| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
This topic includes information about the following:
"Special Users and Privileges": Provides information on the defined special users and privileges within Siebel Business Applications.
"Seed Users Provided as Seed Data": Provides information on the seed data provided with Siebel Business Applications in general.
"Seed User Modifications for Siebel Financial Services Applications": Provides information on the seed data provided with Siebel Financial Services applications.
Within Siebel Business Applications, special users are defined with specific roles within the application. Data to support these special user accounts is included in the seed data installed with Siebel Business Applications. You can change special user account names after installation, or delete the relevant seed data for a special user account if you do not need the functionality it provides. Do not, however, disable the system administrator or guest user accounts.
The following special users and privileges are defined:
Anonymous users. You can define an anonymous user (or guest) account to allow access to your Siebel application by unregistered, unauthenticated users. You must also define an anonymous user if your Siebel application implements LDAP authentication.
Three Siebel application user accounts, GUESTCST, GUESTCP, and GUESTERM are provided as seed data for use as anonymous user accounts; however, you can create a different user account for this purpose. Review the user responsibilities assigned to the anonymous user record and limit them to those necessary for sign-on and guest access.
Anonymous browsing is enabled by default. If your Siebel application does not use functionality that requires anonymous browsing, then set the AllowAnonUsers parameter to False. For more information, see "Parameters for Application Object Manager Components".
Administrator users. A Siebel administrator database account (default user ID is SADMIN) and a Siebel application user account, SADMIN, are created during the Siebel Business Applications installation process for the administrative user. Follow these guidelines in relation to the administrator user:
Limit usage of the administrator role.
Review users with administrative responsibilities. In Siebel Business Applications, the SADMIN responsibility has broad administrative privileges. For this reason, regularly review the list of users with this responsibility. Define and assign appropriate responsibilities for users that clearly reflect their line of duty.
Delete or disable unused administrator user IDs.
Directory application user. The Directory Application User is a special user defined to handle access to the LDAP directory if this authentication mechanism is used. By setting up an application user as the only user with search, read, and update privileges to the directory, you minimize the level of access of all other users to the directory.
The directory application user must not have a corresponding database account and must not be defined as a Siebel application user or have a Siebel application user record.
Shared database account user. If you are using LDAP or Web SSO authentication, then you can configure a shared database account in the directory; this is a directory entry that contains a database account that is shared by many users. A database login is created for all Siebel users who are authenticated externally during the installation process; the default database login is LDAPUSER. You must also specify a valid Siebel user ID and password for the shared database account in the directory.
An employee record, Proxy Employee, is provided as seed data during installation. This record provides customers (contact users) who log in to a Siebel customer application with a user ID (PROXYE), a position (Proxy Employee), and an organization (Default Organization).
Because the PROXYE user ID gives view access to data that is associated with the related organization, review the visibility to data provided by the proxy employee user ID and, if necessary, change the organization with which the Proxy Employee user record is associated. You cannot change seed data, therefore, to modify the Proxy Employee record you must make a copy of the record, rename it, and amend the copy. For more information, see "Siebel User Accounts".
Table B-2 describes nonemployee user records provided as seed data. Default passwords are not provided for these records. If you use a seed user record as the anonymous user record, then you must set the Anonymous User Name parameter to the seed user ID (for example GUESTCST) when configuring the Application Interface, or set it manually in the Application Interface profile. For information on configuring the Application Interface, see Siebel Installation Guide for the operating system you are using. For information on manually setting passwords for the anonymous user, see "Encrypted Passwords in Siebel Application Interface Profile Configuration".
Table B-2 User Seed Data Field Values (Nonemployee User Records)
| Last Name | First Name | User ID | Responsibility | New Responsibility | Used by These Applications |
|---|---|---|---|---|---|
|
Customer |
Guest |
Web Anonymous User |
Web Registered User |
Customer applications |
|
|
Channel Partner |
Guest |
Unregistered Partner Agent |
Self-registered Partner Agent |
Siebel Partner Portal |
Table B-3 shows modifications to the seed nonemployee User records that are provided with Siebel Financial Services applications.
The GUESTCP seed User record, which is documented in Table B-2, functions as the anonymous user for Siebel Financial PRM, the partner application in Siebel Financial Services. The responsibility of the GUESTCP seed User record provides views for anonymous browsing, and the responsibility in its New Responsibility field provides views for users who self-register.
Table B-3 User Seed Data Field Values (Modifications for Siebel Financial Services)
| Last Name | First Name | User ID | Responsibility | New Responsibility | Used by These Applications |
|---|---|---|---|---|---|
|
Customer |
Guest |
GUESTCST |
Unregistered Customer |
Registered Customer |
Siebel Financial Services customer applications |
|
Guest |
ERM |
GUESTERM |
ERM AnonUser |
Siebel Financial Services ERM |
The Proxy Employee Position and the Default Organization Division records are provided as seed data. The position exists within the division, and the division is its own organization. The position and division are both assigned to the seed data Employee record.
