Essentials (Siebel 7.

7)

Module 13: Controlling

Access to Customer Data
Module Objectives

After completing this module you will be able to:

 Describe the difference between master data and
customer data in Siebel applications
 Describe the different Access Control mechanisms used
to restrict access to data in Siebel applications
 Identify the different view types used to accommodate
different types of users

Why you need to know:

 To effectively use and administer Siebel applications, you
need to understand how access to data is controlled

Module 13: Controlling Access to Customer Data 2 of 25

Data in a Siebel Enterprise
 Needs to have controlled access
 Users see only the records that they need to do their job (security)
 Users can easily locate records of interest (improves user
experience)

Module 13: Controlling Access to Customer Data 3 of 25

Data in a Siebel Enterprise Continued
 Is classified as either:
 Customer data (discussed in this module)
 Includes dynamic, transactional data such as opportunities and orders
 Is created and managed by users of the application
 Has access controlled at the record level

 Master data (discussed in an upcoming module)

 Includes static, referential data such as products and literature
 Is created and maintained by company administrators
 Can be grouped into catalogs and categories
 Has access controlled at the catalog and category

Module 13: Controlling Access to Customer Data 4 of 25

Access to Customer Data
 The customer data a user has access to is determined by
organization, position, and user ID

Organization

Position Records

User User ID

Is assigned Provides
to access to

Module 13: Controlling Access to Customer Data 5 of 25

Specifying Data Access
 Some data within the Siebel application is associated with or
assigned to:
 One or more individuals
 One or more positions
 One or more organizations
 The type of owners and the number of owners have been
specified on the business component

Module 13: Controlling Access to Customer Data 6 of 25

Specifying View Access
 Some views within the Siebel application implement the Access
Control mechanisms
 My views
 My Team’s view
 All view
 All Across My Organizations view
 All Across Organizations view
 Administration view
 Views appear in the Visibility Filter drop-down list
 The type of Access Control to implement is specified as
properties of the view

Module 13: Controlling Access to Customer Data 7 of 25

Assigning Records to a Single User
 Some types of records can be assigned to a single user
 Access is implemented by the association of the person’s record in
the database using his or her user ID
 Association in the UI is achieved using field labels such as Owner
and Employees
 Examples include:
 Service requests
 Expense reports

Module 13: Controlling Access to Customer Data 8 of 25

Assigning Records to Multiple Users
 Some types of records can be assigned to multiple users
 Access is limited to records to which the users have been
assigned
 Access is controlled by user ID
 Examples include:
 Assets
 Activities

Module 13: Controlling Access to Customer Data 9 of 25

Assigning Records to a Position
 Some types of records can be assigned to a single position
 Access is implemented by the association of the person’s position
in the database
 Examples include:
 Forecasts
 Quotes

Module 13: Controlling Access to Customer Data 10 of 25

My View
 Is used to display records directly assigned to you using your
user ID or active position
 Examples:
 My Service Requests
 My Activities
 My Personal Contacts
 Note: Use of the word “My” does not always indicate position
Access Control, as seen with personal Access Control

A sales agent only

sees accounts for
which the sales
agent’s position is on
the account team

Module 13: Controlling Access to Customer Data 11 of 25

Assigning Records to a Team of Positions
 Some types of records can be assigned to a team of positions
 Access is implemented by the association of positions to a record
in the database
 By default, the position occupied by the user who created the
record is automatically placed on the team
 Examples include:
Team of positions
 Accounts assigned to an
opportunity
 Contacts
 Opportunities

Module 13: Controlling Access to Customer Data 12 of 25

Team Fields
 Vary according to the view in which they appear
 Examples:
 Opportunity form has a Sales Team field

Team fields often

show User ID for a
position assigned to
 Account form has an Account Team field the team

 Quote form has a Sales Rep field

Module 13: Controlling Access to Customer Data 13 of 25

Primary Position on a Team
 One position on the team is designated as the primary position
 Has additional functionality, for example: the primary can forecast
or delete an opportunity
 By default, the position creating the record becomes the primary

Victor Silver’s
position is primary on
this team

Module 13: Controlling Access to Customer Data 14 of 25

My Team’s View
 Is enabled for positions that have subordinate positions
associated to data who are the primary on a team for team-
owned records
 Allows manager positions to see records assigned to their direct
and indirect reports
 Displays this data through a “My Team’s” view
 Is implemented using the position hierarchy

Manager sees only

the accounts for
which manager’s
direct/indirect reports
are the primary
position on the
account

Module 13: Controlling Access to Customer Data 15 of 25

All View
 Is used to access all records associated with the user’s
organization
 A valid owner (a record with a user ID, position, or organization)
must be assigned to the record
 Is typically restricted to users who need to access records at the
organization level
 Executives, administrators
 Service agents who need to access all service requests

A service agent sees

all the service
requests assigned to
his organization

Module 13: Controlling Access to Customer Data 16 of 25

Organization-Based Access Control
 Some types of records are visible across the entire enterprise
 No Access Control restrictions have been specified
 Some types of records can be associated to one or more
organizations
 Single-organization access
 Multi-organization access

Module 13: Controlling Access to Customer Data 17 of 25

Assigning Records to a Single Organization
 Some types of records can be associated to a single
organization
 Association in the UI is achieved using the field labels
“Organization”
 Access is limited to those users whose position is associated with
the assigned organization
 Examples:
 Assets
 Consumer
 Forecast

Module 13: Controlling Access to Customer Data 18 of 25

Assigning Records to Multiple Organizations
 Some types of records can be associated to several
organizations
 Association in the UI is achieved using the multi-value field
“Organization”
 Access is limited to those users whose position is associated with
any of the assigned organizations
 Examples:
 Accounts
 Opportunities
 Products
 Contacts
 Quotes

Module 13: Controlling Access to Customer Data 19 of 25

All Across My Organizations View
 Displays all data from an organization and its subordinate
organizations
 Is based on the relationships specified by the organizational
hierarchy
 A valid owner must be assigned to the record
 Is typically restricted to users who need to access records at the
enterprise level
 Mid-level executives
 Partners
 Is typically used for only a few types of records

Module 13: Controlling Access to Customer Data 20 of 25

All Across Organizations View
 Displays all data from all organizations
 A valid owner must be assigned to the record
 Is typically restricted to only those users who need to access
records across the whole company
 Top-level executives

A vice president of
sales can see all
service requests that
have been assigned

Module 13: Controlling Access to Customer Data 21 of 25

Administration Views
 Display all records in the database, even those without a valid
owner
 Provides the administrator with a means to see all the records, for
instance, records that have just been imported but not yet
assigned
 Are accessed from the Administration view for each major entity
 Example: Opportunities Administration
 Should be restricted to a few users in the enterprise as they
Click the Opportunities
display all records in the database Administration link

Module 13: Controlling Access to Customer Data 22 of 25

Multiple Access Control Mechanisms
 A record can be restricted by more than one Access Control
mechanism
 Mechanisms are not mutually exclusive
 Example: A user’s position may be assigned to an account that
is not assigned to that user’s organization
 User sees the account in the My View
 User does not see the account in the All View

Module 13: Controlling Access to Customer Data 23 of 25

Summary

This module showed you how to:

 Describe the difference between master data and
customer data in Siebel applications
 Describe the different Access Control mechanisms used
to restrict access to data in Siebel applications
 Identify the different view types used to accommodate
different types of users

Module 13: Controlling Access to Customer Data 24 of 25

Lab
 In the lab you will:
 Explore data-level Access Control for different users

Module 13: Controlling Access to Customer Data 25 of 25