| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
This topic describes the administrative tasks you must perform to implement access-group access control.
To implement access-group access control perform the following tasks:
Administer catalogs of master data; build the catalogs and categories, associate data, and modify catalog structures as needed.
For additional information, see "About Administering Catalogs of Data".
Administer the party types that are members of access groups, that is, positions, organizations, households, and user lists.
For additional information, see "Administration Tasks for Positions, Organizations, Households, and User Lists".
"Administering Access Groups".
Administer access groups; build the access groups and modify their structures as needed.
"Associating Access Groups with Data".
Associate access groups with catalogs and categories of data.
You can do the following catalog and category administration tasks in the Administration - Catalog screen:
Create and delete catalogs and categories of master data.
Associate data with categories.
Modify the hierarchical position of a category within a catalog.
For information about creating and administering catalogs, see Siebel eSales Administration Guide and Siebel Partner Relationship Management Administration Guide.
Key principles for setting up a catalog include, but are not limited to:
Set the Catalog Type field to allow display of the catalog in certain Siebel customer or partner applications, in addition to Info Center and Info Center Explorer in Siebel employee applications. For example, set the Catalog Type to Partner to display the catalog in Siebel Partner Portal, as well as in Info Center.
Make sure the Active flag is set and the Effective Start Date and Effective End Date fields provide visibility of the catalog during your intended time interval.
Related Topic
Access groups are made up of positions, organizations, households, and user lists. This topic describes the administration tasks associated with each of these access groups.
Perform the following administrative tasks for positions:
Create positions.
For information on this task, see "Setting Up Positions".
Associate positions with employees and partner users.
For information on this task, see "Adding a New Employee" and "About Adding a New Partner User".
Maintain position hierarchies.
For information on this task, see "About Position Access Control" and "About Planning for Positions".
The Organization group type includes organizations, divisions, and accounts. You must perform the following administrative tasks for organizations:
Create divisions and accounts.
For information on creating divisions, see "Setting Up Divisions". For information on creating accounts, see Siebel Applications Administration Guide.
Promote divisions to organizations and maintain division hierarchies.
Associate positions with divisions and with partner organizations.
For information on creating organizations, see "Setting Up Organizations". For information on planning for organizations, see "About Organization Access Control" and "About Planning for Organizations".
You must perform the following administrative tasks for households:
Create households.
Associate contacts with households.
Maintain household data.
For information on these tasks, see Siebel Applications Administration Guide.
You can group arbitrary users into user lists for the purpose of granting them access to data through access groups. Users in this context include contact users, employees, and partner users. For information about user lists, see "Access Control for Parties".
The following procedure describes how to create a user list and add users to it. You can delete users from a user list similarly.
Navigate to the Administration - Group screen, then the User Lists view.
In the User Lists list, add a new record.
A new user list record appears.
Enter a name for the user list. Optionally, change the default entry for Group Type.
Save the record.
In the Users list at the end of the view, add a new record.
Select one or more users, and then click OK.
The selected users appear in the Users list. If a user, such as a customer user, belongs to an account, the Account field populates automatically.
Related Topic
You can group parties of types Position, Organization, Household, and User List into access groups for the purpose of controlling their individual members' access to data.
You administer access groups in the Administration - Group screen. This screen contains the Access Groups tree and the Access Groups list.
The Access Groups tree lists all access groups on the second level of the tree. Each access group can be expanded to show its descendants. Therefore, an access group can appear at different levels in multiple branches of the tree. An access group that has no parent access group is the highest node of an access group hierarchy. For information about access groups, see "Access Control for Parties" and "About Access-Group Access Control".
The following procedure describes how to create an access group.
Navigate to the Administration - Group screen, then the Access Groups view.
The Access Groups tree and the Access Groups list appear.
In the Access Groups list, add a new record.
A new access group record.
Complete the following fields, then save the record. Use the guidelines in the following table.
| Field | Guideline |
|---|---|
| Name | Required. Provide a name for the access group. |
| Group Type | Pick Access Group or Partner Community. These labels denote conceptual differences. Functionally, they are the same. |
| Parent Access Group | Specify a parent access group from which this new group inherits access to data that the parent group has access to. |
The new access group also appears in the Access Groups tree.
You can modify an access group by adding or deleting members using the following procedure.
To add members to an access group
Navigate to the Administration - Group screen, then the Access Groups view.
The Access Groups list appears.
In the Access Groups list, select an access group.
In the Members list, add a new record.
A pop-up list appears that contains positions, organizations, accounts, households, and user lists.
Select one or more members, and then click OK.
The selected members appear in the Members list.
In the Access Groups list, save the record.
You can delete members from an access group similarly.
You can modify the hierarchy of an access group by changing an access group's parent as described in the following procedure.
To modify a hierarchy of access groups
Navigate to the Administration - Group screen, then the Access Groups view.
The Access Groups list appears.
In the Access Groups list, select an access group.
Click on the Parent Access Group field.
The text box becomes editable and its entry is highlighted.
Do one of the following to modify the hierarchy:
To make the access group the highest (first) node of its own hierarchy, delete the entry in the Parent Access Group field. Click Save.
From the Parent Access Group field, pick a new parent and click OK. Click Save.
The Access Group tree is updated to reflect the access group's new position in a hierarchy.
Related Topic
The individual users in an access group are provided access to data by associating the access group with catalogs or categories of data.
Be aware of the following user interface behaviors related to associating an access group with a catalog or category:
Access inheritance. When you associate an access group with a category, its descendant groups are also associated with the category. However, this inheritance is implemented at run time, and is not represented in the database. As such, the descendant access groups associated with the category are not displayed in the list of groups associated with the category.
Cascade button. Clicking the Cascade button provides the given access group with visibility to all of the child categories of the current catalog or category. Clicking this button repeatedly has no effect. You must manually disassociate the group from the child categories to undo the access cascade.
Private catalog. If you specify a catalog to be private, its categories are all set as private. If you remove privacy at the catalog level, the categories retain privacy. You must then set or remove category privacy individually.
By associating an access group with a catalog of master data, you grant access to the data in the catalog to individual users in the access group.
|
Note: For a catalog and all of its categories to be visible only to the access groups associated with it, the catalog's Private flag must be set. |
To associate an access group with a catalog
Navigate to the Administration - Catalog screen, then the Access Groups view.
The Catalogs list appears.
Select a catalog.
In the Access Groups list, add a new record.
A pop-up list appears that contains access groups.
Select an access group, and then click Add.
The access group appears in the Access Groups list.
In the Access Groups list, save the record.
Select an access group, and then click Add.
The access group appears under the Access Group tab.
Complete the following fields, then save the record. Use the guidelines provided in the following table.
| Field | Guideline |
|---|---|
| Admin | Set this flag to allow users in this access group to administer the catalog. |
| Cascade | Set this flag to automatically associate this access group with the catalog's descendant categories (child, grandchild, and so on). The resulting behavior is that users in the access group have access to the data in the descendant categories. |
You can disassociate an access group from a catalog similarly.
By associating an access group with a category of master data, you grant access to the data in the category to individual users in the access group.
|
Note: For a category and all of its subcategories to be visible only to the access groups associated with it, the category's Private flag must be set or the Private flag of the catalog or a category from which the category descends must be set. |
To associate an access group with a category
Navigate to the Administration - Catalog screen, then the Access Groups view.
The Catalogs list appears.
Drill down on a catalog name.
The Categories list for the catalog appears.
Click the Access Groups view tab.
In the Access Groups list, add a new record.
A multi-value group appears that lists access groups.
Select an access group, and then click Add.
The access group appears in the Access Groups list.
In the Access Groups list, save the record.
Select an access group, and then click Add.
The access group appears under the Access Group tab.
Complete the following fields, and save the record. Use the guidelines provided in the following table.
| Field | Guideline |
|---|---|
| Admin | Set this flag to allow users in this access group to administer this category. |
| Cascade | Set this flag to automatically associate this access group with this category's descendant categories (child, grandchild, and so on). The resulting behavior is that users in the access group have access to the data in the descendant categories. |
You can disassociate an access group from a catalog similarly. When an access group is disassociated from a category, it is automatically disassociated from all of the category's descendant categories.
Related Topic
