9.22.12

Access group data model, about and diagram, 9.22.12

access groups

catalog access control, 9.2.10

categories, associating with, 9.14.4.2

categories, disassociating with, 9.14.4.2

creating, 9.14.3.1

data, associating with, 9.14.4

disassociating from catalog, 9.14.4.1

hierarchy, modifying, 9.14.3.3

master data catalog, associating with, 9.14.4.1

members, adding, 9.14.3.2

access, restricting

database server, C.5.1

network, C.3.2

Siebel application, C.6.7

Siebel File System, C.4.2

access-group access control

about, 9.2.10

administrative tasks, listed, 9.14

basic principles, 9.13

business scenario, 9.13.1

inheritance rules, 9.13, 9.13

user’s experience, 9.13.3

Account base and extension tables, illustration, 9.22.6

Account data model, 9.22.6

account policies, about implementing, 7.5

Active Session Timeout Value parameter, 6.7.1, A.6.1, A.6.2

ActiveX controls, enabling, C.3.7.2, C.3.7.2

adapter-defined user name

deployment option, 5.12

implementing, 5.12.5

Admin mode, visibility, 9.2.9, 9.11

Administration - Server Configuration screen, unable to work in, 10.1

administrative tasks, deactivating employees, 8.10.1.2

administrative tasks, organizational

company structure, setting up, 9.3.1

divisions, setting up, 9.4.1

organizations, setting up, 9.4.2

administrative tasks, positions and responsibilities

positions, setting up, 9.4.3

responsibilities, defining, 9.4.4

All access control

about, 9.2.9, 9.11

mobile user restriction, 9.7.2

AllowAnonUsers parameter

setting for LDAP, 5.6.7.2, 5.6.8.1, 5.6.8.1

anonymous browsing

about, 8.2

anonymous user, role of, 8.3.1

configuration parameters, setting, 8.3.2

implementing, 5.12.6.1, 8.3

views, setting or removing explicit login, 8.3.3

anonymous user

about, 5.6.4, 8.2

anonymous user record, modifying, 8.3.1

automatically populated fields, 8.6.1

implementing, 5.12.6

seed data responsibilities, about using, 8.3.1

seed data user IDs, 8.6.1

self-registration, modifying for, 8.6.1

Anonymous User Name parameter

anonymous browsing, setting for, 8.3.3

setting for LDAP, 5.6.6

Anonymous User Password parameter

about, A.6.1

setting for LDAP, 5.6.6

applets

access control, 9.11

defined, 9.10

display name and visibility, 9.10

pick applet visibility, 9.20

special frame class for visibility, 9.20.3

viewing properties, 9.10

visibility properties, about, 9.10

application

access control, implications of, 9.5

license key and view visibility, 9.6

Application Password parameter

about, A.3

reencrypting, 4.18

setting for LDAP, 5.6.7.3

application user

about, 5.6.4

write privileges, 8.9, 8.11.1

Application User DN parameter

about, A.3

setting for LDAP, 5.6.7.3

application-level access control, about and view visibility, 9.6

APPUSER, 5.6.4

APPUSERPW, 5.6.4

architecture, Siebel Security

data confidentiality, end-to-end encryption, 2.5.2

data continuity, auditing for, 2.5.4

data encryption, C.3.4

data visibility, authorization to control, 2.5.3

intrusion, preventing by secure physical deployment, 2.5.5

mobile solutions, security for, 2.5.6

recommended topologies, C.3.2

secure system access, user authentication for, 2.5.1

attributes, password storage, 5.5.5.1

auditing, 2.5.4

auditing Siebel Business Applications, C.7.4

authentication

architecture differences between Standard and Developer Web Clients, 5.13

database authentication, 5.3

database authentication, implementing, 5.4

methods, comparison table, 5.1.2

methods, overview, 5.1

networks, C.3.3

Siebel application users, C.6.4, C.6.4

Authentication Method parameter, 5.8.2

authentication options

adapter-defined user name, implementing, 5.12.5

anonymous browsing, implementing, 5.12.6.1

anonymous user, implementing, 5.12.6

checksum validation, 5.12.2

credentials password hashing, 5.14

implementing, 5.12.3

password hashing, 5.14

remote configuration, 5.13.2

roles, 5.12.7

secure login, 7.2

shared database account, implementing, 5.12.4

authentication process

federated SSO, for interactive UIs, 6.11

auto-login cookie, 7.6

B

Base Distinguished Name parameter

about, A.3

setting for LDAP, 5.6.7.3

business component view mode

about data access, 9.8

manager setting, 9.2.5.2

mode and visibility fields, viewing, 9.8

role in access control, 9.5

single or multiple organization setting, 9.2.7

single-position setting, 9.2.3

suborganization setting, 9.2.8

team setting, 9.2.4

business components

All access control, 9.2.9

control properties, displaying, 9.11

overriding visibility, 9.20.1

self-registration, 8.6.1

self-registration views, 8.6.4

view construction example, 9.12

visibility applet, about, 9.11

visibility applet, role in access control, 9.5

visibility properties, role in access control, 9.5

business environment structure

about and elements (table), 9.3.1

multiple organizations, benefits of, 9.3.1.1

multiple organizations, reasons for, 9.3.1.2

business services

configuring access control, 9.17, 9.18

creating custom, 8.6.4.3

C

Cascade button, 9.13

Catalog access control view, 9.11

catalogs

about, 9.1.3

about accessing, 9.1.3

access control strategy, 9.3

access control, types of, 9.2.10

access groups, associating with data, 9.14.4

access-group access control principles, 9.13

administrative tasks, listed, 9.14.1

associating access group and data, 9.14.4.1

categories, role of, 9.1.3

controlling access to categories, 9.13

disassociating access groups, 9.14.4.1

granting access to, 9.2.10

navigating, 9.13.3

properties of, 9.1.3

role in master data, 9.1.3

user experience, about, 9.13.3

D

data confidentiality, end-to-end encryption, 2.5.2, C.3.4

data continuity, auditing, degrees of, 2.5.4

data encryption, 4.1.2

Data Vault, C.5.3

data visibility, authorization to control

about, 2.5.3

access control, record level, 2.5.3.2

access control, view level, 2.5.3.1

intrusion, preventing by secure physical deployment, 2.5.5

data, categorized, 9.13.3, 9.13.3, 9.13.3

database authentication

about, 2.5.1.1

compared to other methods, 5.1.2

delegated administration, availability of, 8.11.1

implementing, 5.4

limitations of, 5.3.2

overview, 5.3

password hashing, 5.14

process overview, 5.3.1

self-registration, 8.4

database column, encrypted, 4.13, 4.14

database server access, C.5.1

database storage, data confidentiality, 2.5.2, C.5.3

DBO password, changing, 3.5

deduplication

about, 8.6.5

deduplication check, disabling, 8.6.5.3

fields, modifying, 8.6.5.2

Default Organization Division records, seed data, B.2.4

defined special users, B.2.1

delegated administration

authentication requirements, 8.11.1

delegated administrator responsibility, restricting, 9.7.1

new customers, registering, 8.11.3

partner applications, about, 8.11.4

partner user, registering, 8.11.4

registering users, about, 8.11.3

responsibilities, assigning, 8.11.4

write privileges, user directory, 8.11.1

delegated administrators

about, 8.11

delegated administration, administrator access, 8.11.2

inheritance of responsibilities, 8.10.5

New Responsibility field, editing, 8.10.5

user authentication requirements, 8.11.1

deleting positions, 9.3.4.2

denial of service attacks, preventing, C.3.1.12

deployment guidelines, C.6.2

deployment options, LDAP adapters, 5.12

Developer Web Client

See Siebel Developer Web Client

E

Email communications

deleting processed email, C.3.12.3

encrypting between email servers and Siebel Servers, C.3.12.2

securing, C.3.12

Employee base and extension tables, illustration, 9.22.4

employee user

active position, changing, 8.12.3.1

contact user, adding new, 8.10.3

defined, 9.22.4

Employee data model, 9.22.4

employee setup, about completing, 8.10.1.1

employee, deactivating, 8.10.1.2

minimum requirements, 8.10.1

new record, adding, 8.10.1

New Responsibility field, population of, 8.10.5

partner user, adding, 8.10.2

position access control, 9.2.2

position, active, 8.12.3

primary position, changing, 8.12.3.2

responsibilities, assigning, 9.7.4

seed data record, B.1

employees, deactivating, 8.10.1.2

Enable Peer Authentication parameter, 4.8.1

Encrypt client Db password parameter, 5.15.1

encryption

AES encryption administration, 4.12

Application Interface profile, C.3.5.5

client browser and Web server, C.3.4.1

communications encryption, 4.1.1

configuring for Siebel components, 4.6

data encryption, 4.1.2

database data, C.5.3

enabling on database table column, 4.13

end-to-end for data confidentiality, 2.5.2, C.3.4

jndi.properties file, C.3.6.2.1

Key Database Manager, using, 4.15

Mobile Web client, encryption for synchronization, 4.11

network traffic, C.3.4

new encryption keys, adding, 4.15.1

search encrypted data, 4.13

Siebel Application Interface, configuring for TLS encryption, 4.9

Siebel Server for TLS encryption, configuring for, 4.8

TLS encryption, configuring Siebel Enterprise or Siebel Server, 4.8, 4.9

types of, 4.1

Unicode support, 4.19

upgrade issues for data encryption, 4.12.4

Web client, configuring for, 4.10

encryption administration

about, 4.12

Key Database Manager, using, 4.15

upgrading, 4.12.4

encryption upgrade

input file, modifying, 4.16.2

prerequisites, 4.16.1

utility, running, 4.16.4

Encryption Upgrade Utility

56-bit encryption upgrading, 4.16.4

modifying the input file, 4.16.2

prerequisites to upgrade to higher encryption level, 4.16.1

eservice.cfg file, LDAP sample, 5.12.7

exporting tab layouts, 9.15.3

external authentication

anonymous user record, 8.2

Developer Web Clients, including, 5.13

remote configuration option, about, 5.13

remote security configuration requirements, 5.13.2

security adapters for, 2.5.1.2

system testing, 5.6.10

F

Federal Information Processing Standard (FIPS) 140, C.9.3

Federated SSO authentication

about, 6.10

for interactive user interfaces, 6.11

identity-provider initiated, 6.12

fields, self-registration

designating as required, 8.6.4.4

locating, 8.6.4.4

required property, removing, 8.6.4.4

files, cookies, 7.6

files, protecting, C.4.1

FindContact method

Forgot Your Password, modifying, 8.8.4

input fields, adding or deleting, 8.8.8

firewalls

deploying, C.3.1

large Siebel CRM deployment, C.3.2.2

medium Siebel CRM deployment, C.3.2.1

Forgot Your Password? question

architecture, 8.8.3

comparison fields, modifying, 8.8.6, 8.8.7

input fields, adding or deleting, 8.8.8

new password, retrieving, 8.8.1

null fields, processing of, 8.8.5

Query User step parameters, 8.8.4

using link, about, 8.8

workflow process, about modifying, 8.8.4

frame class, 9.20.3

G

gateway

authentication, 5.7

security profile, about, 5.7.2

general security recommendations, C.2.2

Group Access control view, 9.11

GUESTCP user ID, 3.2.2, B.2.2

GUESTCST user ID, 3.2.2, B.2.2

GUESTPW, 5.6.4

guidelines for deployment, C.6.2

H

hashing passwords, 5.14

Host Name parameter, A.3

Household

administrative tasks, 9.14.2.3

base and extension tables, illustration, 9.22.10

HTTP 1.1 protocol, C.3.1.3

I

importing tab layouts, 9.15.3

industry standards, using, 2.3

Info Center

categorized data, viewing, 9.13.3

Explorer, about, 9.13.3

IntegratedSecurity parameter, 5.13

internal administrator, modifying New Responsibility field, 8.10.5

Internet Assigned Numbers Authority, Private Enterprise Number, 5.5.5.1

Internet Protocol Security (IPsec), C.3.1.11, C.3.1.11

J

jndi.properties file, encrypting, C.3.6.2.1

K

Key Database Manager

keyfile password, changing, 4.15.2

new encryption keys, adding, 4.15.1

running, 4.15

keyfile password, changing, 4.15.2

keystore and truststore files, about, 4.1.1.4

keystore and truststore files, modifying, 4.1.1.5

L

LDAP adapter

about, 5.6

Application Password parameter, A.3

configuration parameter values, 5.6.6

configuration parameters, usage guidelines, 5.6.8.1

delegated administrator, availability of, 8.11.1

deployment options, 5.12, 5.12

directory records, about, 5.6.4

installation prerequisites, 5.6.1

restarting servers, 5.6.9

security adapter authentication, 5.5.1, 5.6

security adapter process overview, 5.2.2

SsIDatabase parameter, A.3

testing, 5.6.10

user records, adding, 5.6.5, 5.6.5

users, creating, 5.6.4

LDAP client software

installing, 5.9

LDAP, security adapter authentication, 5.5.1

license agreement, replacing default text, 8.6.4.1

license key, role in view visibility, 9.6

load balancers, about, C.3.1.6

Local Access flag, 9.7.2

account policies, about implementing, 7.5

database authentication overview, 5.3

password, storage of, 5.5.5.1

requirements for views, setting or removing, 8.3.3

password expiration, about and implementing, 7.5.1

M

Mainwin

See mwcontrol utility

manager access control, about, 9.2.5

Manager List Mode user property, 9.2.5.1

Manager visibility, 9.2.5, 9.11

manager-subordinate relationship, about, 9.2.5

master data

access control, 9.2.10, 9.3

associating with access group, 9.14.4.1

organization of, 9.1.3

role in access control, 9.1.2

merging positions, 9.3.4.2

message broadcasting, C.6.10

Microsoft Windows, changing SADMIN password, 3.3

mobile applications

device user authentication, 2.5.6.1

security, about, 2.5.6

mobile physical device security, C.3.10

mobile users

accessible views, 9.7.2

authentication, restriction, 5.1.1

positions and visibility rules, 9.3.4.2

Mobile Web client, encryption for synchronization, 4.11

multiple organizations

access control, 9.2.7

benefits of, 9.3.1.1

reasons for, 9.3.1.2

mwcontrol utility, 4.4.3

N

Network Address Translation, implementing, C.3.1.5, C.3.1.11

network and infrastructure security recommendations, C.3

network security

about, C.3.1

authentication, C.3.3

encrypt network traffic, C.3.4

firewalls, C.3.1

IPsec, C.3.1.11, C.3.1.11

load balancers, C.3.1.6

Network Address Translation, C.3.1.5, C.3.1.11

proxy servers, C.3.1.7

recommended topologies, C.3.2

routers, C.3.1.4

Virtual Private Networks (VPNs), C.3.1.10

network topologies, recommended

about, C.3.2, C.3.2

large deployments, C.3.2.2

medium deployments, C.3.2.1

New Responsibility field

about, 8.6.1

modifying, 8.10.5, 8.10.5

population of, 8.10.5

null fields, processing of, 8.8.5

O

Open UI, about, 2.9

operating systems

about, C.4

applying patches and updates, C.4.4

protecting files, C.4.1

protecting resources, C.4.1

required tasks, C.4

securing, C.4, C.7

Oracle LDAP Client

installing, 5.9

installing on UNIX, 5.9.3

installing on Windows, 5.9.2

Oracle Software Security Assurance program, C.2.4

Oracle Wallet Manager

creating a wallet, 5.9.5

organization access control

about, 9.2.6

active organization and view access, 9.7.1

associating responsibilities, 9.7.1

customizable product visibility, 9.2.7

multiple organization access, identifying views with, 9.2.7

multiple-organization access control, 9.2.7

single and multiple organizations, 9.2.7

single-organization access control, 9.2.7

suborganization access control, 9.2.8

Organization base and extension tables, illustration, 9.22.8

Organization data model, about, 9.22.8

Organization group type, administrative tasks, 9.14.2.2

Organization party type

defined, 9.22.8

divisions, about, 9.22.1

relationship rules, 9.22.1

Organizational visibility, 9.11

organizations

administrative tasks, 9.14.2.2

benefits of, 9.3.1.1

divisions, role of, 9.3.2

multiple organizations, reasons for, 9.3.1.2

positions, changing, 9.3.4.1

setting up (procedure), 9.4.2

setting up, about, 9.3.3

Owner party type, 9.8

Owner Type Position view mode, 9.11

P

parameter settings

troubleshooting issues, 10.4

parties

See party types

partner applications

delegated administrators, role of, 8.11.4

duplication fields, 8.6.5.2

primary position, changing, 8.12.3.2

responsibilities, assigning, 8.11.4, 9.7.4

self registration, 8.5, 8.6.1

self-registration workflow views, 8.6.3.2

Partner Organization base and extension tables, illustration, 9.22.9

Partner Organization data model, 9.22.9

partner user

adding, 8.10.2

new user, registering, 8.11.4

position access control, 9.2.2

responsibilities, assigning, 8.11.4, 9.7.4

Party base and extension tables, about and diagram, 9.22

Party data model

about, 9.22

Access group data model, 9.22.12

Account data model, 9.22.6

Division data model, 9.22.7

Employee data model, 9.22.4

Household data model, 9.22.10

Organization data model, 9.22.8

Partner Organization data model, 9.22.9

Person (contact) data model, 9.22.2

Position data model, 9.22.5

User data model, 9.22.3

User list data model, 9.22.11

party types

about and table, 9.1.1

access control, categorized master data, 9.2.10

determining user access, 9.8

parties, defined, 9.1.1

relationships among party types, 9.22.1

user lists, adding users, 9.14.2.4

user lists, creating, 9.14.2.4

password

changing default passwords, 3.2

enabling fields for end user to change password, 3.2

expiration, about and implementing, 7.5.1

failed tasks, checking for, 3.6

Forgot Your Password architecture, 8.8.3

Forgot Your Password link, 8.8

hashing, 5.14

retrieving a new password, 8.8.1

SADMIN, changing on Windows, 3.3

Table Owner (DBO) and password, changing, 3.5

user profile, changing for, 8.12.2

Password Attribute Type parameter

about, A.3

setting for LDAP, 5.6.7.3

passwords

hashing, C.6.5.3

management policies, C.6.4

Siebel application policies, C.6.5.1

Siebel service owner, C.4.3

syntax rules, C.6.5.2

patches, management, C.2.2.1

PCI Data Security Standard (DSS)

about, C.9.1

Siebel support for, C.9.1

permissions, authentication directory parameter, A.3

persistent cookie, 7.6

Person base and extension tables, illustration, 9.22.3

Person data type

contrasted with User, 9.22.3

responsibilities, assigning, 9.7.4

personal access control, 9.2.1, 9.11

Personal visibility, 9.2.1

physical security of client computers, C.3.7.4

pick applets

special frame class, using for visibility, 9.20.3

visibility, 9.20

Pick List object, setting visibility, 9.20.1

Popup Visibility Type property, 9.20

port allocations for Siebel CRM, C.10.1

Port parameter, setting for LDAP, 5.6.7.3

position access control, about implementing, 9.2.2

Position base and extension tables, illustration, 9.22.5

positions

active position, about, 8.12.3

active position, changing, 8.12.3.1

active position, designating, 9.2.2

administrative tasks, listed, 9.14.2.1

changing within organization, 9.3.4.1

contact users, adding new, 8.10.3

deleting and merging, 9.3.4.2

multiple employees, about, 9.3.4.1

parent-and-child relationships, 9.3.4.2

partner users and delegated administrators, 8.11.4

Position data model, 9.22.5

position hierarchy, 9.2.5

position, defined, 9.2.2

primary position, 9.2.2

primary position, changing, 8.12.3.2

renaming, cautions about, 9.3.4.2

role in employee definition, 9.22.4

setting up (procedure), 9.4.3

setting up, about, 9.3.4

primary responsibility, assigning, 9.15.2

Private Enterprise Number, 5.5.5.1

Private Key File Name parameter, 4.8.1

Private Key File Password parameter, 4.8.1

processed email, deleting, C.3.12.3

profiles

application interface profile parameters, A.6

application interface, authentication parameters, A.6.1

application interface, object manager parameters, A.6.3

application interface, REST inbound authentication parameters, A.6.5

application interface, SWE parameters, A.6.4

enterprise profile parameters, A.4

security profile parameters, A.2, A.3

server profile parameters, A.5

proxy employee

about, 9.2.6

seed data positions, B.2.4

proxy servers, about, C.3.1.7

PROXYE user ID, B.1

Q

Query User parameters, 8.8.4

R

referential data, access control strategy, 9.3

registration, troubleshooting user registration issues, 10.2

remote authentication, 5.8

remote configuration option

applicable authentication strategies, 5.13.2

external authentication, about implementing, 5.13

implementation guidelines, 5.13.2

reports, security, C.3.13

resources (security references), bibliography of, 2.6

responsibilities

about, 9.3.5

access control, implications of, 9.5

Administrative views, 9.3.5

anonymous user, 8.3.1

assigned by delegated administrator, 8.11.3

assigning, 5.12.7

assigning to employee user, 9.7.4

assigning to Partner, 9.7.4

assigning to Person, 9.7.4

associating with partner organizations, 8.11.4

configuring access to business services, 9.17, 9.18

configuring access to tasks, 9.16

defined, 9.7

defining, 9.4.4

inheritance of, 8.10.5

New Responsibility field, 8.10.5

organizations, associating with, 9.7.1

relation to job function, 9.3.5

responsibility fields and self-registration, 8.6.1

role of, 5.12.7

seed data, about and table, B.3

seed data, modifying, 8.3.1

seed responsibilities, modifying or deleting, 9.3.5

System Preferences view, limiting access, 9.3.5

user, assigning to, 9.7.4

using roles to associate, 5.5.5.1, 5.12.7

views, accessing locally, 9.7.2

views, seeing included in responsibility, B.3.2

roles

applicable authentication strategies, 5.12.7

assigning, 5.12.7

configuration setting, 5.12.7

storing in directory, 5.5.5.1, 5.12.7

Roles Attribute (optional) parameter

about, A.3

sample setting, eservice.cfg, 5.12.7

routers, C.3.1.4

RSA encryption

about, 2.3

about key exchange for, 4.7

r-services on UNIX, about, C.3.6.2

S

S_BU table, 9.22.8, 9.22.9

S_CONTACT table, 9.22.2, 9.22.2, 9.22.3, 9.22.4

S_EMP_PER table, 9.22.4

S_ORG_EXT table, 9.22.6, 9.22.8

S_ORG_GROUP table, 9.22.10

S_ORG_PRTNR table, 9.22.9

S_PARTY table

about and diagram, 9.22

Access Group data model, 9.22.12

Account data model, 9.22.6

Division data model, 9.22.7

Employee data model, 9.22.4

Household data model, 9.22.10

Organization data model, 9.22.8

Partner Organization data model, 9.22.9

Person (contact) data model, 9.22.2

Position data model, 9.22.5

User data model, 9.22.3

User list data model, 9.22.11

S_PARTY_GROUP table, 9.22.12

S_PARTY_PER table, 9.22.1

S_PARTY_REL table, 9.22.1

S_PER_RESP intersection table, 9.22.3

S_POSTN table, 9.22.4, 9.22.5

S_USER table, 9.22.3, 9.22.4

S_USERLIST table, 9.22.11

SADMIN password

default, 3.2.1

Microsoft Windows, changing on, 3.3

salt user password

about, 5.14, A.3

SecAdptDllName parameter

setting for LDAP, 5.6.7.3

SecThickClientExtAuthent system preference, 5.6.8.2

secure adapter communications deployment option, 5.12

secure coding practices, C.2.4

secure login

deployment option, 7.2

implementing, 7.2

Secure Sockets Layer, using with Siebel CRM, 2.7, C.2.5

security

architecture, components of, 2.5

industry standards, using, 2.3

overview, 2

resources, C.2.1

standards, C.2.3

threats, C.2.1

security adapter

administrator login requirement, 8.9

deployment options, listed, 5.12

directory requirements, 5.5.5

external security adapters, about implementing, 5.2

LDAP security adapter authentication, 5.5.1

LDAP security adapter authentication, implementing, 5.6

operation modes, 5.2.2

overview, 5.2

Shared Database Account DN parameter, A.3

Siebel Developer Web Client, and, 5.13

single application access, 5.5

security adapter authentication

adapter-defined user name, implementing, 5.12.5

administration through Web Client, 8.6.2

anonymous browsing, implementing, 5.12.6.1

anonymous user, implementing, 5.12.6

as authentication service, 5.5.1

benefits, 5.5

checksum validation, 5.12.2

compared to other methods, 5.1.2

credentials password hashing, 5.14

implementing, 5.12.3

password hashing, 5.14

remote configuration option, about, 5.13.2

roles, use of, 5.12.7

set-up, process overview, 5.6

shared database account, implementing, 5.12.4

security assessments

about, C.8.1

Common Vulnerability Scoring System, C.8.2

Security Encryption Level or Type parameter, 4.6

security recommendations, C.2.2

security references, bibliography of, 2.6

security roadmap, list of tasks, 2.10

security system access, user authentication for

about, 2.5.1

database authentication, 2.5.1.1

external authentication, security adapters for, 2.5.1.2

Web Single Sign-On (SSO), 2.5.1.3

security Web sites, C.2.1

seed data

anonymous user, about, 5.6.5

anonymous user, using, 8.3.1

Default Organization Division records, about, B.2.4

Employee record, B.1

GUESTCST user, 8.3.1

non-employee User records (table), B.2.2

position hierarchy, 9.2.5

proxy employee, B.1

Proxy Employee Position, about, B.2.4

responsibilities seed data chart (table), B.3

responsibilities, modifying, 8.3.1

self-registration workflow processes, revising, 8.6.4.2

Siebel Financial Service, about seed responsibilities and table, B.3.1

Siebel Financial Service, about seed users and table, B.2.3

user IDs, anonymous users, 8.6.1

workflow processes, about modifying, 8.6.4

self-registration

about, 8.4

activating (procedure), 8.6.3

anonymous user record, modifying, 8.6.1

application-specific examples, 8.5

business components, 8.6.1

components of self-registration, 8.6

configuration parameter, 8.6.2

custom business services, about, 8.6.4.3

deduplication check, disabling, 8.6.5.3

fields, redefining required fields, 8.6.4.4

license agreement, replacing default, 8.6.4.1

registering, user perspective, 8.5

user deduplication, about, 8.6.5

views, about modifying, 8.6.4

workflow processes, activating, 8.6.3.1

workflow processes, viewing, 8.6.3

self-registration fields

adding fields to a view, 8.6.4.5

automatic population, 8.6.1

class specification, 8.6.4.4

data collection process overview, 8.6.4.5

deduplication fields, modifying, 8.6.5.2

duplicate user updates, preventing, 8.6.5.1

required property, removing, 8.6.4.4

required, designating as, 8.6.4.4

virtual fields, use of, 8.6.4

self-registration workflow processes

data collection overview, 8.6.4.5

deduplication checks, disabling, 8.6.5.3

deduplication fields, modifying, 8.6.5.2

duplicate user updates, preventing, 8.6.5.1

fields, adding to views, 8.6.4.5

new applets, including, 8.6.4.7

seed data, revising, 8.6.4.2

views, table of, 8.6.3.2

Server Name parameter

setting for LDAP, 5.6.7.3

session cookies

about, 4.10.1

modes on the Application Interface, 7.6

shared database account deployment option, 5.12

Shared Database Account DN parameter

about, A.3

setting for LDAP, 5.6.7.3

shared database account, implementing, 5.12.4

Siebel application configuration, A.7

Siebel Application Interface

TLS encryption, configuring, 4.9

Siebel Business Applications

about, C.6.1

implementing access control, C.6.7

implementing user authentication, C.6.4

reports, C.3.13

securing, C.6

set-up requirements, C.6.2

Siebel service owner account, C.4.3

special users, B.2.1, C.6.6

testing, C.8

user authentication, C.6.4

Siebel clients

browser software, C.3.7.6

enabling ActiveX controls, C.3.7.2

encrypting communications, C.3.4.1

physical security, C.3.7.4

securing, C.3.7

security patches, C.3.7.7

Siebel components, disabling, C.6.3

Siebel database

about, C.5

auditing, C.7.2

backups, C.5.4

contact user, adding new, 8.10.3

employee setup, about completing, 8.10.1.1

employee, deactivating, 8.10.1.2

encrypting communications, C.3.4.3

new employee, adding, 8.10.1

New Responsibility field, population of, 8.10.5

partner user, adding, 8.10.2

position, role of, 8.10

protecting sensitive data in, C.5.3

restricting access, C.5.1

reviewing authorization policies, C.5.2

securing, C.5

user passwords, C.6.5.3

user records, adding, 5.6.5

Siebel Developer Web Client

compared to Standard Web Client, 5.13

configuration, A.7

security adapter system preference, 5.6.8.2

Siebel Document Server, securing, C.3.11

Siebel File System

excluding unsafe file types, C.4.2.4

restricting access, C.4.2

Siebel Financial Services

seed responsibilities, about and table, B.3.1

seed users, about and table, B.2.3

Siebel Gateway

custom security adapter authentication, A.3

database authentication, A.3

LDAP authentication, A.3

Siebel Gateway, server parameters, A.1

Siebel mobile clients

Siebel Mobile, C.3.10

Siebel Remote, C.3.9

Siebel Mobile, security, C.3.10

Siebel Open UI, about, 2.9, C.3.7.1

Siebel Remote

encrypt database data, C.3.9.7

password management policies, C.3.9.9

synchronization framework, C.3.9.1

Siebel Reports environment, securing, C.3.13

Siebel Security Adapter Software Developers Kit (SDK), about, 2.5.1.4

Siebel Server

configuration, A.7

data confidentiality to database, C.3.4.3

encrypting communications, C.3.4.2, C.3.4.3

restricting access, C.3.6.2

r-services, deleting, C.3.6.2

TLS, setting additional parameters on the gateway, 4.8.2

Siebel Username Attribute parameter, A.3

Siebel Web Client, administering security adapter authentication, 8.6.2

Siebel Web Engine, configuration parameters, A.6

Siebel Web server

directories, C.3.5.3

encrypt communications, C.3.5.4

seeded tomcat user, C.3.5.5

Siebel Web Server Extension

role in database authentication, 5.3.1

single application access, 5.5

single sign-on

implementing Federated SSO, 6.10

implementing Web SSO, 6.2

Oracle API Gateway role, 6.13

supported solutions for Siebel deployments, 6.1

single-organization access control, 9.2.7

single-position access control, 9.2.3, 9.11

special user privileges, B.2.1, C.6.6

spoofing attacks, protecting against, A.6.1

SsIDatabase parameter, about, A.3

SSL, about using with Siebel CRM, 2.7, C.2.5

SSO

implementing Federated SSO, 6.10

implementing Web SSO, 6.2

Oracle API Gateway role, 6.13

supported solutions for Siebel deployments, 6.1

Standard Encryptor, 4.19.3

Standard Web Client and Developer Web Client, compared, 5.13

standards

Common Criteria for Information Technology Security Evaluation, C.9.2, C.9.3

Payment Card Industry Data Security Standard, C.2.3, C.9.1

Personally Identifiable Information standard, C.2.3

suborganization access control

about, 9.2.8

accessible data, 9.11

system preferences, editing, 5.6.8.2

T

tab layouts

administering tab layout, 9.15.1

importing and exporting, 9.15.3

managing through responsibilities, about, 9.15

primary responsibility, assigning, 9.15.2

Table Owner (DBO), changing and password, 3.5

team access control, 9.2.4, 9.11

test user

about, 5.6.4

Siebel database, adding records for, 5.6.5

testing external authentication system, 5.6.10

testing system security, C.8.1

TESTPW, 5.6.4

TESTUSER, 5.6.4

TLS communication, about, 2.3

TLS encryption

configuring for, 4.8

Siebel Application Interface, configuring for, 4.9

Siebel Server, setting additional parameters on the gateway, 4.8.2

transaction data, access control strategies, 9.3

Transparent Data Encryption, C.5.3

transport layer security

supported versions, 2.8

using with Siebel CRM, 2.7

Transport Layer Security (TLS)

Email server and Siebel Server, C.3.12.2

Web client and Web server, C.3.4.1, C.3.4.1

Web server and Siebel Server, C.3.4.2

troubleshooting

access control issues, 10.3

Administration - Server Configuration screen, unable to work in, 10.1

parameter settings, 10.4

user registration issues, 10.2

Trust Token parameter, A.6.1

U

Unicode support, 4.19

UNIX, installing certificates, 4.4.2, 4.4.3

unregistered users

anonymous user record, 8.2

granting view access, 8.3

seed anonymous user, about, 8.3.1

views, setting or removing explicit login, 8.3.3

unsafe file types, excluding from Siebel File System, C.4.2.4

User

contrasted with Employee, 9.22.4

defined, 9.22.3

responsibilities, assigning, 9.7.4

User data model, 9.22.3

user administration

delegated administrators, 8.11

Siebel database, adding user to, 8.10

user profile, maintaining, 8.12

user authentication

See authentication

user authentication, about, C.6.4

User business component, underlying tables, 8.10

User data model, 9.22.3

user deduplication, about, 8.6.5

user directory

self-registration parameter, 8.6.2

write privileges, 8.9, 8.11.1

User List base and extension tables, illustration, 9.22.11

User list data model, about and diagram, 9.22.11

User lists

creating, 9.14.2.4

users, adding, 9.14.2.4

User Name Attribute Type parameter, A.3

setting for LDAP, 5.6.7.3

user privileges, special users, C.6.5.2

user profile

about updating, 8.12

active position, changing, 8.12.3

passwords, changing, 8.12.2

personal information, editing, 8.12.1

user records

adding to Siebel database, 5.6.5

data collection, process overview, 8.6.4.5

seed data, provides as (table), B.2.2

user registration

registering, about, 8.1

requirements, 8.1.1

seed data, 8.1.2

troubleshooting issues, 10.2

User Registration business component

comparison fields, modifying, 8.8.7

deduplication fields, excluding, 8.6.5.1

deduplication fields, modifying, 8.6.5.2

Forgot Your Password architecture, 8.8.3

new applets, 8.6.4.7

Query User step parameters, 8.8.4

self-registration views, 8.6.4

User Registration business service, 8.8.4

User specification source, about, 6.3.2

UseRemoteConfig parameter, 5.13.2, A.7

UserRemoteConfig parameter, A.7

users, Siebel database, adding to, 8.10

V

Validate Peer Certificate parameter, 4.8.1

view access, unregistered users, 8.3

views

adding fields, 8.6.4.5

displaying view properties, 9.11

explicit login requirements, setting or removing, 8.3.3

group access control, 9.11

license key and visibility, 9.6

limiting access to, 9.3.5

new applets, including, 8.6.4.7

responsibility, role in access, 9.7

self-registration views, related business components, 8.6.4

self-registration workflow views, table of, 8.6.3.2

view construction, example, 9.12

view, defined, 9.1

virtual fields, self-registration process, 8.6.4

Virtual Private Networks (VPNs), C.3.1.10

visibility

All, 9.11

Manager, 9.2.5

Personal, 9.2.1

positions, role of, 9.3.4

responsibilities, role of, 9.3.5

view visibility properties, 9.5

visibility applet

access control, types of, 9.11

business component and view connection, 9.5

field display, role in, 9.11

view construction example, 9.12

Visibility Applet Type property, 9.21.1

Visibility Auto All property, using, 9.20.2

Visibility Type property, 9.20.1, 9.21.2

vulnerabilities

denial of service attacks, C.3.1.12

description, C.2.1

scoring, C.8.2

W

wallet, creating, 5.9.5

Web applications, security, C.6.1

Web browser, security settings for, 2.5.7

Web Client users, authentication compatibility, 5.1.1

Web client, configuring encryption for, 4.10

Web servers

Application Interface profile, C.3.5.5

data confidentiality to Siebel Server, C.3.4.2, C.3.6.1

deleting subdirectories, C.3.5.3

encrypting communications, C.3.4.2

Web SSO

about, 2.5.1.3

anonymous browsing, implementing, 5.12.6.1

anonymous user, implementing, 5.12.6

checksum validation, 5.12.2

credentials password hashing, 5.14

implementing, 5.12.3

shared database account, implementing, 5.12.4

Web SSO adapter

adapter-defined user name, implementing, 5.12.5

Application User DN parameter, A.3

Base Distinguished Name parameter, A.3

Credentials Attribute parameter, A.3

deployment options, listed, 5.12

Password Attribute Type parameter, A.3

remote configuration option, about, 5.13.2

Roles Attribute (optional) parameter, A.3

roles, use of, 5.12.7

security adapter process overview, 5.2.2

SsIDatabase parameter, A.3

User Name Attribute Type parameter, A.3

Web SSO authentication

about, 6.2

authentication process, overview, 6.4

compared to other methods, 5.1.2

implementation considerations, 6.2.1

implementation, about, 6.3

remote authentication, 5.8

self-registration, 8.4

user specification source option, 6.3.2

Windows

SADMIN password, changing, 3.3

workflow processes

activating (procedure), 8.6.3

custom business services, about, 8.6.4.3

license agreement text, replacing, 8.6.4.1

revising, 8.6.4.2

seed data, revising, 8.6.4.2

seed processes, about modifying, 8.6.4

self-registration workflow views, table of, 8.6.3.2

self-registration, activating processes, 8.6.3.1

viewing, 8.6.3

X

X.500 Object ID, 5.5.5.1