| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
You associate an access group to a catalog or category of master data. When an access group is associated with a catalog or a category, the users associated with the access group have visibility to the data in the catalog or the category. An access group in this context is an individual node in an access group hierarchy.
The following principles apply to access-group access control:
Private catalogs and categories. A catalog is a hierarchy of categories. A catalog cannot itself contain data. To apply access-group access control on all of a catalog's categories, you must designate the catalog as private, and then associate access groups to the catalog. If a catalog is not private, then any user can see data in its categories. You can designate individual categories private within a public catalog.
Access group access is inherited. If an access group is associated with a category, then the group's descendant groups (child, grandchild, and so on) are automatically associated with the category. Conversely, if an access group is disassociated with a category, then its descendant groups are also disassociated. The inheritance association is enforced at run time.
Cascading category visibility is optional.
If an access group is associated with a category, the Cascade button provides that the access group is automatically associated with that category's descendant categories (child, grandchild, and so on). Therefore, users associated with the access group have access to the data in those descendant categories.
If the access group is disassociated with the category, then the access group is automatically disassociated with that category's descendant categories. If the access group is disassociated with one of the descendant categories, then the access group's cascading visibility is granted only down to, but not including, that descendant category.
Once the Cascade button is set, cascading access can only be disabled by disassociating the access group from a category. The flag itself cannot be unset.
If the Cascade button is not used, access is limited to the individual category to which the access group is associated.
Related Topics
"Scenario That Applies Access-Group Access Control"
"Viewing Categorized Data (Users)"
Assume that you want the status of your resellers to determine which of your knowledge resources they have access to. Your resellers include partner organizations and some individual consultants who are not associated with a partner organization. Your solution must meet the following requirements:
Provide your base resellers access to basic product information resources, for example, service FAQs, product documentation, and product training classes.
In addition to basic product information, provide your "premier" resellers access to more sales-specific resources, for example, marketing FAQs, documents that provide guidance on customer decision issues, and sales training classes.
In addition to product and sales resources, provide your alliance resellers access to resources to help design entire marketing campaigns, for example, competitive briefs and training classes.
As the status of a reseller changes, the administration required to change the reseller's access to data must be minimal.
Figure 9-7 illustrates one access control structure that solves this business problem.
This solution assumes that your partners are stored as organizations, in which partner users are associated with positions. The consultants exist as users; they have responsibilities, but not positions, and are not associated with an organization.
The Resellers Community is an access group hierarchy. Each node is an access group whose members are partner organizations and a single user list. The user list in each node contains all consultants of the appropriate status. For internal administrators to have visibility of the catalog, include their positions in the Alliance access group.
The Reseller Resources catalog is constructed of categories containing data and nodes that are empty categories to define access levels.
Apply the following principles to construct this structure:
Construct the Resellers Community such that the upper levels have the narrowest access to resources. Therefore, the Base Resellers access group is the parent of the Premier access group, which is in turn the parent of the Alliance access group.
Construct the Reseller Resources Catalog such that the Product Resources, Sales Resources, and Alliance Resources nodes are all first-level categories in the catalog.
For information about creating and administering catalogs, see Siebel eSales Administration Guide.
The child nodes to the Product Resources node include categories of product resources. The child nodes to the Sales Resources and Alliance Resources nodes are determined similarly.
The following implementation procedure restricts the base resellers' access to product resources only, premier resellers' access to product resources and sales resources, and alliance resellers' access to all resources.
To implement the Reseller Resources access control structure
Construct the Reseller Resources catalog, and specify it as private, with access provided to the Base Resellers access group.
Access to the catalog is also granted to the Premier and Alliance access groups because access group access is inherited.
Associate the Base Resellers access group with the Product Resources category, and use the Cascade button.
Access is inherited by the Premier and Alliance access groups from the Base Resellers group, and access cascades from the Product Resources category to its subcategories containing data. The resulting behavior is that all the nodes in the Resellers Community have access to all the subcategories in the Product Resources category.
Associate the Premier access group with the Sales Resources category, and use the Cascade button.
Access is inherited by the Alliance access group from the Premier group, and access cascades from the Sales Resources category to its subcategories containing data. The resulting behavior is that the Premier and Alliance groups have access to all the subcategories in the Sales Resources category.
Associate the Alliance access group with the Sales Resources category, and use the Cascade button.
No group inherits access from the Alliance group. Access cascades from the Alliance Resources category to its subcategories containing data. The resulting behavior is that only the Alliance group has access to the subcategories in the Alliance Resources category.
Set the catalog to type Partner to make it visible to partners and consultants on partner applications such as Siebel Partner Portal, and to internal administrators on Siebel employee applications in the Info Center screen.
This structure meets the minimal maintenance requirement. If the status of a partner organization changes, add the partner organization to the appropriate access group and delete the partner organization from the old access group. If the status of a consultant changes, add the user to the appropriate user list, and delete the user from the old user list. Recategorized consultants and partner users are granted appropriate new access as defined by the structure.
|
Note: Sales tools of the same type, for example FAQs or product documentation, are in separate categories. |
Related Topic
You can configure a catalog to display in Siebel employee applications and in selected customer and partner applications, such as Siebel Sales and Siebel Partner Portal, as default functionality.
In an employee application, such as Siebel Call Center, a user can see categorized data controlled by access group membership in the Info Center and Info Center Explorer screens. Info Center Explorer provides a tree interface for navigating all the catalogs to which the user has access, down to the data item level. Info Center, as compared to Info Center Explorer, shows how categorized data can be presented in Siebel Business Applications using a more open user interface.
To see categorized data in Info Center
Navigate to the Info Center screen.
The Info Center screen appears, showing accessible catalogs and their first-level categories.
Click a category link. For example, you might choose Decision Issues.
The category appears, showing its data items and its first-level subcategories.
Click a data item to view it, or drill down on a subcategory link to see its contents.
Related Topic
