| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
A delegated administrator is a user of a Siebel customer or partner application whose responsibility provides views that allow the delegated administrator to register and administer other users of that application. Delegated administration is typically implemented in business-to-business relationships.
Delegated administration of users minimizes your internal administrative overhead by moving some of the administrative load to administrators in your customer or partner companies.
See the following topics for further information about delegated administration of users:
Delegated administration is default functionality of most Siebel customer and partner applications, but it is available only if you implement LDAP security adapter authentication.
Delegated administration cannot be implemented if you use database authentication. If you want to implement delegated administration in a Web SSO authentication environment, then you are responsible for configuring the functionality in your external authentication application, in your user directory, and in your security adapter. Such configuration guidelines are not provided in Siebel Business Applications documentation.
Delegated administration requires that you configure the LDAP security adapter to propagate new and modified user data from the Siebel database to the user directory.
If you implement an adapter-defined user name in your user authentication environment, then you cannot implement tools that allow Siebel user IDs stored in the directory to be managed from within Siebel Business Applications, including delegated administration of users. For information about user authentication, see Chapter 5, "Security Adapter Authentication".
|
Note: Make sure the application user for your Siebel customer or partner application has write privileges to the user directory. |
Related Topic
A delegated administrator has restricted access to user data.
Customer applications. A delegated administrator can only see users who are associated with accounts with which the delegated administrator is associated. The My Account User Administration View is based on the Account (Delegated Admin) business component. This business component essentially restricts a delegated administrator's access to data that is associated with the accounts with which the delegated administrator is also associated.
Partner applications. A delegated administrator can only see partner users whose positions are in the same partner organization to which the delegated administrator's position belongs.
A delegated administrator can add regular registered users or other delegated administrators. However, an administrator at your host company must add the first delegated administrator in:
Each account for a Siebel customer application
Each partner organization for a Siebel partner application
Creating a delegated administrator internally requires that you provide a user with a responsibility that includes the views needed for delegated administration. Your Siebel application provides seed responsibilities for delegated administrators of customer and partner applications. For information about seed responsibilities, see Appendix B, "Seed Data".
|
Note: Delegated user administration screens, navigation, and procedures vary somewhat among Siebel Business Applications. The remaining topics describe delegated administration that is representative of customer and partner applications. |
Related Topic
A delegated administrator who uses a Siebel customer application must belong to at least one account. The delegated administrator registers a user in the currently active account. The new user inherits membership in that account.
A delegated administrator must assign at least one responsibility to a new user. A delegated administrator can only assign responsibilities, including seed responsibilities, to users who are associated to same organization that the delegated administrator is associated with.
The delegated administrator is associated with the organization to which the proxy employee for the application belongs. The proxy employee is provided as seed data and is associated with the default organization. As with other seed data that Siebel Business Applications provide, you cannot modify the proxy employee. This means that to associate a delegated administrator with an organization other than the default organization, you have to make a copy of the proxy employee record and rename it. You then assign the renamed proxy employee to the organization that you want to associate the delegated administrator with. A responsibility is associated with an organization by an administrator at your company using an employee application such as Siebel Call Center.
For example, if the application object manager in use is the eCustomer Object Manager (ENU) and the proxy employee (PROXYE) is assigned the position Proxy Employee in Default Organization, then the eCustomer Object Manager (ENU) runs under the Default Organization context. If you need to run the eCustomer Object Manager (ENU) under the China Organization, then you create a copy of:
eCustomer Object Manager (ENU) and rename it (for example, eCustomer_China)
Proxy Employee and rename it (for example, PROXYE_CHINA)
You then assign the modified proxy employee (PROXYE_CHINA) to a position in the China Organization. This results in the application (http://WebServer/eCustomer_China) connecting to the China Organization because PROXYE_CHINA is associated with a position in this organization. For more information on the proxy employee, see "Seed Employee".
To register a new customer user (by a delegated administrator)
Log into a Siebel customer application that implements delegated administration, such as Siebel Sales or Siebel eService.
|
Note: The delegated administrator must have user type Web Delegated Customer Admin. |
Click My Account, and then click User Administration under My Company.
Lists of delegated accounts and associated users appear.
In the Delegated Accounts list, select the account with which you want to associate the new user.
The users in this account appear in the Users list.
Create a new record.
Complete the following fields, then save the record.
Use the indicated guidelines. The new record appears in the Users list.
| Field | Guideline |
|---|---|
| Last Name | Required. Enter any name. |
| First Name | Required. Enter any name. |
| User ID | Required. Enter a simple contiguous user ID, which must be unique for each user. Typically, the user provides this user ID to log in.
Depending on how you configure authentication, the user might or might not log in with this identifier. |
| Password | Optional (required for some authentication implementations).
Enter a simple contiguous login password. The password must conform to the syntax requirements of your authentication system, but it is not checked for conformity in this form. For LDAP security adapter authentication, the password is propagated to the user directory. For database authentication, the password is propagated to the database. |
| Responsibility | Pick one or more responsibilities, such as a seed responsibility provided for contact users. If the delegated administrator who creates this user has a value in the New Responsibility field, then that responsibility is assigned to this user by default. For information about the New Responsibility field, see "Modifying the New Responsibility for a User Record". |
| Home Phone #
Work Phone # Work Fax # |
The application interprets digits only in these telephone number entries. Any separators are disregarded. |
Related Topic
A delegated administrator using a partner application, such as Siebel Partner Portal, has a position in a partner division. The delegated administrator can only assign to a new partner user a position from those included in the partner organization to which the partner division belongs.
A partner user must have a position in a partner organization to be associated with that organization or to belong to position-based teams, such as opportunity or account teams. A delegated administrator in a partner company can assign a position to a new partner user from the following sources:
Positions that you create internally and associate with the delegated administrator's partner organization
Positions created by delegated administrators in the partner organization
A delegated administrator can only assign responsibilities to partner users whom your host company associates with the delegated administrator's partner organization. An administrator at your company associates partner organizations with responsibilities using an employee application such as Siebel Partner Manager. To provide a new partner user with access to the database, a delegated administrator must assign a responsibility when registering the partner user.
To register a new partner user (by a delegated administrator)
Log into a partner application that implements delegated administration, such as Siebel Partner Portal.
|
Note: The delegated administrator must have user type Web Delegated Customer Admin. |
Navigate to the Administration screen.
In the Explorer, expand the organization in which you will create the partner user.
Click the Users child item to display the users in this organization.
In the Edit User form, create a new record to add a new user.
Complete the following fields, then save the record. Use the indicated guidelines. The new partner user record appears in the Users list.
| Field | Guideline |
|---|---|
| Last Name | Required. Enter any name. |
| First Name | Required. Enter any name. |
| User ID | Required. Enter a simple contiguous user ID, which must be unique for each user. Typically, the user provides this user ID to log in. Depending on how you configure authentication, the user might or might not log in with this identifier. |
| Password | Optional (required for some authentication implementations).
Enter a simple contiguous login password. The password must conform to the syntax requirements of your authentication system, but it is not checked for conformity in this form. For LDAP security adapter authentication, the password is propagated to the user directory. For database authentication, the password is propagated to the database. |
| Position | If you assign multiple positions, then the position you specify as Primary is the position the partner user assumes when he or she logs in. |
| Responsibility | Pick one or more responsibilities, such as a seed responsibility provided for partner users. If the delegated administrator who creates this user has a value in the New Responsibility field, then that responsibility is assigned to this user by default. For information about the New Responsibility field, see "Modifying the New Responsibility for a User Record". |
| Work Phone #
Home Phone # Work Fax # Pager # |
The application interprets digits only in these telephone number entries. The user can enter any separators. |
Related Topic
