1. Securing Sales and Fusion Service
  2. Overview of Access Extension Rules

Overview of Access Extension Rules

Access extension rules extend the access defined for an object in an object sharing rule to a related object.

For example, if you have secured access to an object such as Account using an object sharing rule, you can extend the access defined in the rule for the Account object to a related object, such as Activity, by creating an access extension rule. All members of an access group who can access account data will then have access to activity data for the account.

Supported Objects

Access extension rules functionality isn't currently supported for all the objects that are enabled for access groups. You can create an access extension rule only for these objects.

  • Activity

  • Activity Assignee

  • Asset

  • Business Plan

  • Contact

  • Conversation Message

  • Custom objects

  • Deal Registration

  • Goal Participant

  • HR Help Desk Request

  • Internal Service Request

  • MDF Budget

  • MDF Claim

  • MDF Request

  • Message

  • Note

  • Opportunity

  • Program Enrollments

  • Quote and Order

  • Sales Lead

  • Service Request

You can define as many access extension rules as required for each object.

Predefined Access Extension Rules

As part of the default security configuration, Oracle provides predefined access extension rules, which are associated with specific system groups. You can activate or inactivate the predefined access extension rules, but you can't change the association between the rules and the system groups. You also can't associate the predefined access extension rules with other custom or system access groups.

For example, if you assign a predefined rule to a custom access group, and that rule is extended in a predefined access extension rule, the access provided to the related object by the access extension rule isn't applied to the custom group.

If you want a custom access group to have the same access to a related object that a predefined access extension rule provides, you have to create a custom access extension rule.

Considerations When Creating Access Extension Rules

Before creating an access extension rule for an object, review the following considerations.

  • You can't link access extension rules.

    Each access extension rule provides access to records for only one object and can't be extended to provide access to records for a second object.

    For example, if you create an access extension rule to provide group members with access to activity data for accounts they can access (Rule 1), you can't create another rule to grant access to opportunities on the basis of the activities they can access through Rule 1. In this scenario, you have to create two new access extension rules for the Opportunity object:

    • A rule to provide opportunity access based on the group members access to activities

    • A rule to provide opportunity access based on the group members access to accounts

  • When you define a relationship between two objects in Application Composer, you can optionally specify data filter criteria for both the source and target objects. The filter criteria control which records are available for association at runtime with a record from the other object in the relationship.

    Access Extension rules don't support filters, so if you create an access extension rule for related objects with filters, be aware that the filter isn't applied. For additional information about object relationships, see the Configuring Applications Using Application Composer guide.

  • You can't extend the access of rules that provide global access to an object's data to related objects.

Related Topics