Admin istering Access Control for Business Services

Business services can be accessed by all users by default. However, the administrator can restrict access to specified business services and business service methods. The administrator can then associate responsibilities with the restricted business services or associate the business services with responsibilities. This allows the administrator to restrict access to business services based on the end user's responsibility. To access a restricted business service, an end user must be associated with the responsibility that allows access to the restricted business service. An end user who is assigned more than one responsibility can access any restricted business service that is associated with one of his or her responsibilities.

For business services that allow you to specify a view mode to access data, you can specify which view mode can be used by different responsibilities. Figure 9-8 shows two examples of view modes that can be associated with a responsibility to restrict the set of data records a user with the responsibility accesses.

The view modes in the first example are as follows:

1 Personal, 2 Sales Rep, 3 Manager, 4 Organization, 5 Sub-Organization, 6 All.
The view modes in the second example are as follows:

1 Group, 2 Catalog, 3 All.

The level of visibility broadens as you move from 1 to 6 in the first example and from 1 to 3 in the second example; for example, the Manager (3) view mode grants access to more data than the Sales Rep (2) view mode.

Figure 9-8 View Modes Associated with Responsibilities

Figure 9-8 also shows whether or not the relationship that exists between each view mode is hierarchical. For example, the relationship between Manager view mode and Organization view mode is not hierarchical. The relationship between Sales Rep view mode and Manager view mode is hierarchical.

Assigning appropriate view modes allows you to manage access to business services (and associated methods) by end users based on the responsibilities assigned to the end user. The following topics provide more detailed information on the tasks involved in administering access control for business services:

"Associating a Business Service with a Responsibility"
"Associating a Responsibility with a Business Service"
"Example of Associating a Responsibility with Business Service Methods"
"Clearing Cached Business Services"
"Disabling Access Control for Business Services"

Associating a Business Service with a Responsibility

This topic describes how you can associate a business service with a responsibility to control access to the business service and its methods. You carry out the following procedure through the Responsibilities view.

To associate a business service with a responsibility

Log in as an administrator.
Navigate to the Administration - Application screen, Responsibilities, and then the Business Service view.
In the Responsibilities list, select the responsibility that you want to associate with a business service.
In the Business Service list, click New to select a business service to associate with the responsibility selected in Step 3.

The Business Service dialog box displays the list of business services that are currently associated with the responsibility selected in Step 3.
In the Business Service dialog box, click New.

A new record appears in the Business Service list view.
Click the Select button in the Name field.

The Business Service dialog box appears.
Select a business service to associate with the responsibility selected in Step 3, and then click OK.

The selected business service appears in the Business Service list view.
In the Business Service Method list, click New to specify the business service methods to which the responsibility selected in Step 3 gains access.

The Business Service Method dialog box appears. This dialog box displays the list of Business Service methods to which access is currently controlled.

If the business service method to which you want to allow the responsibility access appears in the Business Service Method dialog box, select it, then click OK and go to Step 1. If not, go to Step 10.

Tip:

To allow you to restrict access to business service methods without associating them with a real responsibility, Siebel Business Applications have provided a responsibility Default Bus Service Method Access Control User. Use the steps described in this procedure to associate all business service methods to which you want to control access with Default Bus Service Method Access Control User. This makes sure that the Business Service Method dialog box is populated with the business service methods to which you want to control access.

In the Business Service Method dialog box, click New.

A new record appears in the Business Service Method list view.
Click the Select button in the Name field.

The Business Service Method dialog box appears.

Select a business service method to associate with the responsibility selected in Step 3, and then click OK.

The selected business service method appears in the Business Service Method list view.

Note:

By default, if you do not specify the business service methods to which the responsibility gains access, then the responsibility gains access to all business service methods of the business service provided that none of the business service methods have restricted access.

From the Broadest Visibility list, select the view mode to associate with the responsibility.

Note:
The business service selected in Step 7 must support view modes to allow you to select a value from the Broadest Visibility list.
Step off the record to save changes.

Associating a Responsibility with a Business Service

This topic describes how you can associate a responsibility with a business service to control access to the business service and its methods. You carry out the following procedure through the Business Service Access view.

To associate a responsibility with a business service

Log in as an administrator.
Navigate to the Administration - Application screen, then the Business Service Access view.
In the Business Service list, click New to select a business service.

A new record appears in the Business Service list.
Click the Select button in the Name field.

The Business Service dialog box appears.
Select the business service to which you want to control access, then click OK.

The selected business service appears in the Business Service list view.
In the Access By Responsibility list view, click New.

The Add Responsibilities dialog box appears.
Select a responsibility to associate with the business service that you selected in Step 5, and then click OK.

The selected responsibility appears in the Access By Responsibility list view.
In the Business Service Method list, click New to specify the business service methods to which the responsibility selected in Step 7 gains access.

The Business Service Method dialog box appears. This dialog box displays the list of business service methods to which access is currently controlled.

If the business service method to which you want to allow the responsibility access appears in the Business Service Method dialog box, select it, then click OK and go to Step12. If not, go to Step 10.

Tip:

Click the Select button in the Name field.

The Business Service Method dialog box appears.

Select a business service method to associate with the responsibility selected in Step 3, and then click OK.

The selected business service method appears in the Business Service Method list view.

Note:

From the Broadest Visibility list, select the view mode to associate with the responsibility.

Note:
The business service selected in Step 5 must support view modes to allow you to select a value from the Broadest Visibility list.
Step off the record to save changes.

Example of Associating a Responsibility with Business Service Methods

Figure 9-9, "Business Service Methods Associated with a Responsibility" shows the modifications made in the Business Services Method applet so that a user with Partner Executive responsibility can invoke the business service methods Query, Update, and Insert of the business service Account Test UDS.

Figure 9-9 Business Service Methods Associated with a Responsibility

A user with Partner Executive responsibility in the example illustrated in Figure 9-9 can:

View all accounts that belong to his or her organization because the business service method Query has Broadest Visibility equal to Organization.
Update accounts for the sales team of which he or she is a member because the business service method Update has Broadest Visibility equal to Sales Rep.
Insert a new account as the business service method Insert has Broadest Visibility equal to Organization. If the new account entry matches an existing account entry in the user's organization, then an error message appears.

Clearing Cached Business Services

A business service is cached when a user logs in who has access to that business service through the responsibility associated with the user. Users have access only to those business services that were defined for applicable responsibilities at the time that they logged in, even though an administrator might have changed access to business services since that time.

If an administrator makes any changes that affect a user's access to a business service and its associated methods, then the administrator must clear the cache in order to instruct the Siebel application to read updated values from the database. Clearing the cache makes these changes to the business service available to users who log in subsequently or who log out and log in again. The Siebel Server does not have to be restarted.

To clear cached business services

Navigate to the Administration - Application screen, Responsibilities, and then the Business Service view.
Select the business service in the Business Service list, and then click Clear Cache.

Changes to the business service that you made prior to clicking Clear Cache are made available to end users the next time that they log in.

Disabling Access Control for Business Services

You can use the OM - Enable Resource Access Control parameter to control access to business services in a component as follows:

Set OM - Enable Resource Access Control to True to enable access control for business services in a component.

This allows only users with responsibilities to access the business services in the component. Siebel checks access control each time a user accesses a business service.

Enabling access control for business services can have an effect on response times for your Siebel Business Applications.

Note:
The default value for OM - Enable Resource Access Control is True.
Set OM - Enable Resource Access Control to False to disable access control for business services in a component.

This allows everyone to access the business services.

The following procedure demonstrates how to set the value for OM - Enable Resource Access Control for a selected component.

To disable access control for business services

Log in as an administrator.
Navigate to the Administration - Server Configuration screen, then the Servers view.
In the Siebel Servers list, select the Siebel server that hosts the component for which you want to disable access control for business services.
In the Components tab, select the component for which you want to disable access control for business services.
Click the Parameters tab and query for the parameter OM - Enable Resource Access Control.

The record for OM - Enable Resource Access Control appears.
In the Value on Restart field, enter False.
Step off the record to save changes.

Administering Access Control for Business Services