Security Configuration
You can review information about the access provided by the sales job roles and can configure the default settings if necessary. For example, you can create custom versions of the roles and add or remove the privileges they provide.
The following sections describe each of the security configuration work areas and the types of configurations you can make using each one. See the Securing Sales and Fusion Service guide for further information about using each work area.
Security Console
You can access the Security Console by clicking the Security Console link under the Tools heading in the Navigator.
Sales and Service Access Management UI
Review a user's access to object data using the Sales and Service Access Management UIs. You can access the Sales and Service Access Management work area by clicking the Sales and Service Access Management link under the Tools heading in the Navigator.
The Sales and Service Access Management UI displays all the data security policies provided by a predefined or custom job role for a selected object. You can update policies for a custom job role and object on this UI, or extend the custom role's access to other object data. You can also use the access explorer functionality in the work area to view all the access an individual user has to object data, including access provided by data security policies and access group membership.
Access Groups UI
You can create and manage access groups and object sharing rules using the Access Groups UI in the Sales and Service Access Management work area.
You can access the Access Groups UI by clicking the Sales and Service Access Management link under the Tools heading in the Navigator, then clicking Configure Groups.
Access groups provide a way of providing access to object data based on conditions you define in object sharing rules. Use access groups to either supplement the data access users receive through their job roles and other security mechanisms, or to refine the access that's provided by the predefined conditions to sales object data.
There are two types of access groups:
-
Custom access groups you create.
You can add members to these groups, define rules to specify the access group members should have to object data, and edit or delete the groups as required.
-
System access groups created for you by Oracle.
System groups provide an alternative way of managing a user's access to data. A system group is created for each of the predefined job roles in your environment. Predefined object sharing rules associated with each group provide the same access to data as is provided by the predefined job roles and associated data security policies.