You are on page 1of 112

SIEBEL eBUSINESS APPLICATIONS

®

SIEBEL APPLICATION DEVELOPMENT LIBRARY

CONTROLLING ACCESS TO INFORMATION
SIEBEL 2000
VERSION 6.0

MAY 2000

Siebel Systems, Inc., 1855 South Grant St., San Mateo, CA 94402 Copyright © 2000 Siebel Systems, Inc. All rights reserved. Published 2000 Printed in the United States of America No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photographic, magnetic or other record, without the prior agreement and written permission of Siebel Systems, Inc. Target Account Selling Methodologies, Copyright © 1996 Target Marketing International, Inc. All rights reserved. The full text search capabilities of Siebel MidMarket Applications include technology used under license from Fulcrum Technologies, Inc. and are the copyright of Fulcrum Technologies, Inc. and/or its licensors. Siebel, the Siebel logo, ActiveBriefing, TrickleSync, TSQ, Universal Agent, and other Siebel product names referenced herein are trademarks of Siebel Systems, Inc., and may be registered in certain jurisdictions. Windows® is a registered trademark of Microsoft Corporation. All other product names, marks, logos, and symbols may be trademarks or registered trademarks of their respective owners. U.S. GOVERNMENT RESTRICTED RIGHTS. Programs, Ancillary Programs and Documentation, delivered subject to the Department of Defense Federal Acquisition Regulation Supplement, are “commercial computer software” as set forth in DFARS 227.7202, Commercial Computer Software and Commercial Computer Software Documentation, and as such, any use, duplication and disclosure of the Programs, Ancillary Programs and Documentation shall be subject to the restrictions contained in the applicable Siebel license agreement. All other use, duplication and disclosure of the Programs, Ancillary Programs and Documentation by the U.S. Government shall be subject to the applicable Siebel license agreement and the restrictions contained in subsection (c) of FAR 52.227-19, Commercial Computer Software - Restricted Rights (June 1987), or FAR 52.227-14, Rights in General Data Alternative III (June 1987), as applicable. Contractor/licensor is Siebel Systems, Inc., 1855 South Grant Street, San Mateo, CA 94402.

Proprietary Information Siebel Systems, Inc. considers information included in this documentation and in Siebel MidMarket Applications Online Help to be Confidential Information. Your access to and use of this Confidential Information are subject to the terms and conditions of: (1) the applicable Siebel Systems software license agreement, which has been executed and with which you agree to comply; and (2) the proprietary and restricted rights notices included in this documentation.

Controlling Access to Information

About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Who Should Use This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Required Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Introduction to Information Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Single-Organization Visibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Multiple-Organization Visibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Implementing Information Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Controlling Access at the View Level . . . . . . . . . . . . . . . . . . . . . . . . 12 Controlling Access at the Record Level . . . . . . . . . . . . . . . . . . . . . . . 22 Configuring Drilldown and Pop-Up Visibility . . . . . . . . . . . . . . . . . . 47 Implementing Routing Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . 48 Defining a Multiple-Organization Enterprise . . . . . . . . . . . . . . . . . . . . . 61 Determining Your Organizational Structure . . . . . . . . . . . . . . . . . . . . 61 Defining Your Organizational Structure . . . . . . . . . . . . . . . . . . . . . . 64 Creating Associations for Referential and Transactional Data . . . . . . . 81 Administering Organizational Privileges . . . . . . . . . . . . . . . . . . . . . . 82 Integrating With the Back Office . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Implementing Multiple-Organization Functionality . . . . . . . . . . . . . . . . 84

Data Object Layer Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Business Object Layer Considerations . . . . . . . . . . . . . . . . . . . . . . . 84 User Interface Object Layer Considerations . . . . . . . . . . . . . . . . . . . . 85 Assignment Object Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Multi-Tenancy Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Troubleshooting Multiple-Organization Visibility Issues . . . . . . . . . . .100

Version 6.0

Controlling Access to Information

3

. . . . . . . . . . . . . . . . . . 106 4 Controlling Access to Information Version 6. . . . . . . . . . . . . . . . . 104 Summary and Where to Get More Information . . . . . . . . . . .0 .Controlling Access to Information Glossary of Terms . . . . . . . . . . . . .

you need to have an understanding of: The Siebel application environment and data model Siebel Tools and how to use it to configure Siebel applications The Siebel application administration screens and how to use them The Microsoft Windows operating environment Application development concepts and processes Web-based application design processes Version 6.Controlling Access to Information About This Document About This Document This document describes: Intro How to control access to information stored in a Siebel database and displayed through a Siebel application user interface How to implement visibility rules along organizational lines: In a single-organization structure In a multiple-organization structure  Who Should Use This Document The audience for this book consists of: Application developers.0              Intro Intro Controlling Access to Information 5 . database administrators. or configurators who are implementing information access Application administrators implementing information access Others looking for general information about: Information access Organizational visibility  Required Skills To do the tasks described in this book.

6 Controlling Access to Information   Version 6.Controlling Access to Information About This Document Object-oriented application design Relational database concepts To implement information access in your Siebel application you might need to consult Siebel product documentation listed in “Summary and Where to Get More Information” on page 108.0 .

only certain internal departments like Human Resources can see employee salaries. For example. External organizational visibility can be implemented for partners. and other similar groups. With organizational visibility. Organizational visibility. only the sales team for Partner A can see sales leads designated for the Partner A organization. Positions like Version 6. and product defects.0      Field Sales Representative and Relationship Manager can be associated with specific records for entities like accounts. For example. Controlling Access to Information 7 . Partner Relationship Manager. Personal visibility. and contacts. service requests. Responsibilities (for example. Personal visibility indicates ownership of entities like activities. Positions determine which specific records users see. customers. opportunities. Responsibilities. all users of the application have access to all information. Positions. access to data is limited to only those organizations that have a need to see the information. and Reports User) determine which screens and views users see.Controlling Access to Information Introduction to Information Access Introduction to Information Access Access to information in a Siebel application can be controlled based on the following factors: Intro No constraints. Partner Sales Rep. Organizational visibility can be implemented across internal or external organizations. When there are no constraints. qualified prospects.

This organizational structure in illustrated in Figure 1.0 . and multiple external organizations for which data is accessible by portals or through Siebel . where data access can be controlled by a multiple organizational structure along with other control mechanisms. Internal Organization Sales External Organization Partners Marketing Partner Portal Customers Customer Service All Customer Information eSales eService Employees eMarketing eSales Prospects Figure 1. Implementing the data access aspects of Siebel applications involves tasks that are accomplished: Within Siebel Tools Using various administration screens in Siebel applications By Siebel products like Assignment Manager and Remote and Replication Manager 8 Controlling Access to Information    Version 6. responsibilities.Controlling Access to Information Introduction to Information Access Many enterprises using Siebel eBusiness Applications have a single internal organization. and ownership. Typical Organizational Structure for Data Access Other enterprises are also split into multiple internal organizations. where visibility is controlled by positions.COM applications like eSales and eChannel.

A position is a job title within the organization—a box in the organization’s hierarchy chart with a reporting relationship to a supervisory position. providing that user with the access to views that the assigned responsibility conveys. This is described in “Personal Visibility” on page 34. A user can be granted more than one responsibility. Positions provide most of the basis for access control of records. Fields store multiple values. and data ownership. The Position field is a multi-value field containing one or more positions (job descriptions) in the organization.Controlling Access to Information Introduction to Information Access Single-Organization Visibility Within a single organization information access is controlled by a given user’s responsibility. user groups with a given access level). a user’s logon instead of position can be used instead to determine record-access visibility. NOTE: In certain circumstances. Version 6. a sales manager could be granted both the sales manager responsibility and the field sales responsibility.) Each employee record (which is accessed by a Siebel application during the logon process) has a Primary Position field and a Responsibility field. The set of positions in the Position multi-value field establishes record-access visibility. for example.0 Controlling Access to Information 9 . which determines what views in the application are available to the user. promotion. Intro A responsibility is a class of users who require access to the same application views. in which case the manager will see the union of all views from both responsibilities. position. The Responsibility field is a multi-value field containing one or more responsibilities (that is. A user responsibility is the association between a responsibility and a user. The set of responsibilities in the Responsibility multi-value field establishes view-access visibility. (The reason is because the position in the organization is typically more stable than the individual’s assignment to that position. due to employee turnover. which determines what portions of the data are visible to the logged-on user. and transfer.

limited. including: Transactional data entered by users(for example. price lists and literature) Run-time configuration data (for example.0 . Multiple-organization visibility provides a logical layer above the visibility controls at the enterprise. accounts.Controlling Access to Information Introduction to Information Access Multiple-Organization Visibility Intro Customers with large or complex Siebel application deployments. Multiple organization visibility provides this support. contacts. and opportunities) Referential data entered by administrators (for example. it provides the ability to limit visibility to all data based on the organization or organizations to which user positions are assigned. Multiple-organization visibility can be applied to user data within Siebel eBusiness Applications. Assignment Manager rules and Product Configurator models) 10 Controlling Access to Information    Version 6. especially those spanning multiple groups of users both internal and external to their enterprise. and personal levels. can control visibility to application data at a greater level of granularity.

S_PRI_LST_BU S_PROD_INT. S_ASGN_RESULT. S_BU_SKILL Affected Table S_ORG_EXT S_ORG_EXT S_CONTACT S_OPTY S_ORDER S_PARTNER S_DOC_QUOTE S_SRV_REQ S_SC_PATH. S_LIT_BU S_PRI_LST. Category Transactional Data Repository Objects Affected by a Multi-Org Structure Object Accounts Competitor Contacts Opportunity Orders Partners Quotes Service Request Relationship Single Single Single Single Single Single Single Single Multiple Multiple Multiple Multiple Multiple Single Single Single Multiple Enabled S_EMPLOYEE S_ORG_INT S_POSTN S_RESP_BU S_ASGN_GRP_BU. S_SC_PATH_BU S_LIT. Table 1.0 Controlling Access to Information 11 .Controlling Access to Information Introduction to Information Access Multiple-Organization Repository Objects Table 1 lists the repository object affected by a multiple-organization structure. S_PROD_INT_BU Referential Data SmartScripts Literature Price List Product Catalog Administrative Data Employee Division Position Responsibility Assignment Manager Assignment Manager Version 6.

so users get only the information they need. Referential visibility occurs in the following objects: SmartScripts Inventory Locations Literature Price Lists Products Figure 2 illustrates referential visibility. 12 Controlling Access to Information      Price Lists Products Literature Smart Scripts Inventory Location Organization A eRep 1 eRep 2 eRep 3 eRep 4 Figure 2.0 .Controlling Access to Information Introduction to Information Access Referential Visibility Siebel applications allow association of referential data with specific organizations. Referential Visibility Version 6.

including prices for hardware. global enterprises. However. Controlling Access to Information 13 . For more information about determining when and how to use the multipleorganization capabilities in Siebel eBusiness Applications.Controlling Access to Information Introduction to Information Access Tasks Supported by Multiple-Organization Visibility Multiple-organization visibility supports the following kinds of tasks: Data sharing across the extended enterprise. see “Determining Your Organizational Structure” on page 63. In general. multiple-organization visibility provides the greatest benefit in isolating customers or partner organizations from internal enterprise organizations.0     Using a Multiple-Organization Structure Multiple organization visibility can be a powerful tool for diverse. Controlling access through the use of views within a single internal organizational structure will provide the best visibility solution for many enterprises. Improving application performance for mobile users and executives with broad responsibilities and many direct reports by providing more ways to reduce the number of rows they retrieve from the database in a given query Version 6. limit a software salesperson’s visibility to software product prices rather than all product prices. for example. you should not split your internal enterprise into multiple virtual organizations within your Siebel applications) without a thorough analysis of the issues of convenience versus complexity. distributing sales opportunities among multiple channel partners or resellers Applying appropriate business logic to different and diverse internal organizations Limiting visibility to each user’s specific business context For example.

Application You can access this screen through the Siebel client (Screens Responsibilities.0 . you create and remove employee records. and assign responsibilities and other information to employees. For more information.Controlling Access to Information Implementing Information Access Implementing Information Access This section contains: Conceptual information that will help you understand information access in your Siebel applications Intro Controlling Access at the View Level You control data access at the view level through responsibility administration: Using the Employees administration view. see Administration “Employee Administration View” on page 21. You can access this screen through the Siebel client (Screens Application Employees Employees). Version 6. you create new responsibilities and assign views to them. 14 Controlling Access to Information          Procedural information that will help you configure information access in your Siebel applications Intro Using the Responsibilities administration view. For more information. see “Responsibility Administration Administration View” on page 17.

User Logon ID Look up in Employee Records List of User's Responsibilities List of User's Accessible Views Look up in ResponsibilityView Records Figure 3. that user’s ability to navigate to the view is not enabled: Version 6. This process is illustrated in Figure 3. the employee’s logon ID is used to obtain his or her responsibilities during the logon process.0    Controlling Access to Information 15 . Process to Establish View Access In Siebel applications. users navigate to views in one of the following ways: From menu options in the Screens menu From screen bar and view bar tabs By drilling down from another view When a user’s responsibility or set of responsibilities does not include a specific view. The list of views accessible to that employee is derived from the responsibilities.Controlling Access to Information Implementing Information Access As a result of this administrative setup. all others are hidden. Only authorized views are made available to the user.

the screen’s name does not appear in the main Screens menu. Drilldown text loses its hyperlink functionality (visible to the user by a change in underlining and coloring). The view’s tab does not appear from the view bar for any screens appearing in the tab bar that contain it.Controlling Access to Information Implementing Information Access The view’s name does not appear on the submenus of the Screens menu that contain it. if all views in the screen’s submenu are unavailable to the user. if all views in that screen’s subordinate view bar are unavailable. In addition.0 . In addition. 16 Controlling Access to Information    Version 6. the screen’s tab in the tab bar also does not appear.

.. This view appears in Figure 4. You control responsibilities and view access in the Responsibility Administration view of the Administration screen. Responsibility Administration View Version 6.provides access to the views in this list.. The highlighted responsibility.0 Controlling Access to Information 17 .... Figure 4. ...and is assigned to these employees.Controlling Access to Information Implementing Information Access Responsibility Administration View The set of responsibilities and the views accessible by users with a given responsibility are administered in the Siebel application client..

0 . 18 Controlling Access to Information  5 Choose Edit Add New Record. select the view you want and click the Add button. and two subordinate list applets: Views and Employees.   1 Choose Screens Application Administration Responsibilities. The list of views in the Views list applet is the set of views enabled when an employee has the responsibility currently selected in the Responsibilities list applet. use the record function to create a new responsibility and modify accordingly. which lists all responsibilities in the system. 2 Click the Responsibilities list applet to highlight it. NOTE: You can’t add or remove views from seed data responsibilities like Siebel Administrator. If you want to add or remove views from a vanilla responsibility. To assign responsibilities to employees Generally the assignment of responsibilities to an employee is performed in the Employee Administration view (described in “Employee Administration View” on page 21) rather than the Responsibility Administration view. 4 Select the Views Applet. To add a view to an existing responsibility This opens the Responsibility Administration view. To create a new responsibility 1 Log on to a Siebel application with Server database access using a logon ID that has administration privileges. 6 In the Add Views dialog box. The list of employees in the Employees list applet is the set of employees who have the current responsibility. Version 6.Controlling Access to Information Implementing Information Access This administration view consists of the Responsibilities list applet. 3 Select the responsibility you want. although it can be done in either place.

Controlling Access to Information Implementing Information Access This opens the Responsibility Administration view. optionally. Controlling Access to Information   2 Choose Screens Application Administration Responsibilities. Description. View Name and Description list columns of Siebel applications automatically populate when you add a view record and select a view from the picklist. The Local Access list column (shown in Figure 5) can be turned on or off for each view assignment by the administrator (by clicking the check box to add or remove the check mark). 19 . employees to the responsibility in the corresponding list applets. Local Access Column Version 6. Using the Local Access Column The Views applet in the Responsibility Administration view contains three columns: View Name.0  4 Choose Edit Add New Record. and Local Access. 6 Add views and. 3 Click the Responsibilities list applet to highlight it. 5 Enter a name and description in the new responsibility record. Figure 5.

these users can only access the view when they are directly connected to the Server database.Controlling Access to Information Implementing Information Access When you set the Local Access list column to TRUE (checked). 20 Controlling Access to Information Version 6. by controlling which ones they can see when they are not connected to the server. When mobile users work offline.0 . When set to FALSE (unchecked). they rely on synchronization and routing to supply some subset of the available records. users with this responsibility can access the view from either the Local or Server database. You disable access to All views by setting the Local Access value to FALSE for these view assignments. NOTE: You should disable access in all responsibilities to offline work for all views that have All visibility. Routing is described in “Implementing Routing Restrictions” on page 50. The Local Access column is primarily a mechanism for controlling which views mobile users can work in offline. A view with All visibility will have unpredictable and possibly undesirable results for a mobile user.

contact information. It allows the administrator to create and remove employee records and assign logon IDs. choose Screens Employees Employees from the menu bar. positions. responsibilities. Application Administration Responsibility text box control Responsibilities MVG applet Figure 6.Controlling Access to Information Implementing Information Access Employee Administration View The Employee Administration view lists all employees in the system. To navigate to the Employee Administration view (shown in Figure 6). and so on to employees. Employee Administration View The Employee Administration view presents the reverse of the relationship between responsibilities and employees that the Responsibility Administration view presents: Version 6.0 Controlling Access to Information    21 .

22 Controlling Access to Information      To add and remove responsibilities for an employee 1 Choose Screens the menu bar. The Employee Administration view appears. 3 Do one of the following: a Click the Responsibility field in the list applet. highlight it. Application Administration Employees Employees from Version 6. You can maintain employee responsibilities in either the upper (list) or lower (form) applet in this administration view. and click Add. The Add Responsibilities association applet appears. This action closes the association applet and adds the responsibility to the list of employee responsibilities for the current employee. The Employee Administration view allows you to maintain the responsibilities assigned to each employee.. b Add a new responsibility by clicking New. 4 In the Responsibilities pop-up applet: a Delete a responsibility by selecting it. 2 In the upper (Employees) list applet. and then click the ellipsis icon that appears.) icon to the right of the Responsibility text box Control in the form applet The Responsibilities pop-up dialog box appears. This action removes the responsibility from the list.0 . select the employee whose record you want to change. and then clicking Delete. Locate the responsibility you want to add in the association applet.Controlling Access to Information Implementing Information Access The Responsibility Administration view allows you to maintain the list of views and employees assigned to each responsibility. b Click the ellipsis (..

Limiting Access to Views for All Users In addition to limiting view access to specific users through responsibilities.0 Controlling Access to Information   View Administration view (Screens Application Administration Views)  23 . there are two features in Siebel applications that limit access to views for all users: If a given view does not appear in this list (shown in Figure 7). View Administration View Version 6. it will not appear in the application.Controlling Access to Information Implementing Information Access 5 Close the multi-value group applet by clicking Close. Figure 7.

Business Component.Controlling Access to Information Implementing Information Access License key If your enterprise has not purchased all modules of Siebel eBusiness Applications. Controlling Access at the Record Level 24 Controlling Access to Information   Intro Record-access visibility determines the set of records displayed to the user from specific business components within specific views. Version 6. and other object definitions. users can dialog box (invoked from the Edit locate records for which they have visibility. You can combine view restriction with record-level restrictions. described in this section. Using Find. occasionally.0 . Record-access visibility also controls which records can be located in the Find Find menu option). user ID) and the settings in certain visibility-related properties in the View. the software registration number (license key) might prevent users from seeing particular screens and views. based on the broadest visibility mode supported in views to which they have access. The responsibilities feature described in “Controlling Access at the View Level” on page 14 provides one kind of access restriction. The user’s access to records is determined through his or her position or positions (or.

These records are account records for which the primary position on the account team is the loggedon manager’s direct or indirect subordinate. Figure 8. The view labeled My Team’s Accounts (Manager Account list view) displays only those records to which the logged-on user has Manager visibility. Version 6. These records are account records in which the user’s position appears in the Account Team multi-value group.Controlling Access to Information Implementing Information Access As an example of how record-level visibility works. consider first four views in the view bar for the Accounts screen shown in Figure 8.0 Controlling Access to Information 25 . Accounts Menu Screen The view labeled My Accounts (Account view) displays only those records to which the logged-on user has Sales Team visibility.

However.S. Each of these views has different visibility settings. The account records returned in this view are only those in which the position Field Sales Representative . a field sales representative responsible for the midwestern United States would see only the view entitled My Accounts. of these views in the view bar. The user’s position may be designated as supervising other positions in the organization chart of the selling organization. collectively known as sales teams. which. and Sales Rep. Manager. a user’s record-access visibility profile for a particular view may be any of the following visibility types: Sales Team visibility. This view is called All across organizations visibility. is present on the account team. and Sales Rep. opportunity. Types of Record-Level Visibility Record-access visibility is based on one or more of the following factors: The user’s position may be on one or more account. Manager.Controlling Access to Information Implementing Information Access The view labeled All Accounts (All Account list view) displays all account records for a single organization. Contact. Version 6. All four of these views appear to a logged-on system administrator. This logon ID can be used in certain circumstances instead of the position. The user has a logon ID that is unique within the organization. This visibility provides the user with access to records in which his or her position or logon ID is designated as the owner. For example. users with most other positions would see only one. Which organizational records are displayed depends on the user’s position and organizational association. Based on these factors. The view labeled All Accounts across Organizations displays all account records regardless of the organization that the accounts are assigned to. Organization. This view is called All visibility. Personal visibility. Contact. specify the different record display behaviors.0 . This visibility type provides the user with access to records 26 Controlling Access to Information      whose team or contact access list contains his or her position. or campaign sales teams or contact access lists. The visibility settings are All. Organization.Midwestern U. The visibility settings are All. in conjunction with property settings in the Business Component and other object definitions. or perhaps two.

The views entitled My Accounts. or contact access list that has access to those records. This visibility type provides the user with access to records within a given organization. That is. The naming convention for Team visibility views varies. For example. Users with multiple positions are logged on with their primary position by default. rather than logon ID. This visibility type provides the user with access to all records. not Sales Team visibility. The reporting relationship can be direct or indirect. Alternatively. except for those with a missing or invalid primary position in the sales team. Sales Team Visibility Sales Team visibility provides access to records for certain users because they appear on an account. Version 6.Controlling Access to Information Implementing Information Access Manager visibility. Some views whose titles begin with My (without Team) convey Team visibility. NOTE: Views whose titles begin with the words Team or My Team confer Manager visibility. 27 . This visibility provides the user with access to records that The following sections describe the visibility types. My Quotes. and My Opportunities all confer Sales Team visibility to records of the corresponding business components. Sales Team visibility is position based. the user’s position. it provides access to records with an owner ID belonging to a subordinate (if the business component uses owner-based Personal visibility). is considered when determining the user’s Sales Team visibility. opportunity. and others convey Personal visibility.0 Controlling Access to Information     have a sales team in which a subordinate is designated as the primary position (if the business component uses Sales Team visibility). All visibility (using the All across organizations view). account sales teams have access to particular sets of accounts and campaign sales teams have access to particular campaigns. Organizational visibility (using the All views). My Contacts. but they can select a different position to change their visibility profile by choosing Edit Change Position from the menu bar and selecting a different position.

This type of association allows a single user access to many organizations within the application.0 . There is no difference in the results of these two approaches to administering employee positions. 28 Controlling Access to Information    Version 6.Controlling Access to Information Implementing Information Access You assign positions to organizations and then assign employees are assigned to positions. The organization that appears when the user logs on to the system is the organization that is associated with his or her primary position. Positions are assigned to each employee in the Employee Administration view. You assign positions in one of two ways: In the multi-value group applet attached to the Position field or list column. A single employee can be granted many positions that in turn belong to different organizations. These associations provide users with their association to the organization. Once logged on to the application the user would navigate from one organization to another using the Edit Change positions menu choice. In the Position Administration view in the multi-value group applet attached to the Last Name column. which is described in “Employee Administration View” on page 21.

Account Team Members The list column or control from which the multi-value group applet is invoked is titled Access List for contacts. opportunity. the underlying multi-value field is Sales Rep. Version 6. Account Team for accounts.Controlling Access to Information Implementing Information Access A sales team (or access list. Account Team Members for this account Account Team text box control Figure 9. Figure 9 shows the list for an account team. contact. in the case of contacts) is a list of positions maintained for a record in a multi-value group attached to a specific field or list column in the account.0 Controlling Access to Information 29 . or campaign record. and Sales Team for opportunities. In all cases.

The primary position cannot be deleted and can be set only in a view with Manager or Admin Mode visibility.Controlling Access to Information Implementing Information Access Using the multi-value group applet. or contact. Opportunity or Account Employee (sales team member) Position Territory Legend Business Component 1:M relationship (through a Business Object Component and a Link) Figure 10. account. a product or product line interest. or some combination of these. an industry or industries. Business Component Relationships That Facilitate Territory Assignment 30 Controlling Access to Information Version 6. a level of lead quality or anticipated revenue. a specific set of accounts. the Siebel Assignment Manager automatically updates sales teams and contact access lists. Assigning Territories Territories are groupings of accounts and opportunities that can be assigned to salespersons or sales teams through their positions. based on territories and the positions assigned to them. positions can be manually added to or removed from the team (access list) for a particular opportunity. The record’s owner (creator or assignee) and the person designated as primary on the team or access list have the access rights to add and delete team members. The set of relationships illustrated in Figure 10 makes possible this kind of automatic update of an account’s or opportunity’s sales team. Each territory can be defined as a geographical region. In a process called territory assignment.0 .

Figure 11.. ..Controlling Access to Information Implementing Information Access You assign one or more territories to an account or opportunity in the Territory multi-value field in a form applet such as the Account form applet or Opportunity form applet.has these territories assigned. This Opportunity. because employee turnover is more frequent than reorganization in most organizations. reflecting the fact that a salesperson might work on multiple territories and a territory might be worked on by multiple salespeople.0 Controlling Access to Information 31 . Assignment of territories to an opportunity is illustrated in Figure 11. (This relationship is between territories and positions rather than between territories and employees. Assigning Territories to an Opportunity There is a many-to-many relationship between territories and positions.. Invoke the MVG applet from the Territory text box.) Version 6..

and modifications to territory definitions and position assignments.Controlling Access to Information Implementing Information Access You assign territories to each position in the Position Administration view in Siebel Application Administration Positions). 32 Controlling Access to Information      Version 6. Position Administration View You can also assign positions to each territory in the Territory Administration views (Screens Assignment Administration Territory List or Assignment Territory Detail). It also reallocates salespersons in response to additions. Figure 12. Administration The territory assignment process (set up by an application administrator and implemented using the Assignment Manager) periodically reviews new and changed opportunities and accounts. and assigns (or reassigns) sales team members to them. This view applications (Screens appears in Figure 12. deletions.0 .

the sales representatives associated with Firm A and Firm B are put on the contact access list for John Smith. When territory assignment runs. If you assign a position to an account by the territory-assignment process and territory assignment is running in opportunity. For example. assignment or reassignment of an opportunity or account results in assignment or reassignment of the contact access team associated with the opportunity or account.0 Controlling Access to Information 33 . Version 6. if contact John Smith is associated with Firm A and Firm B. Positions are placed on a contact’s access list if that user is on the opportunity or account team for the opportunity or account with which the contact is associated. as the result of the territories specified in each opportunity or account record. The position will also be added to the contact access list for all contacts associated with that account. it is not automatically added to the account sales team for the account associated with that opportunity. The employee designated as active for a position assigned to a record appears on the team. then that position will also be placed on the sales teams for opportunities for that account that are within the territories of that user’s position. that position will not be automatically added to any of the opportunity sales teams or contact access lists for that account. Contact access lists for individual contacts populate through association with opportunity and account records. account. all positions on those accounts’ sales teams are assigned to the contact. and contact modes. if you manually add a position to an account team. Territory assignment populates the contacts access list. Territory assignment does not remove the record’s creator from the contact access list. if you manually add a position to an opportunity sales team. Likewise. However.Controlling Access to Information Implementing Information Access Opportunity and account sales teams populate automatically. If a contact is associated with more than one account.

Controlling Access to Information Implementing Information Access Personal Visibility Personal visibility provides access to records that a user has created or has been assigned to. 34 Controlling Access to Information Version 6. My Personal Contacts. My Product Defects. The word “My” in the view title does not necessarily distinguish Personal visibility views. My Service Requests. My Activities confers Personal visibility.0 . The corresponding team sees the quotes in appropriate Oppty-Quotes or AccountQuotes view. My Quotes view) appears and works like a Personal visibility even though the visibility applet type is Sales Rep. NOTE: Team visibility on quotes (that is. whereas My Opportunities confers Team visibility. The most important views that confer Personal visibility are entitled My Activities. My Proposals. and Delegated Quotes. for example.

Because users typically have both views available this structure allows them to look at personal contacts separately from those shared by the team. These different contact views are shown in Figure 13.Controlling Access to Information Implementing Information Access Most business components that use visibility offer a Personal visibility view or a Team visibility view but not both. Contacts are an exception. Contacts Views Version 6. Figure 13. Contacts have a Personal visibility view (entitled My Personal Contacts) as well as a Sales Team visibility view (entitled My Contacts).0 Controlling Access to Information 35 .

Personal Forecast. NOTE: Created By is used as an owner ID by a few business components in which there is no need for a user to select a different owner. For example. Instead. In contrast. However. In the owner-based Personal visibility situation the user can generally select a different owner from a picklist of employees or a different position from a picklist of positions. Also. Product Defect. 36 Controlling Access to Information Version 6. this solution is generally too limiting because the value of Created By cannot be changed by a user.0 . Although you can use the system field called Created By as an owner ID field to identify the logon ID of the creator. The configuration of certain properties in the business component determines whether a logon ID (owner) or position is used for Personal visibility. Only one or the other is used but not both. the field that is exposed and activates the picklist might be a different field from the one used to store the value. activities). because the values are stored as record pointer IDs (pointing to Position or Employee records) rather than as text values. and Service Request business components use an owner ID field (called Owner Id) to hold a logon ID that establishes Personal visibility.Controlling Access to Information Implementing Information Access You use the Owner Field property or Position Visibility Field property of the Business Component object to establish Personal visibility. the Action (that is. the Campaign Achievement. a separate owner ID field is created (generally named Owned By ID) that defaults to the value in Created By but can be exposed in the user interface and changed by a user. In some cases the owner or position is not exposed in the user interface. and Quota Achievement business components use a position ID field (called Position Id) to hold a position that establishes Personal visibility. This is similar to the use of a sales team field in business component records to establish Sales Team visibility for each record. the sales team field used for Sales Team visibility is multivalued (based on a multi-value link) and contains only positions. such as Correspondence and Response Product. An owner or position ID field used for Personal visibility is always single-valued and can contain either a logon ID or a position. Contact (Personal).

An indirect subordinate is the subordinate of a subordinate. You designate the primary sales team member of a record in the sales team multivalue group applet. invoked from the record’s sales team multi-value field. The word “My” is sometimes omitted. as in Team’s Activities. Manager visibility is derived from the settings for Personal and Sales Team visibility.Controlling Access to Information Implementing Information Access Manager Visibility Manager visibility provides access to records in which the primary sales team member (when the business component uses Team visibility) or the owner or position (when the business component uses Personal visibility) is the logged-on user and his or her direct subordinate. Version 6. he or she will receive no data in this visibility mode. The primary sales team member is indicated in the check box in the Primary list column (shown in Figure 14). Primary Member in a Contact Access List There are no business component settings specific to Manager visibility. Check mark indicating the primary member of the list Figure 14. If a manager has no subordinates. You can view and manipulate these relationships in the tree applet in this view.0 Controlling Access to Information 37 . Manager visibility views generally contain the phrase “My Team’s” at the beginning of the title. such as My Team’s Accounts or My Team’s Product Defects. Manager-subordinate relationships are determined from the position hierarchy. Positions have a Parent Position field in the Position Administration view that establishes a manager-subordinate relationship.

The logged-on user does not have to be the record owner (Personal) or a team member. NOTE: The visible records in All visibility can be different for connected users as opposed to mobile users. All Opportunities across organizations. it is rarely necessary to manually administer faulty record ownership or team membership. A separate visibility mode. This subsection contains a complete list of the object properties that are used to set record-access visibility.Controlling Access to Information Implementing Information Access Organizational Visibility Organization views show all records where the organization on those records match the organization associated with the user’s current position. and so on. These views in the outof-the-box product generally contain the word “All” at the beginning—All Accounts. Admin mode will also overrides business component-level (but not applet-level) record operations restriction properties such as No Delete. This situation is described in “Implementing Routing Restrictions” on page 50. An All visibility view generally contains the word All at the beginning of the title. For a discussion of Admin mode. For information about defining your company structure at the multiple organizational level. Therefore. No Insert.0 . for example. called Admin mode. provides the means to see all records. including those without a valid owner or primary team member. No Merge. You specify Admin mode for a view in the Admin Mode Flag property. All Visibility All visibility provides access to all records that have a valid owner person or position (in Personal visibility business components) or a valid primary sales team position (in Team visibility business components). Admin mode enables the administrator to modify records that otherwise no one could see. Record-Access Visibility Property Settings Some of the record-access visibility properties have already been introduced. see “Defining a Multiple-Organization Enterprise” on page 63. as in All Contacts across organizations. 38 Controlling Access to Information Version 6. and No Update. “View Properties” on page 42. Problems with sales team and owner assignment are generally resolved automatically by Assignment Manager when it runs.

Manager and All visibility are derived from these visibility types. see the Siebel Object Types Reference. Team.Controlling Access to Information Implementing Information Access For a complete list of configurable objects and their properties. Properties for the Business Component object type appear in Figure 15. Business Component Properties You can configure Business Component objects to provide Personal. Properties specify which single-value field points to the owner position or employee for Personal visibility or which multi-value field holds the set of team records for Sales Team visibility. Figure 15.0 Controlling Access to Information 39 . Business Component Properties Version 6. or Organizational visibility.

Controlling Access to Information Implementing Information Access The following properties in business components specify the most important visibility characteristics: Visibility Emp MVField property. The designated field is a record ID field that points to records in the Employee business component. in the case of contacts. and configure the Contact (Personal) business component for Personal visibility. Owner Visibility Field property. Version 6. If position-based Personal visibility is established with a value in this property. This property identifies the field used to establish employee-based Personal visibility. which identifies the corresponding multi-value field. If you establish employee-based Personal visibility is established with a value in the Owner Visibility Field property. This property specifies the name of the multi-value link used for maintenance of the list of sales team positions in Sales Team visibility. Organization Visibility MVField property. Position Visibility Field property.0 . Visibility MVLink property. you can create separate business components based on the same base table. you should not also specify employee-based Personal visibility using the Owner Visibility Field property. This property specifies the name of the multi- 40 Controlling Access to Information       value field used for maintenance of the list of sales team positions in Sales Team visibility. This property is used in conjunction with Visibility MVLink. NOTE: In situations where both Personal and Sales Team visibility need to display. Typically the multi-value link is to the Position business component. This property identifies objects that are related to a multiple-organization structure. This property is used in conjunction with Visibility Emp MVField. and is named Position. which identifies the corresponding multi-value link. Organization Visibility Field property. you should not also specify position-based Personal visibility with a value in the Position Visibility Field property. The designated field is a record ID field that points to records in the Position business component. This property identifies the field that establishes position-based Personal visibility. For example. configure the Contact business component for Sales Team visibility. This property identifies objects that are related to a single-organizational structure.

This property specifies the name of the multi-value link used in organizational visibility. The owner of a record in a business component set up for Sales Team visibility mode (nonblank Visibility MVLink and Visibility Emp MVField properties) is the primary position on the sales team: The owner when the business component is set up for employee-based Personal visibility (non-blank Owner Visibility Field) is the employee whose logon appears in the field pointed to by the Owner Visibility Field property. then only the owner (under Personal or Sales Team visibility) can delete the record. Version 6. Controlling Access to Information 41 . If FALSE. This property specifies visibility within pick and association applets The Popup Visibility Type property is located in the Business Component object of a pick or association applet. Owner Delete property.0       contact visibility. then anyone can delete the record. This property identifies the field used to establish When you designate a view for Admin mode. “owner delete” protection is not enabled and anyone having access to the view can delete any record.Controlling Access to Information Implementing Information Access Organization Visibility MVLink property. If TRUE. The following business component properties also have a role in visibility. You use this property in conjunction with the Organization Visibility MVField property. This property requires a TRUE/FALSE value that establishes the deletion rights of the user to the business component. although not as central to configuration: Popup Visibility Type property. The designated field is a record ID field that points to records in the Contact User business component. Contact Visibility Field property. The owner when set up for position-based Personal visibility is the position in the field pointed to by the Position Visibility Field property.

It operates only when owner-based Personal visibility is in effect. This property enables Siebel applications to include predefined queries that are partitioned by user but still allows having public queries (defined by an administrator) that show up in the same list.Controlling Access to Information Implementing Information Access Owner Field property. 42 Controlling Access to Information    that enable predefined queries. If it is not marked as private and employee-based owner visibility is in effect. You can configure each view that is to provide some level of restricted visibility using the Visibility Applet Type and Visibility Applet properties. Version 6. then only the owner of the record will see it. This property is primarily used for business components View Properties Property settings in definitions of View objects set up view-access visibility (responsibilities). generally named Private.0 . These properties select the visibility type and specify which applet in the view is restricted by the visibility setting. The value in this property specifies the name of a field that indicates private or public access to the record. If a field is specified as the Owner field. that field will contain a TRUE/FALSE value in each record indicating whether or not the record is private: If the record is marked as private and employee-based owner visibility is in effect. then all users can see it.

or Sales Rep. This value provides access to all records except those with a missing or invalid primary position in the sales team. Manager. Version 6. Contact value. All value. Personal.Controlling Access to Information Implementing Information Access Properties for the View object type appear in Figure 16. View Properties The following properties in views are used in visibility configuration: Visibility Applet Type property. This value provides access to contacts. Contact. Organization. Figure 16.0    Controlling Access to Information 43 . This property specifies the visibility mode that will be applied to the applet indicated in the Visibility Applet property and contains the value All.

When 44 Controlling Access to Information     subordinates. If the view is in Admin mode. it designates the view as one that operates in Admin mode. However. Version 6.   TRUE. This property is used in conjunction with the Visibility Applet Type property. Organization value. and No update restrictions for the business components used by the applets of the view are ignored. In Admin mode. This mode is distinct from All visibility. This property requires a TRUE/FALSE value. This value provides users access to records they own. Admin Mode Flag property. Sales Rep value. Personal value. they see only the records where manager or subordinate is a primary member of the team. This property specifies which applet controls the view visibility. For views where visibility is based on team ownership. Organization of the records must match the user’s current organization. Managers can see their own records and records for their Visibility Applet property.Controlling Access to Information Implementing Information Access Manager value. If a field has a Read Only value of TRUE. Opportunity Administration view. No delete. these restrictions are set for the applet rather than for the business component. the user will see every record. which shows all records that have a primary team member designated. No merge. This value provides users access to records whose sales team or contact access list contains the user’s position. Usually this applet is the list (upper) applet in a list-form view or the master applet in a master-detail view. even those with no primary team member designated. The Account Administration view. and Product Administration view are examples of Admin mode views. This value provides access to an entire organization. Admin mode disables All visibility rules.0 . the Admin mode will not circumvent the restrictions. then the No insert.

Controlling Access to Information Implementing Information Access Link Properties Properties for the Link object type appear in Figure 17.0 Controlling Access to Information 45 . Link Properties One property in links controls visibility: Version 6. Figure 17.

NOTE: Manager visibility is never applied to child business components. even though the view does not have active visibility settings in the Visibility Applet and Visibility Applet Type properties. Never value. Drilldown value. If there is a masterdetail relationship between the visibility applet and an applet displaying detail records. Never. Valid values are Child. Always value. This value enables visibility rules in the detail records when the current master-detail view is based on this link. visibility rules are applied to the detail records of master-detail views based on this link. This property indicates how visibility rules should 46 Controlling Access to Information      be applied when the current view uses this link. Version 6. When Child is specified. regardless of the value of the Visibility Rule Applied property. This value disables visibility rules in the detail records when the current view is based on this link. visibility rules are applied to the destination view after drilling down. When Drilldown is specified. and Always.Controlling Access to Information Implementing Information Access Visibility Rule Applied property. Visibility settings in a view apply to the applet specified in the Visibility Applet property. Child value. Drilldown. but it does not allow them to drill down to see the complete records. this property allows users to see detail records that they would not see because of visibility rules.0 .

Controlling Access to Information
Implementing Information Access

Drilldown Object Properties
Properties for the Drilldown Object object type appear in Figure 18.

Figure 18. Drilldown Object Properties

The Drilldown Object object type has one visibility-related property, for use in row ID-based drilldown:
Visibility Type property. You use the Visibility Type property setting to specify a

Version 6.0 

different visibility type than the default visibility for the destination business component. Generally, you should use a value of All to ensure that the destination record can be displayed.

Controlling Access to Information

47

Controlling Access to Information
Implementing Information Access

Report Properties
Properties for the Report object type appear in Figure 19.

Figure 19. Report Properties

Report object definitions have one visibility-related property:
View Mode property. For static Actuate reports, set this property to the type of

visibility that should be applied to the report’s business component.

48

Controlling Access to Information

Version 6.0

Controlling Access to Information
Implementing Information Access

Configuring Drilldown and Pop-Up Visibility

Intro

The combination of property settings for the View and Business Component objects determines the visibility of records to specific users in specific views. However, these settings do not directly govern what happens when the user leaves the view through drilldown or invokes a pick applet. The following sections explains how information access works in those situations.

Drilldown Visibility
Drilldown visibility can occur in three different scenarios:
Within a business object. If the original view and drilldown view are both based

Version 6.0 



on the same business object and visibility is unspecified in the drilldown view, whatever visibility is in effect in the original view continues in the drilldown view. For example, when you drill down on the Account list column in the view entitled My Accounts, you are taken to the view entitled Account Contacts, and presented with the list of contacts for the account from which you drilled down. Both of these views specify the Account business object, so the Team visibility in effect in the original view is also applied, even though there are blank visibility settings in the drilldown view.
Between different business objects. If the original view and drilldown view are

based on different business objects, moving from one to the other may require resetting the visibility in the destination to something other than its standard setting. A setting of Drilldown in the Visibility Rule Applied property in the Link object definition (for the original view) specifies that the current visibility setting should be applied when you drill down. For example, when you drill down on the Account list column in the view entitled Opportunity Contacts, you are moving from the Opportunity business object to the Account business object. A setting of Drilldown in the link on which the original view is based would restrict the user to seeing accounts in the destination view that are detail records of opportunities to which the user has visibility.

Controlling Access to Information

49

The visibility rules previously described apply to all users. Each mobile user of Siebel applications has a local database that typically contains a subset of the data that exists on the server database. Remote users (typically mobile users) download database records to their laptops by means of a synchronization process. A row ID-based drilldown drills down to a specific record in the destination view based on matching the source field and destination field in the source and destination business components. The Drilldown Object object type provides the means to perform row ID-based drilldown. 50 Controlling Access to Information  Pop-Up Visibility The visibility on pick or associate applets can be assigned the same visibility as the View object. Routing restrictions for information access apply in addition to other visibility restrictions. An additional category of restrictions called routing restrictions are placed on user access to records that will be viewed only by remote users. whether connected or remote. There is a Visibility Type property in the Drilldown Object object for specifying this. Intro Version 6.Controlling Access to Information Implementing Information Access To a destination record. the visibility setting might need to be adjusted in the destination view so that the destination record can be displayed. The Auto All/Org setting (on the Popup Visibility property of a Business Component object) dynamically determines the access level of the user’s responsibility and then assigns the least restrictive visibility. Connected users view data from the server database through a local or wide area network. When you enable this feature (by specifying a row ID field or a blank in the Destination Field property of the Drilldown object). Implementing Routing Restrictions Both connected and remote users access data on the server.0 .

0 Controlling Access to Information 51 . Figure 20.Controlling Access to Information Implementing Information Access Implementing Siebel applications with a multiple-organization structure can improve synchronization time for customers whose organizations access different referential data like products. The docking visibility rules determine which records from the server database are propagated to each mobile user. Dock Object and subordinate objects appear in Figure 20. A view with All visibility will have unpredictable and possibly undesirable results for a mobile user. NOTE: You should disable access in all responsibilities to offline work for views that have All visibility. so users get only the information they need. To disable access in responsibilities. Dock Object and Subordinate Objects You might need to view and analyze the property settings for these objects in the following kinds of circumstances: Version 6. Siebel applications allow association of referential data with specific organizations. You can view these objects are viewable through Siebel Tools but only Siebel developers and configure them. SmartScripts. set the Local Access list column to FALSE for these view assignments (as explained in “Using the Local Access Column” on page 19). literature. price lists. and so on. Docking visibility rules are implemented through properties of Dock Object and subordinate objects.

Version 6. In this circumstance it is critical that the table’s intended use be consistent with its docking visibility rules. 52 Controlling Access to Information   The property settings for the Dock Object family of object types are discussed in the following sections. Selective routing is discussed in “Selective Routing” on page 60. When determining which routing rules to have Siebel personnel disable.Controlling Access to Information Implementing Information Access When deciding whether to use a particular table in the Siebel data model for a nonstandard purpose (for example. storing something other than activities in the S_EVT_ACT table).0 . in support of selective routing.

Figure 21. The possible values for the Visibility Level property are: Version 6. Sales Team.Controlling Access to Information Implementing Information Access Dock Object Properties Properties for the Dock Object object type appear in Figure 21. Dock Object Properties The Visibility Level property in a Dock Object object type specifies which records are to be transferred for the corresponding set of tables: You can choose all records or a limited set that corresponds to combinations of Personal. and Manager visibility to be transferred. The property setting for the child object of Dock Object further defines and restricts the transfer rules.0 Controlling Access to Information 53 .

Controlling Access to Information Implementing Information Access Limited value. Records are routed only if the user is on the contact access list or is the manager of an employee on the access list or for contacts that are available through drilldown. which means they have no restriction on the transfer of records. Calendar Item. Contact dock objects. DocQuote (quote) dock objects.0 . Opportunity dock objects. Private value. Contact. Campaign dock object. or for service requests that are available through drilldown. Records are routed only if the user is on the campaign team. and Campaign dock objects. Sales Team. ProductDefect dock objects. Records are routed only if the user created or is assigned to the quote or is the manager of the creator or assignee or for quotes that are available through drilldown. This value ensures that the rows in these dock objects will never be routed to any mobile clients. Version 6. Forecast. ServiceRequest dock objects. This value specifies a distribution of records corresponding to 54 Controlling Access to Information           All visibility. Records are routed only if the user created or is assigned to the product defect. The majority of dock objects have enterprise-level routing. depending on the Dock object and the user logon ID. The major dock objects have the following default limited-level routing: Organization (Account) dock objects. Opportunity. This value is used exclusively for routing of nonconfigurable data. Records are routed only if the user is on the account sales team or is the manager of an employee on the account team or for accounts that are available through drilldown. Product Defect. and Manager visibility. DocQuote (quote). Records are routed only if the user created or is assigned to the service request. Service Request. This value specifies a distribution of records corresponding to some combination of Personal. You specify limited-level routing by default for the Organization (Account). Enterprise value. Records are routed only if the user is on the opportunity sales team or is the manager of an employee on the sales team or for opportunities that are available through drilldown.

Controlling Access to Information Implementing Information Access Dock Object Table Properties The Dock Object Table object type (a child object type of Dock Object). The Contact dock object object definition Dock object table child object definitions Figure 22.0 Controlling Access to Information 55 . Dock Object and Dock Object Tables Each dock object consists of a collection of tables related through foreign keys to one driving table (also represented with a Dock Object Table object definition). Version 6. is used to specify the tables whose records are transferred in conjunction with Dock Object. The Contact dock object and its child dock object tables appear in Figure 22. The driving table is identified in the Primary Table property in the Dock Object object type.

56 Controlling Access to Information Version 6. but it also includes other dock object tables such as S_NOTE_CON (notes for the contact). where each such logical record is itself a collection of one or more physical database records spread across multiple tables.Controlling Access to Information Implementing Information Access For example. This dock object also includes the extension tables for S_CONTACT. and S_POSTN_CON (access list for the contact). A Dock object can therefore be thought of as a set of logical records (contacts.0 . S_CONTACT_REL (relationships between contacts). the Contact dock object shown in Figure 22 is based on the primary table S_CONTACT. in this case).

Dock Object Visibility Rule is a child object type of Dock Object. as illustrated for Contact in Figure 23.Controlling Access to Information Implementing Information Access Dock Object Visibility Rule Properties In order to determine which logical records in a dock object to give to each mobile user. Dock Object and Dock Object Visibility Rules Version 6. The Contact dock object object definition Dock object visibility rule child object definitions Figure 23.0 Controlling Access to Information 57 . the Siebel application evaluates the dock object visibility rules for that dock object.

These properties appear in Figure 24 and are explained later in this section. 58 Controlling Access to Information Version 6. each dock object visibility rule has a Visibility Strength property and a Sequence property. the dock object visibility rules on the Contact dock object include the following: “You are on the sales team of the Contact. In addition.” and so on.Controlling Access to Information Implementing Information Access Each Dock Object Visibility Rule object has a Comments property that explains what the rule checks. Properties of the Dock Object Visibility Rule Object Type Siebel applications determine which database records to propagate to each mobile user (for dock objects that have limited visibility) by evaluating the visibility strength of the user for a dock object and then comparing the numeric value with the visibility strengths of the tables the applications contain.0 . For example.” “You are the owner of the Contact.” “You are the manager of the primary sales rep on the Contact’s sales team. Figure 24.

If none of the dock object visibility rules pass for a given logical dock object record and a given mobile user. As soon as one of the rules passes. by convention. A visibility strength of 100 denotes full visibility.Controlling Access to Information Implementing Information Access Determining Visibility Strength The user’s visibility strength for a dock object is determined from the dock object visibility rules. For example. if the ninth rule passed. while the ninth rule (“Contact for an Account Group you have full visibility on”) has a visibility strength of 50. but a value of 100 is. the Siebel application sequentially evaluates the rules in order of descending visibility strength and ascending sequence until one of them “passes” (that is. use values in the 0–100 range rather than 0–254. If your configuration does not require the use of values higher than 100. However. Version 6. The visibility rule illustrated in Figure 24 has full visibility (a visibility strength of 100). Visibility Strength Values Visibility strength values are integers between 0 and 100. and for each mobile user. if they are not on the sales team for that contact (and if all the other first eight visibility rules also failed). NOTE: The integer range for a visibility strength value is actually 0 to 254. they get that logical contact record with a visibility strength of 100. evaluates to TRUE). then that user will not receive that particular logical record. the Siebel application stops the evaluation process and gives the current logical dock object record to the current mobile user. For each logical dock object record. considered to mean full visibility. Any value between 1 and 100 (typically 50) denotes partial visibility. If users are on the sales team for a particular contact.0 Controlling Access to Information 59 . When a dock object visibility rule passes. while a visibility strength of 0 denotes no visibility. The first visibility rule (“You are on the sales team of the Contact”) has a visibility strength of 100. they still get the logical contact record that has a visibility strength of 50. the mobile user gets the parent (logical) dock object record with a (user) visibility strength value obtained from the corresponding property in the dock object visibility rule that caused the user to get the record. consider two different dock object visibility rules on the Contact dock object.

You implement selective routing is implemented through a combination of disabling a dock object visibility rule (this procedure must be performed by Siebel technical personnel) and adding account names to mobile clients in an administrative view. The choice of which dock object visibility rule (or rules) to disable depends on which visibility mode is generating the bulk of the unwanted records.Controlling Access to Information Implementing Information Access Receiving records Based on Visibility Strength The user’s visibility strength (obtained from the successful dock object visibility rule) is compared with each dock object table’s visibility strength. rather than all accounts to which he or she has visibility. This feature makes it possible to limit the connection time and disk space consumption of mobile users by transferring only the accounts each salesperson needs. Caution: Disabling a visibility rule affects all mobile users accessing the server. suppose that a particular mobile user receives a particular logical record from the Contact dock object with a visibility strength of 50. so you should undertake this change should cautiously. the visibility strength must equal or exceed the visibility strength specified for that table. For users to receive the records from a particular dock object table. The Siebel application then propagates to the user’s local database all physical records that are related to the given contact on any of the dock object tables that have a visibility strength of 50 or more in the Contact dock object. 60 Controlling Access to Information Version 6.0 . Selective Routing Selective routing (also called selective retrieval) is a routing capability that provides the means to restrict the list of accounts routed to individual salespersons who are connected to the server remotely. generally Manager (rather than Sales Team or Personal). For example. as specified in its Visibility Strength property. The remainder of this section describes how Siebel applications determine visibility strength and use it as a factor for record access.

This is accomplished for each user in the Account Synchronization Selection view. Accounts added to a mobile user’s routing rights through the selective routing feature do not alter the user’s visibility restrictions on viewing records. Version 6.0 Controlling Access to Information 61  Once the undesired routing rule is disabled. This view appears in Figure 25. and adds (in the lower applet) new account records to the mobile user record thus specified.Controlling Access to Information Implementing Information Access Figure 25. the server must be configured to override the disabling for specific accounts to be routed to specific users. the user adds (in the upper applet) a new record for himself or herself as a mobile user.  . If the user does not have visibility to an account but is having it routed. You invoke this view in the Siebel client through Screens Personal Administration Account Synchronization Selection. Account Synchronization Selection View In the Account Synchronization Selection view. he or she will receive that account’s records but will not be able to see them.

Controlling Access to Information Implementing Information Access For a more complete discussion of selective routing and its implementation. refer to the Siebel Remote and Replication Manager Administration Guide.0 . 62 Controlling Access to Information Version 6.

Add views to positions and organizations Add employees to positions and organizations.Controlling Access to Information Defining a Multiple-Organization Enterprise Defining a Multiple-Organization Enterprise 1 Determine the organizational structure you want to implement.0    Intro Controlling Access to Information 63 . For information on performing this activity. It it always a good idea to consult Siebel Expert Services before proceeding. see “Administering Organizational Privileges” on page 84. see “Creating Associations for Referential and Transactional Data” on page 83. For information on performing this activity. see “Determining Your Organizational Structure.” following. then you should consider creating multiple organizations. For example: Create organizations. However. Version 6. 4 Specify the responsibilities and views that can be granted to organizations with delegated administration. Determining Your Organizational Structure The multiple-organization capabilities in Siebel eBusiness Applications are effective tools for controlling the access of information across internal and external organizations. 2 Define your organizational structure. see “Defining Your Organizational Structure” on page 66. creating organizations for the wrong reasons can make using and administering the applications more difficult. If any of the business scenarios described in this section fit your enterprise. Add positions to organizations. 3 Create associations to organizations for transactional and referential data. For information on performing this activity.  Intro To define a multiple-organization enterprise you need to do the following activities: For information on performing this activity.

Siebel eChannel.COM Applications.0 . and literature are available. Consumers can choose to interact directly with a company over the Internet using Siebel . you can create a separate consumer organization where subsets of your price lists. Version 6. With multiple organizations you can simplify your users’ working environment by limiting the data available to them to only items they are interested in seeing and using. Working with different internal organizations. Limiting access to unnecessary data also speeds up synchronization times for mobile clients. Siebel eSales. You should create multiple organizations if you have distinctly different internal organizations whose users access different referential information (for example. With separate partner organizations you can isolate the information the partners are able to access while maintaining customer information in a single source. You should create multiple organizations when you need to integrate Siebel front office applications with back office systems that use organizational entities.Controlling Access to Information Defining a Multiple-Organization Enterprise Implementing business-to-business communications. product and price lists. Connecting Siebel applications with back office applications. and Siebel eService are preconfigured solutions that make business-to-business transactions and collaboration more efficient. You should create multiple organizations to limit the data that your Web-based customers can access. You can use Siebel applications for both internal employees as well as the employees of the companies you partner with. Limiting data access. To ensure that consumers are able to access information appropriate for their needs. catalogs. literature. You should create multiple 64 Controlling Access to Information     organizations when you implement business-to-business communications. Mapping a Siebel front office organization to a back office organization with the same profile makes integration easier and more efficient. and SmartScripts).

NOTE: Changing your company structure can cause a re-evaluation of visibility for all objects related to the objects that have changed. Version 6. For more information about minimizing the impact. Here are some environmental considerations: The “My” and “My Team’s” views remain unchanged by organizations. Effect of Moving from a Single. You should create multiple organizations when your call center agents take calls from diverse sources for distinctly different business needs.0       During a given day these multi-tenant call center agents might take orders for goods ranging from cosmetics to camping equipment and arrange for services ranging from return of a CD purchase to repair of telecommunications equipment.Controlling Access to Information Defining a Multiple-Organization Enterprise Receiving calls from diverse sources. and products to the organization so users belonging to the organizations can access them Controlling Access to Information 65 . All views display data for the organization association with the user’s current position. A multiple-organization structure allows these agents to switch into and out of whichever organization is appropriate for each caller and to greet all callers with appropriate messages and to provide them with the goods and services they expect. see the Siebel Remote and Replication Manager Administration Guide. price lists. This situation can result in a negative performance impact.to a Multiple-Organization Structure When you move your Siebel implementation from a single-organization to a multiorganization environment you need to do the following: Grant new views to users that require access to information across organizations Define pop-up visibility rules on picklists so that the information that is accessed is in line with your company’s business processes Make application administrators aware that they need to associate referential data such as literature.

Defining your company’s structure involves setting up the following items: Organizations and organization skills Divisions. and then display information appropriate to each of those groups Set up multi-tenancy for call centers Limit visibility to data based on the organization(s) to which user positions are assigned Assign skills to organizations so you can use Assignment Manager to route assignments based on organization 66 Controlling Access to Information             Intro Version 6. which control the screens and views users have access to The set-up procedures are described in the following sections. which set default currencies and can be used in Actuate reports Positions and position skills. which they belong (Edit Defining Your Organizational Structure The definition of your company’s structure in your Siebel application affects what information users have access to. These settings limit at the picklist level users’ access to data they should not see.0 . Setting Up Organizations and Organization Skills Having a multiple organizational structure allows you to do the following: Partition the organization into logical groups. Users can change their position and view data within another organization to Change Position). The All across Organizations views are typically granted to users needing to access all records in the application. which control the data users have access to Responsibilities. Pop-up visibility for multi-value groups (MVGs) and picklists can be set to various visibility settings at the business component level.Controlling Access to Information Defining a Multiple-Organization Enterprise “All across Organizations” views show all of the data that is available for the business object selected.

if you want to. 5 Enter the partner manager position. 2 Choose the Organizations list applet.COM Applications Guide. This is an optional field used by Siebel eChannel. An empty row is added to the list. NOTE: Organizations are not hierarchical. The partner manager is a person in the organization who manages the relationship of that particular channel partner. Application Administration   67 . see the Siebel . choose Screens Organizations Organizations. 4 Enter the name of the new organization.Controlling Access to Information Defining a Multiple-Organization Enterprise To set up an organization NOTE: Organizations cannot be deleted. Controlling Access to Information  1 From the Siebel application client. Version 6. The Organizations view appears. This position is used in fund requests as the default value in the “Assign to” column. 6 Complete the optional fields.0  3 Choose Edit Add New Record. For more information about eChannel.

Setting Up Divisions Divisions belong to organizations and are used to record addresses and to maintain default currencies. add it. 6 Select a skill in the Item field. Add New Record.0 . 2 Select the organization for which you want to add skills. User reporting structures are defined by their parent position. You must have at least one division set up in order to implement Siebel eBusiness Applications. choose Screens Organizations Organizations. Application Administration   Version 6. 8 Select the Organization Skill Item applet. This action adds an empty row to the list. This action adds an empty row to the list. skills are added using Siebel Tools. 4 Select the Organization Skill list applet. The fields vary depending on which organization skill you added in Step 5. but their division defines their country of operation and currency.  1 From the Siebel application client.Controlling Access to Information Defining a Multiple-Organization Enterprise To set up organization skills The Organizations view appears. 7 Add comments. if you want to. 10 Complete the fields for the new records. The Organization Skills view appears. Skills must exist before you can add them. If the organization does not exist. 68 Controlling Access to Information  9 Choose Edit  5 Choose Edit Add New Record. 3 Click Organization Skills in the view bar.

upgrading that Division to an organization. choose the parent division. When the flag is checked. Required. This affects the currency default for things like new opportunities. This is a read-only field that shows to what organization the division belongs. Table 2.Controlling Access to Information Defining a Multiple-Organization Enterprise To add a division The Organization Administration view appears. The default currency for the division. An informational field to indicate that the organization represents a partner with your business. The organization can be changed by choosing another organization with the Parent Division Name picklist. The name of the organization. If this division is a subdivision. This action adds an empty row to the list. Allows a division to be associated with another division or with an organization. Field Currency Division Name Organization Selected Fields for the Organization Administration View Comments Organization Flag Parent Division Name Partner Flag Version 6. Table 2 describes some of these fields. (Sheet 1 of 2) 69 . 2 Choose the Divisions list applet. A parent division must exist before you can select it. Controlling Access to Information   1 Choose Screens Application Administration Divisions. the Siebel application copies that division into the organizations view. A check mark indicates that the division is also an organization. The new division appears in a folder in the Divisions explorer applet. 4 Complete the fields for the new record.0  3 Choose Edit Add New Record.

Users can belong to more than one organization. 70 Controlling Access to Information   1 Choose Screens Application Administration Positions. Setting Up Positions and Position Skills As you define your company structure. and data is displayed for that position. However. Field Selected Fields for the Organization Administration View Comments (Sheet 2 of 2) Partner Manager Position Type A person in the organization who manages the relationship of that particular channel partner. then this division appears in the Service (Request) Group picklist. Positions determine which records users with a particular position can access. This position is used in fund request as the default value in the “Assign to” column. If this is the case for a given user. The type of division. you define specific positions within each level in the hierarchy of divisions.Controlling Access to Information Defining a Multiple-Organization Enterprise Table 2. NOTE: An employee must have a position in order to log on to a Siebel application. To define a position NOTE: You must be logged on to a server database to add positions. the user needs to choose Edit Change Position. the group specified does not determine visibility to the given service request. a sales representative could change to a sales executive position and have the exact same views as before while gaining visibility to another organization’s data. Version 6. If the Type field is set to Service. 2 Select the Positions list applet. he or she is logged on using a primary position. for instance.0  . The Position Administration view appears. Positions are used to associate users to organizations. Utilizing this technique. To change positions and gain access to different data.

My Opportunities. d In the Assigned Employees dialog box. respectively. click New.. The new division appears in a folder in the Divisions explorer applet. 5 Select one or more employees to occupy the position: a Click the ellipsis (. However. and Contact Access List applets. 4 Select a parent position..Controlling Access to Information Defining a Multiple-Organization Enterprise This action adds an empty row to the list. select one or more employees to occupy the position. for example. Your choice appears in the Organization Chart applet. and contacts in the My Accounts. Controlling Access to Information 71 . c In the Add Employees dialog box that appears.0  3 Choose Edit Add New Record. Opportunity Sales Team. b In the Assigned Employees dialog box that appears. Only active employees in a position will appear in the Account Team. all the employees in that position can view the accounts. NOTE: There can be only one primary employee for a position and one primary position for an employee. if employees are sharing a job.) button in the Last Name field. You might have more than one employee in a position. and My Contacts views. opportunities. Version 6. NOTE: Employees must exist before you can add them to a position. place a check mark in the Active field for the employee that you want to make the primary employee for this position and then click Close.

see the Siebel Incentive Compensation Guide. The group specified does not determine visibility to the given service request. by choosing Edit Position Territory The name of the position. Deleting positions could cause problems with Assignment Manager in cases where the position had been set as primary for an account. Required. Used for incentive compensation. then you must create a position for each organization and assign the employee to each position.Controlling Access to Information Defining a Multiple-Organization Enterprise 6 Complete the fields for the new record. Change Position. The type of division. Allows a position to be associated to a territory for use by the Assignment Manager module. Field Billing Product Compensatable End Date Comments Used for Professional Services. The following table describes some of these fields. The employee can then see one organization’s data at a time. Most fields in the Position applet populate automatically from the Employee record of the active employee. the Start Date field shows the start date of the employee who is marked Active for the position. If the Type field is set to Service. Last day the position is valid. A position can only have one organization. For more information about Assignment Manager. Type 72 Controlling Access to Information  Version 6. instead of deleting a position. and you didn’t update the account with a new primary when you deleted the position.0 . Use this field to make a position obsolete. see the Siebel Assignment Manager Administration Guide. If you want a user to have visibility to some organizations but not all organizations. For example. then this division will appear in the Service (Request) Group picklist. For more information. Organization Select an organization for the position.

4 Click Position Skills in the view bar.0  10 Choose Edit  6 Choose Edit Add New Record. Skills must exist before you can add them. For example. 8 Add comments. Controlling Access to Information   1 Choose Screens Application Administration Positions. 3 Select the position for which you want to add skills. The Position Skills view appears. If the position does not exist. 2 Select the Positions list applet. This action adds an empty row to the list. Add New Record. 73 . 11 Complete the fields for the record.Controlling Access to Information Defining a Multiple-Organization Enterprise To add a skill to a position The Position Administration view appears. This action adds an empty row to the list. You can create skills using Siebel Tools. add it. if you want to. Version 6. 9 Select the Position Skill Item applet. 5 Select the Position Skill list applet. The fields vary depending on the position skill you added in Step 6. 7 Select a skill in the Item field. the System Administrator responsibility allows access to all views. Defining Responsibilities Responsibilities determine which views users can access. Defining responsibilities lets you limit user access to views.

plus the Sales Manager views. Therefore. Responsibilities. and sales representatives. 74 Controlling Access to Information  Version 6. For instance. you should also not add Applications Administration screens to responsibilities associated with end users. You might prefer to use the sample responsibilities that ship with your Siebel application. NOTE: You cannot edit sample responsibilities. this view would be inappropriate for end users. you may want to disable the License Key button for certain users (This button is found under Help Technical Support). The sales manager responsibility might have access to the same views as the sales representative.Controlling Access to Information Defining a Multiple-Organization Enterprise For example. the sales manager. you should limit access to the Employees. Mobile Clients. In addition. You would probably create responsibilities for the marketing administrator. The sales representative responsibility might have access to all views except those reserved for sales management. marketing administration. You can copy these and then customize them. Master Forecasts. select the responsibility that should not see the button and delete the view Edit License Key. System preferences control server logic and processing. To define a responsibility. To disable this button. and Territories screens. suppose you are defining responsibilities that correspond to the major job functions in your sales and marketing organizations. You should grant access to the System Preferences view to only a select group of administrators. because the work performed using these screens has farreaching implications for the entire application. Likewise.0 . Views. you must specify which views are available to that responsibility. and applications administration. and so on.

The views for the existing responsibility are copied. NOTE: You cannot edit the sample responsibilities. you must copy them before you can modify them. 75 . 2 Select the responsibility you would like to copy. Version 6. By default. 6 Select an organization for the responsibility. However. but the employees are not. the Responsibility Administration view shows all responsibilities.0  3 Choose Edit Copy Record. so you can later identify its function.Controlling Access to Information Defining a Multiple-Organization Enterprise To copy an existing responsibility The Responsibility Administration view appears. 5 Enter a new description for the responsibility. regardless of organization. 4 Enter a new name for the responsibility. Controlling Access to Information   1 Choose Screens Application Administration Responsibilities. you may want to configure new views (using Siebel Tools) that restrict the visibility to responsibilities to delegate administration of these responsibilities.

You must copy them before you can modify them. The views must already exist. 2 Select the responsibility you would like to modify. use the following guidelines: 76 Controlling Access to Information   1 Choose Screens Application Administration Responsibilities. 3 Select the Views applet. For more information on adding views. there is no way to determine which views a user is allowed to access. Setting Up User Access for External Organizations Many Siebel eBusiness Application implementations group Siebel . Without responsibilities. and then click Add.Controlling Access to Information Defining a Multiple-Organization Enterprise To modify a responsibility The Responsibility Administration view appears. NOTE: You cannot edit the sample responsibilities. select records from the Add Views dialog box.COM users by organization. 4 Choose Edit Add New Record.  Version 6. see the Siebel Tools Guide. Now you must set up your users. so they can be given responsibilities.0 . a user cannot use the Siebel application. To provide correct data visibility for users within multiple external organizations. NOTE: You can also delete views from this view.

When a delegated administrator registers a new user. Assign a responsibility to the employee. and. if you use delegated administrators.COM users: Add a new proxy employee for registered users. the choices available for User Role should include only proxy employees in the same organization as the delegated administrator. If necessary. For information on performing this activity. For information on performing this activity. Siebel applications provide several proxy employee records as seed data. Unlike other employees. see “To assign a responsibility to the proxy employee” on page 82. see “To create a new proxy employee record” on page 78.COM application users. An administrator with visibility across organizations must do the following tasks for each organization for which there will be Siebel . add a new proxy employee for delegated administrators. Siebel Systems recommends compliance with these guidelines. Controlling Access to Information 77 .0       NOTE: Do not create extra proxy employees for unregistered users. a proxy does not represent a real person and does not have a database logon ID.Controlling Access to Information Defining a Multiple-Organization Enterprise The organization that a user’s contact record belongs to must match the organization of that user’s proxy employee. Assign a position to the employee. Each proxy is a record in the Employee table of the database. Proxies provide database visibility indirectly to users of Siebel . A proxy provides a responsibility and visibility to . modify the seed data queries to accommodate the added proxy employees.COM applications. Version 6. For information on performing this activity. The seed data Unregistered Visitor proxy is the only proxy for unregistered users. Adding Proxy Employees You must complete the following activities to create a new proxy employee: 1 Add the employee record. see “To assign a position to the proxy employee” on page 80.

This action adds a new record. 78 Controlling Access to Information  2 Choose Edit Add New Record.    1 Choose Screens Application Administration Employees Employees. Version 6.Controlling Access to Information Defining a Multiple-Organization Enterprise To create a new proxy employee record The screen displays the Employee Administration view.0 .

For easy recognition.0 Controlling Access to Information 79 . that in the seed data. you may want to make this entry similar to. using the guidelines given: Field Last Name Entry Guideline Required. If you are creating a new proxy for regular registered users. enter CUSTOMERA (instead of CUSTOMER) or CADMIN2 (instead of CADMIN). Enter any text. enter the same last name as that in the seed data proxy. Required. First Name Login name Version 6. enter only the following fields shown in the following table. Required.” These entries provide valid choices to display in the picklist of proxies for a new user. “Registered Customer.” If you are creating a new proxy for delegated administrators. but not the same as. enter the same last name as that in the seed data proxy. “Delegated Customer Administrator.Controlling Access to Information Defining a Multiple-Organization Enterprise 3 In the new record. Enter any text. For example.

80 Controlling Access to Information Version 6.   1 Choose Screens Application Administration Positions. Add . This action adds a new record.Controlling Access to Information Defining a Multiple-Organization Enterprise To assign a position to the proxy employee The screen displays the Position Administration view.0  2 Click on the Positions list applet to make it active and then choose Edit New Record.

You may duplicate the seed data position names: “Registered Customer” for registered users or “Delegated Customer Administrator” for delegated administrators. enter only the following fields in the following table.0 Controlling Access to Information 81 .) button. 6 Select the new proxy employee. Version 6. using the guidelines given: Field Position Entry Guideline Required. Required.. 7 Click Close. Pick the organization for which the new proxy employee is being created. The Add Employees dialog box appears.Controlling Access to Information Defining a Multiple-Organization Enterprise 3 In the new record. 5 Click New. Required. Enter any text. Pick the organization for which the new proxy employee is being created. The Assigned Employees dialog box appears with the new proxy employee included in the list. and then click Add. The Assigned Employees dialog box appears. Division Organization 4 Click on the Last Name field.. then click the ellipsis (.

Choose either: Registered Customer for a registered users proxy Delegated Customer Administrator for a delegated administrators proxy  The Responsibilities dialog box appears with the added Responsibility included in the list.0 .Controlling Access to Information Defining a Multiple-Organization Enterprise To assign a responsibility to the proxy employee The screen displays the Employee Administration view. and then click the ellipsis button. and then click Add.  Version 6. 5 Click Close. 3 Click New. click on the Responsibility field. 82 Controlling Access to Information    1 Choose Screens Application Administration Employees Employees. 2 Select the new Employee proxy. The Add Responsibilities dialog box appears. 4 Select the appropriate existing seed data Responsibility. The Responsibilities dialog box appears.

the administrator can pick that user’s proxy employee.COM host company registers a new user.  Intro   Transactional data is automatically associated to the organization of the user entering the data. an administrator could create a single price list and associate it with many organizations. it is automatically assigned to that user’s organization.Controlling Access to Information Defining a Multiple-Organization Enterprise Modifying Seed Data Queries When a delegated administrator or an administrator at your Siebel . If you do not follow the recommended naming convention. if a user enters a new account. Referential data can be associated with multiple organizations. and literature. price lists. Referential data. which is data created by administrators Referential data is information like products. you will have to edit the seed data queries in Siebel Tools to expose the new proxy employees. Controlling Access to Information 83 . The employees exposed in the picklist for this field are filtered by two queries: The organization of the administrator who adds the user One of the seed data queries  Version 6. the seed data queries do not have to be modified. the value in the contact’s Employee Login Name field. If you follow the recommended naming convention in the procedure for creating a new proxy Employee record. For example. For example. which is data created by users Transactional and referential data are explained in more detail in the following subsections.0 The seed data queries are intended to expose only proxy Employees in the administrator’s organization. Creating Associations for Referential and Transactional Data There are two basic types of data in Siebel applications: Transactional data.

When a transactional record is created. Administering Organizational Privileges Consider the following information related to administering organizational privileges when you have a multiple-organization application structure: Specified organizations can autonomously administer their own data: Employees can be added. the record automatically inherits the administrator’s organization. Specific positions can be associated with organizations and then be associated to specific employees. Accounts. it automatically inherits the organization of its creator. he or she is granting visibility of that data to users within that organization. and to control which organizations are able to access the data. Additional information about referential data: When an administrator creates a referential record. Entities can belong to one or more organizations. opportunities. Team members can be added manually or automatically. contracts. Intro Version 6. Using this method administrators are able to create a single record such as a price list. and deleted by name.0 . Additional information about transactional data: Transactional records can be shared with other positions that belong to other organizational groups by adding them to the team.Controlling Access to Information Defining a Multiple-Organization Enterprise Referential Data When an administrator associates a referential record to an organization. and quotes are all examples of transactional data. removed. If the organizational multi-value group is left blank the referential entity becomes available to every organization defined in the Siebel application.  84 Controlling Access to Information        Transactional Records Users enter transactional data as they work in an application.

For the My Responsibilities view: This view displays only the responsibilities granted to the organization a user is logged on as. Associate employees with the available positions in this list. thus preventing access to the employee names in the rest of the organization.Controlling Access to Information Defining a Multiple-Organization Enterprise Specific responsibilities with set views can be associated with organizations and then linked with positions. Give external organizations this view to add. Implementation involves creating one-to-one mappings of Siebel organizations to the organizations present in the back-office product. add a new view that shows the positions for the organization you are currently logged on to. Intro Controlling Access to Information 85 . You need to associate the available responsibilities with the employees in your organization. and modify their own employee list. delete. add a new view that displays only the employees in the organization with which a position is associated.0        For the My Employee view: To limit the employee list to only the employees within an organization. Integrating With the Back Office A multiple-organization structure can provide a seamless integration with backoffice products like SAP™ R/3® and PeopleSoft.    For the My Positions view: To limit the list of positions that an organization can access. Version 6.

Intro Data Object Layer Considerations Consider the following Data Object layer information when you have a multipleorganization application structure: A BU (“business unit”) prefix identifies entities as being associated with organizations. Siebel applications create an additional column is created on their base tables for the organization identifier (BU_ID). Version 6.0 . Transactional data is associated with a single organization.Controlling Access to Information Implementing Multiple-Organization Functionality Implementing Multiple-Organization Functionality Implementing multiple-organization functionality involves configuration in both the data object layer and the business object layer. the BU_ID column has been added to the _U1 index. Intro The Auto All/Org setting determines the user’s highest access for a given object based on views associated with the responsibility and dynamically assigns that level of pop-up visibility. Intersection tables support many-to-many relationships between their base tables and S_ORG_INT. Organizations are division records stored in S_ORG_INT that have a flag (BU_FLG) set to designate them as organizations. Intro Business Object Layer Considerations Consider the following Business Object layer information when you have a multiple-organization application structure: 86 Controlling Access to Information        The primary organization is identified with the organization identifier (BU_ID). For tables associated with multiple-organization information. Referential data is associated with multiple organizations. This column is the foreign key to S_ORG_INT.

This multi-value field requires the Dest Field to be Name. Mapped to BU_ID and has a Pre Default Value of System:OrganizationId. Organization. Views using this setting show all records that match the user’s position’s organization across organization. Assignment Object Considerations Siebel Assignment Manager uses definitions in the Siebel repository to assign objects to assignment rules and candidates. This field is mapped to BU_ID. A seed data example is All Opportunity List View. Primary Organization Id. This multi-value field requires the Dest Field to be Organization Id. Intro Controlling Access to Information 87 . Intro Organization value. Organization. A seed data example is the All Opportunities across Organizations view. Views with this setting show all records for all organizations. Version 6. User Interface Object Layer Considerations Consider the following User Interface Object Layer information when you have a multiple-organization application structure: Values for the Visibility Applet Type property of the View object type and the Visibility Type property of the Drilldown Object object type are: All value. Mapped to NAME in S_ORG_INT and has a Pre Default Value of System:OrganizationName.0          Multiple-organization fields in referential business components are: Organization Id.Controlling Access to Information Implementing Multiple-Organization Functionality Multiple-organization fields in transactional business components are: Organization Id.

Each of the corresponding business components has one or more fields that specify the owner or team. You can specify these objects in the Assignment Attribute Column object definitions as columns to test for value matches and to monitor in dynamic assignment for value changes. or made a member of the opportunity’s or account’s sales team. Siebel applications provide predefined definitions in the Siebel repository for the following objects: Account Activity Campaign Contact Opportunity Product Defect Project 88 Controlling Access to Information        Version 6. An assignment rule includes one or more assignment objects. NOTE: Workflow Policy objects have a one-to-one or a one-to-zero relationship with Assignment objects (the Order and Quote Workflow Policy objects do not have predefined child Assignment objects). When the rule is satisfied. an employee or position can be assigned ownership of an opportunity or account. Assignment object is a child object type of Workflow Policy object.Controlling Access to Information Implementing Multiple-Organization Functionality An assignment object specifies a business entity to which a candidate can be assigned and the entities that are updated to accomplish that assignment. For example. You cannot add additional Assignment objects to Workflow Policy objects that already have a child Assignment object. The parent Workflow Policy object provides a set of available column mappings through its child Workflow Policy Component and grandchild Workflow Policy Component Column object types. specific columns underlying these fields are updated with replaced or added employee IDs in accordance with the settings in the assignment object. Similarly.0 . an employee can be assigned ownership of a service request or product defect.

see the Siebel Object Types Reference. the Opportunity object has the following predefined object definitions: Account. City. Lead Quality.0  a Choose Repository Compile. 6 Step off the row to save changes. NOTE: The sample database also contains several predefined assignment rules for 5 Configure the Assignment object by setting values in the appropriate fields for each run-time parameter. However. Version 6. Country. Named Account. 3 In the Workflow Policy Objects window. b In the Object Compiler dialog box. 89 . 2 Select Assignment Object. For a complete list of assignment object parameters and their default values.srf file and distribute it to all users. Because of the complexity of this requirement. and Project. Creating Assignment Objects You can create new Assignment objects by using Siebel Tools. 7 Compile changes to the siebel. double-click Workflow Policy Object. adding assignment objects may require the addition of skills or other tables and columns. you should create Assignment objects only with the assistance of Siebel Expert Services. 4 Select the Assignment Objects window and choose Edit New Record. Zip Code. For example. State. Revenue. select the Workflow Policy object to which you want to add the new Assignment object.Controlling Access to Information Implementing Multiple-Organization Functionality Service Request The predefined definitions include mappings for the most commonly used attributes for each object. and Industry. Account. To add an Assignment object to a Workflow Policy object 1 In the Siebel Tools Object Explorer. Controlling Access to Information   the following predefined objects: Service Request. select the Assignment project.

see the Siebel Server Administration Guide. see the Siebel Anywhere Guide. Assignment Manager reads from the database: Run-time parameters of assignment objects and their properties Assignment rules and criteria Employees. For more information on stopping and restarting server components. 9 Stop and restart the Assignment Manager server component for the changes to take effect.Controlling Access to Information Implementing Multiple-Organization Functionality c Select the Siebel client repository file (the default is siebel. positions. see the Siebel Server Administration Guide. organizations. For more information on releasing assignment rules. Assignment Manager reads from the Siebel client repository file the list of values for the picklists used in the Siebel client application. inactivate.srf file. For information on distributing the siebel. and their respective skills  For more information on compiling projects. NOTE: You must recompile the siebel. d Click Compile. see the Siebel Assignment Manager Administration Guide. For more information on stopping and restarting server components. see the Siebel Tools Guide.srf) located in the Objects subdirectory within the Siebel client root directory. complete the following steps: a Regenerate triggers by running the Generate Triggers server component. or 8 If you are running Dynamic Assignment.srf file whenever you add. 90 Controlling Access to Information   delete any Assignment Object object types. Additionally.0 . Version 6. c Stop and restart the Workflow Monitor Agent server component. b Release assignment rules by clicking the Release button in the Assignment Rules view.

select the assignment object that you want to configure. To configure assignment objects 1 In Siebel Tools. select the project you need to lock. inactivate.0 Controlling Access to Information 91 . Version 6. or delete any assignment object types. c In the Projects window. d Start the Workflow Monitor Agent server component. b Select Project. see the Siebel Server Administration Guide. For more information on stopping and restarting server components. 4 In the Workflow Policy Objects window. double-click Workflow Policy Object. lock the project to which the assignment object belongs. Configuring Assignment Objects Each assignment object uses its own set of run-time parameters that control the behavior of Assignment Manager for that assignment object. You can use Siebel Tools to modify the default values for these run-time parameters. click the Types tab. d Check the Locked field. c Start the Assignment Manager server component. 3 Select Assignment Object. These run-time parameters are stored in the Siebel repository in the Assignment Object definitions. NOTE: You must stop and restart the Assignment Manager server component whenever you add.Controlling Access to Information Implementing Multiple-Organization Functionality a Stop the Workflow Monitor Agent server component. a In the Object Explorer. 2 In the Object Explorer. b Stop the Assignment Manager server component.

For more information on stopping and restarting server components. see the Siebel Server Administration Guide. For more information on stopping and restarting server components. or delete any assignment object types. a Stop the Workflow Monitor Agent server component. c Start the Assignment Manager server component. see the Siebel Server Administration Guide.0 . NOTE: You must stop and restart the Assignment Manager server component whenever you add. For more information on stopping and restarting server components. d Start the Workflow Monitor Agent server component. c Stop and restart the Workflow Monitor Agent server component. For more information on releasing assignment rules. complete the following steps: a Regenerate triggers by running the Generate Triggers server component. see the Siebel Server Administration Guide. 92 Controlling Access to Information Version 6. 7 If you are running Dynamic Assignment. For a complete list of assignment object parameters and their default values. inactivate. see the Siebel Assignment Manager Administration Guide.Controlling Access to Information Implementing Multiple-Organization Functionality 5 In the Assignment Objects window. 8 Stop and restart the Assignment Manager server component for the changes to take effect. 6 Step off the row to save changes. configure the assignment object by setting values in the appropriate fields for each run-time parameter. b Release assignment rules by clicking the Release button in the Assignment Rules view. see the Siebel Object Types Reference. b Stop the Assignment Manager server component.

Example of Configuring an Assignment Object Version 6. Figure 26.0 Controlling Access to Information 93 .Controlling Access to Information Implementing Multiple-Organization Functionality Figure 26 shows an example of configuring the Account assignment object.

Figure 27 shows the Assign button in the All Service Requests view.0 . and then override or confirm the assignees in the list. view the list of assignees generated by Assignment Manager.Controlling Access to Information Implementing Multiple-Organization Functionality Configuring Assignment Objects for Interactive Assignment Interactive assignment enables users to invoke Assignment Manager immediately. Example of Interactive Assignment 94 Controlling Access to Information Version 6. Users can invoke Interactive Assignment by clicking the Assign button in the assignment object’s view. Figure 27.

including the presence of the necessary assignment object and assignment rules and values.0 Controlling Access to Information 95 . the Siebel client contacts the Assignment Manager and creates a list of qualified employees sorted by descending scores. 2 Verify that the displayed business component is of the CSSBCBase class or one of its subclasses. Also note the value in the Super Class property for this class. You can use Siebel Tools to configure Interactive Assignment for other assignment objects. The Service Request assignment object is configured for Interactive Assignment by default. you can configure the component for interactive assignment. you can configure the component for interactive assignment. 4 Add the Assignment Object business component user property to the business component. check the Super Class property for that class. If the value is CSSBCBase (such as in the Account business component). and the most qualified candidate is assigned. Alternatively. Applets based on other classes (including CSSFrameListBase) cannot be configured for interactive assignment. If it is not CSSBCBase. Business components based on other classes cannot be configured for interactive assignment. note the class name and locate it in the Object List Editor for the Class object type. The user then selects an employee from the list to be the service request owner. Version 6. The user can then view the list of qualified employees in the Assign Employees pick applet. If the Super Class is CSSBCBase. 3 Verify that the appropriate applet is of the CSSFrameBase class or one of its subclasses. To configure Interactive Assignment for an assignment object 1 Verify that Assignment Manager is configured to perform assignment of values in the desired field. If the Super Class is not CSSBCBase. In this case. You can determine the component’s class by looking in the Class property of the business component. a Set the Name property to Assignment Object.Controlling Access to Information Implementing Multiple-Organization Functionality When the user clicks the Assign button in the form applet for the current service request. you can enable SmartScript to have Assignment Manager select the most qualified candidate from the list. a list of qualified employees does not appear in a pick applet.

b Set the Value property to: People. add the Assignment Interactive business component user property to the business component. a In the Object List Editor. navigate to the applet to which you want to add the Assign button. c Copy one of the existing buttons (for example Cancel). if you are setting up employee-. if you are setting up organization-based assignment Both people and organizations. Method Invoked. if you want to enable SmartScript. e Save the changes to the applet. if you are setting up employee. This business component already exists. 7 Add the Assign button in the appropriate applet.Controlling Access to Information Implementing Multiple-Organization Functionality b Set the Value property to the name of the assignment object that is to be used in the assignment process.0 . 8 Add the business component that will hold assignment results records to the business object of the view in which the reconfigured applet is used. b Set the Value property to TRUE. and is either: 96 Controlling Access to Information   Version 6. 5 Add the Assignment Type business component user property to the business component. a Set the Name property to Assignment Type. a Set the Name property to Assignment Interactive. b Right-click the applet object definition. and organization-based assignment  6 Optionally.or position-based assignment Organizations. and Name properties of the new button to Assign. and choose Edit Layout from the shortcut menu. d Set the Caption. position.

you can define the business component user property called Assignment Results BusComp and the applet user property called Assignment Results Applet. if Assignment Type is set to People (depending on whether you are setting up an employee.Controlling Access to Information Implementing Multiple-Organization Functionality Assignment Results (Position) or Assignment Results (Employee). and query only qualified service people who are not currently using their telephone. b In the Object Compiler dialog box. For example. The name of the business component used to hold data for the additional fields would be specified in an Assignment Results BusComp user property in the business component being assigned.0     a Choose Repository Compile. Additionally. NOTE: Optionally.srf file and distribute it to all users. d Click Compile. the service request assignment results could join to the CTI tables.srf) located in the Objects subdirectory within the Siebel client root directory.or position-based assignment) Assignment Results (Organizations). Controlling Access to Information 97 . Assignment Manager reads from the database: Run-time parameters of assignment objects and their properties Assignment rules and criteria  Version 6. if Assignment Type is set to Organizations To add the business component to the business object. 9 Compile changes to the siebel. c Select the Siebel client repository file (default is siebel. with the BusComp property set to Assignment Results (Position) or Assignment Results (Employee). These user properties are desirable when you need to show additional information about the results. select the Assignment project. create a child business object component object definition. The name of the applet used to display the assignment results would be specified in an Assignment Results Applet user property in the applet from which assignment is invoked. Assignment Manager reads from the Siebel client repository file the list of values for the picklists used in the Siebel client application.

provides the call center with much flexibility to organize its work and agent resources effectively and to control visibility of data. agents with expertise supporting products or services from Company A.Controlling Access to Information Implementing Multiple-Organization Functionality Employees. or to multiple internal entities. and their respective skills For more information on compiling projects. You can associate records with one or more organizations. Organization visibility is defined for both business components and views. inactivate. would be assigned positions in the organization defined for Company A. This feature. Call-center agents can be assigned to multiple positions in multiple organizations. and organization visibility. modify. while agents supporting Company B would be assigned positions in the organization defined for Company B. Multi-Tenancy Considerations Siebel CTI supports the multiple-organization feature in the Siebel eBusiness Applications. Organizational Visibility and Positions Some Siebel data records can be viewed only by users whose current position is within a particular organization. 98 Controlling Access to Information  or delete assignment criteria and assignment attributes. for example. called multi-tenancy for call centers. NOTE: You will need to recompile the siebel.srf file.0 . Other records are visible to users whose positions are in different organizations. For information on distributing the siebel.srf file if you add. Intro Version 6. Call centers that provide outsource services to other companies. see the Siebel Applications Administration Guide. organizations. see the Siebel Anywhere Guide. according to their expertise and the call center’s operational requirements. responsibilities. In an outsource call center. positions. For more information about call-center scenarios. Each user can have only one position active at a time. In some situations you can enable a user to see data for all of that user’s assigned positions. can support these multiple entities using multi-tenancy. see the Siebel Tools Guide. positions.

Controlling Access to Information Implementing Multiple-Organization Functionality Organization Visibility for Business Components Organization visibility is defined for each business component. Controlling Access to Information 99 . Visibility is for multiple organizations. determining which of the following applies to the business component: Visibility is for one organization. the business component determines the organization visibility for the pop-up screen data. such as for certain pop-up screens. either manually or automatically. while the All Contacts across Organizations view (not available for all users) enables a user to view all contact records for all organizations. as appropriate for the context and for the pop-up screen data. transferred. At any time. enabling Siebel CTI to change the agent’s position as necessary. Multiple views that display data for the same business component may enforce visibility differently. a callcenter agent can manually change the current position in the Siebel application by using the Change Position command in the Edit menu. Organization visibility is not enforced for the view if the field Admin Mode Flag is checked (TRUE). Changing Position Manually or Automatically For the agent to view some data. Organization visibility does not apply.0      Organization Visibility for Views Each view enforces organization visibility for each view. When an agent retrieves a call from hold. If the agent is the recipient of a pop-up screen for an incoming. For each view object definition: Organization visibility is enforced for the view if the field Visibility Applet Type is set to Organization and the field Admin Mode Flag is not checked (FALSE). A business component for which organization visibility applies is said to be position-dependent. the original pop-up screen and position are both restored. For example. Version 6. the All Contacts view enables a user to view contact records within one organization. Siebel CTI attempts to change the agent’s position automatically. As described earlier. the agent’s position must be changed. You can determine whether a view enforces organization visibility by using Siebel Tools. or conference call.

but the agent can view all data that is defined to be visible for all the agent’s assigned positions. By considering this factor. you can ensure that a pop-up screen always appears for an incoming call. and the agent has more than one position that matches the data. If the agent’s current position matches the screen-pop data. the pop-up screen appears and the agent’s position is changed. which ignores organization-visibility rules. the user receives a message. and the agent has one other position that matches the data. 100 Controlling Access to Information     Version 6. NOTE: If you are using the call-routing functionality of the Siebel CTI Server. if the new current position is not appropriate. If the agent does not have a position that allows the agent visibility to the screenpop data.0 . A prompt advises the agent to manually change to a position appropriate for the pop-up screen data. Scenarios for Generating Pop-Up Screens and Changing Position Application behavior for generating pop-up screens and changing positions varies for each of the scenarios described below. except in certain error conditions. The agent’s position is not changed. then your call-routing logic must take into account the way organizations and positions are defined for your company. After an agent’s position has been automatically changed.Controlling Access to Information Implementing Multiple-Organization Functionality The screen component determines the pop-up data to display. no pop-up screen appears. If the agent’s current position does not match the pop-up screen data. the pop-up screen appears. so that the agent can subsequently navigate to related records without hindrance. The agent must manually change the position again. no message appears. the screen pop is displayed and the agent’s position is not changed. If the agent’s current position does not match the pop-up screen data. the agent’s position remains what it was changed to. You specify this determination in the QueryBusComp parameter in the EventResponse definition. When a position is changed. when a call is concluded. The Siebel client enables the agent to view this data by using the VIEW_ALL mode. If the position is not changed.

Some views.0        Setting the Multi-Tenancy Configuration Parameter The Siebel CTI configuration parameter Setting:MultiTenancy enables you to specify whether or not Siebel CTI should apply organization-visibility rules. For call transfers and conferences. some views are not available in Siebel Thin Client for Windows. the pop-up screen occurs without restriction. changing position manually as needed. Multi-tenancy affects pop-ups differently for different views. When organization visibility is not enforced for a view. do not have organization-visibility rules. Siebel CTI attempts to set the position only if the popup screen view enforces organization visibility. Siebel CTI always attempts to set the user’s position automatically. organization-visibility rules do not apply to pop-ups for call transfers or conferences. Siebel configurators. Some views. For inbound calls. Set this parameter to FALSE if your Siebel implementation does not use multitenancy. Siebel CTI applies organization-visibility rules to screen pops according to the business component data. Version 6. Siebel CTI does not use organization-visibility rules in its position-changing behavior. for the views involved in your pop-up screens. Organization-visibility rules for pop-up screens apply to inbound calls and to call transfers and conferences between call-center agents. callcenter managers. Set this parameter to TRUE if your Siebel implementation uses multi-tenancy. such as administration views. Also. Position will not be changed.Controlling Access to Information Implementing Multiple-Organization Functionality If the business component for a view does not have enough data to determine organization visibility. such as views whose names include the phrase “Across Organizations”. You should verify organization-visibility behavior. see the Siebel CTI Guide. Controlling Access to Information 101 . No error message appears. For more information. and end users must understand how these issues relate to popup screens. When a view has no records displayed. enable users to view records for multiple organizations.

and positions are associated with particular organizations. Price list visibility is further restricted by the currency of the account in the price list header. Often predefined queries have been set up that limit the data that is initially visible in a view. Only price lists with the same currency designation as the account appear in the quotes picklist. and it is not there. What is causing the problem? Two factors limit the price lists that can be selected for a quote: The organization the user has been assigned The currency of the account selected in the price list header Check to see if the view you are accessing has a predefined query that is limiting the data available. I added an employee to the sales team. but the employee I added cannot find related records in his “My” views for accounts or opportunities. Why is this happening? Users see only the price lists that have been assigned to their organization. Version 6.Controlling Access to Information Implementing Multiple-Organization Functionality Troubleshooting Multiple-Organization Visibility Issues This subsection contains answers to frequently asked questions and troubleshooting techniques relevant to multiple-organization access control. Intro Frequently Asked Questions and Answers This subsection contains questions and answers related to the implementation of multiple-organization access control. Executing a new query often makes the missing record appear. Why is this happening? 102 Controlling Access to Information      If the employee who has been added to the team belongs to more than one organization. he or she should check the other organization to find the missing records.0 . I go to a view to find a record that is in my organization. Sales team picklists are based on a user’s position. When I create a quote for certain accounts the number of price lists available is limited.

If you want to remove the organization you can merge it with another existing organization or division. I created a configurator model and assigned child products to it. Why can’t I assign an activity to someone’s alternate organization? The “assign to” picklists are employee-based. In some cases. I created a price list and assigned it to an organization. Why are the products in the price list not visible? For the products in the price list to be visible they need to have organization IDs assigned to them. the information displayed in the picklist depends on the user’s access to views.Controlling Access to Information Implementing Multiple-Organization Functionality Why don’t the picklists in my thin client application show the same amount of information as displayed in the dedicated client picklists? Version 6. Why can’t I delete an organization I created? Once an organization has been created it can’t be deleted. the thin client will not have the same views that are available in the dedicated client.0       When a business component has been set up to use the pop-up visibility type Auto/All Org. rather than position-based. which ensures that records are not lost during the operation. Controlling Access to Information 103 . Why is this problem occurring? Positions are cached in the application’s memory. I deleted (or modified) a position (or responsibility). This restriction prevents records from losing their association with their organization. For the changes to be visible the user needs to log off and then log back on to the application. but the change did not take effect. The model shows up in my organization. but the related child products do not appear. Why? You need to assign the child products to the same organization as the parent model. and thereby creates orphaned records. They show an employee’s primary organization only. You can do this manually or automatically using the product denormalization feature of Assignment Manager.

Controlling Access to Information
Implementing Multiple-Organization Functionality

Troubleshooting Techniques
Use the following techniques in identifying and debugging problems:
General tips. Isolate what the problem is by defining the behavior you observe

104

Controlling Access to Information 

           

   

compared to the behavior that is expected or desired: What is the behavior you are seeing? What is the expected (desired) behavior? Is the problem with the visibility of records, or with the visibility of views?

Isolating visibility problems. Isolate where the visibility is failing:

On what view, applet field, and so on does this behavior happen? Does this behavior happen only on the server, only on a local system, or in both environments? Does this behavior happen when you are using an out-of-the-box .srf file? What is the behavior? Does this behavior happen with scripting turned off? (To turn scripting off, set the EnableScripting parameter in the client .cfg file to FALSE.)

Isolating who the problem affects. Isolate who is affected by the visibility problem:

Is the behavior specific to one user, many users, or all users? What is the user’s position? If there are multiple positions for this user, what position is he or she logged on as when the problem occurs? What is the position’s organization?

Isolating the cause. Isolate the cause of the visibility problem; for example:

If the problem is the visibility of views, check the user’s responsibility, associated views, and responsibility’s organization. The position of the user’s organization should match the organization on the responsibility. If the view is correctly associated to the responsibility, then check whether the view is in the database in S_APP_VIEW and S_VIEW.

Problems with visibility of records. Take the following steps:

Version 6.0

Controlling Access to Information
Implementing Multiple-Organization Functionality

Check to make sure the record is in the database by querying the database directly. Spool the client-side SQL using the /S switch at the command line. Run the SQL query from the view in question using the database client to determine if the behavior is consistent with the Siebel client. Compare the custom SQL with standard SQL and note any differences.

Version 6.0 

     

Problems with transactional record visibility. Take the following steps: 

Check the user’s position on the sales team for “My” views. Check that the primary position is associated with the user’s current position’s organization for “All Views.” Check that a primary position is designated for “Across Organizations” views.

Controlling Access to Information

105

Controlling Access to Information
Glossary of Terms

Glossary of Terms
Admin visibility mode All visibility

Intro

Provides the means to see all records, including those without a valid owner or primary team member. (Using the All across organizations view) Provides the user with access to all records, except for those with a missing or invalid primary position in the sales team. Users who view data from the server database through a local or wide area network. Determine which records from the server database are propagated to each mobile user. The primary table among a collection of tables making up a dock object. The primary table is identified in the Primary Table property of the Dock Object object type. The collection of tables is related through foreign keys. Provides the user with access to records that have a sales team in which a subordinate is designated as the primary position (if the business component uses Sales Team visibility). Alternatively, it provides access to records with an owner ID belonging to a subordinate (if the business component uses owner-based Personal visibility). The reporting relationship can be direct or indirect. Limits the visibility of data to the organization to which the user is assigned.

connected users docking visibility rules driving table

Manager visibility

multipleorganization visibility multiple tenancy Organizational visibility Personal visibility position

Enables users to go from one organization to another in a single instance of a Siebel application. (Using the All views) Provides the user with access to records within a given organization. Provides the user with access to records in which his or her position or logon ID is designated as the owner. Job title within an organization. Position can be thought of as a box in the organization’s hierarchy chart with a reporting relationship to a supervisory position (or higher-level supervisory position).

106

Controlling Access to Information

Version 6.0

Controlling Access to Information Glossary of Terms record-access visibility remote users Determines the set of records displayed to the user from specific business components within specific views. Class of users who require access to the same set of application features.0 Controlling Access to Information 107 . A process by which sales teams and contact access lists are automatically updated based on territories and the positions assigned to them. Provides the user with access to records whose sales team or contact access list contains his or her position. These restrictions operate independent of visibility restrictions. Drills down to a specific record in the destination view based on matching the source field and destination field in the source and destination business components. Grouping of accounts and opportunities that can be assigned to salespersons or sales teams through their positions. A routing capability that provides the means to restrict the list of accounts routed to individual users who are connected to the server remotely. Routing is generally implemented to prevent excessive transfer of data over dial-up lines. Also called view access visibility. responsibility routing restrictions row ID-based drilldown Sales Team visibility selective routing territory territory assignment user responsibility visibility Version 6. The association between a responsibility and a user. providing that user with the access to views that the assigned responsibility conveys. Controls user access to records within specific views. Restricts data access for remote users. Users (typically mobile users) who download database records to their laptops by means of a synchronization process. specifically views.

The documents listed are all part of the product documentation set for Siebel eBusiness Applications. Siebel repository objects and their properties Application administration tasks related to information access Configuring Siebel eBusiness Applications Configuring .COM applications Territories and the territory definition process Assignment rules. .Controlling Access to Information Summary and Where to Get More Information Summary and Where to Get More Information Intro This document described the capabilities in Siebel eBusiness Applications to control access to information. see the following Siebel Object Types Reference Siebel Applications Administration Guide Siebel Tools Guide Configuring Siebel .COM Applications Guide Siebel .COM Applications Siebel Assignment Manager Administration Guide Siebel Assignment Manager Administration Guide Siebel Remote and Replication Manager Administration Guide Siebel . Table 3 lists sources of additional information about topics discussed in this document. . Table 3.COM Applications Guide Siebel Server Administration Guide Siebel CTI Guide For information about this topic . .0 . using Siebel Assignment Manager Selective routing Proxies Doing seed data queries Stopping and restarting server components Configuring telesets 108 Controlling Access to Information Version 6. Sources of Additional Information . .

2000 1:36 pm Controlling Access to Information 109 .0 TechPubs Draft Modified: May 15. 27. 38. 91 configuring for interactive assignment 94 predefined definitions 88 assignment results 96 B business components configuring 95 C Campaign dock object 54 Child value Visibility Rule Applied property of Link object type 46 Comments property Dock Object Visibility Rule object type 58 connected users about 50 defined 106 Contact dock objects 54 Contact value Visibility Applet Type property of View object type 43 Contact Visibility Field property Business Component object type 41 CREATED_BY system column 36 D Description list column Responsibility Administration view of Siebel applications 19 Destination Field property Drilldown object type 50 divisions adding 68 Dock Object object type 53 Dock Object Table object type 55 Dock Object Visibility Rule object type 57 dock objects Campaign 54 Version 6. 51 defined 106 for mobile users 20 Always value Visibility Rule Applied property of Link object type 46 Applications Administration limiting access to 74 assignment attributes creating 98 assignment objects adding to a workflow object 89 configuring 88.Index A access levels 74 limiting 74 access list contact 29 Account Synchronization Selection view 61 Admin Mode Flag field 99 Admin Mode Flag property View object type 44 Admin visibility mode 38 defined 106 All Service Requests view 94 All value Visibility Applet Type property of View object type 43 Visibility Type property of Drilldown Object object type 87 All visibility about 26.

2000 1:36 pm Version 6. 27. 28 Enterprise value Visibility Level property of Dock Object object type 54 N Never value Visibility Rule Applied property of Link object type 46 F Find dialog box invoking 24 O opportunity dock objects 54 organization (account) dock objects 54 Organization Administration View fields in 69 Organization value Visibility Applet Type property of View object type 44 Visibility Type property of Drilldown Object object type 87 Organization Visibility Field property Business Component object type 40 Organization Visibility MVField property Business Component object type 40 Organization Visibility MVLink property I Interactive mode configuring assignment objects 94–97 L license keys using to restrict access to views 24 Limited value Visibility Level property of Dock Object object type 54 links 110 Controlling Access to Information Modified: May 15.0 TechPubs Draft . 37 defined 106 mobile users about 50 multiple tenancy 98 defined 106 multiple-organization visibility 10 defined 106 My in view names 27 My Team in view names 27 E Employee Administration view 21. 50 Drilldown value Visibility Rule Applied property of Link object type 46 driving table defined 106 for dock objects 55 visibility-related properties in 45 Local Access list column Responsibility Administration view of Siebel applications 19.Index Contact 54 DocQuote (quote) 54 opportunity 54 organization (account) 54 ProductDefect 54 ServiceRequest 54 visibility rules for 57 docking visibility rules about 51 defined 106 DocQuote (quote) dock object 54 drilldown behavior visibility and 49 Drilldown Object object type 47. 51 M Manager value Visibility Applet Type property of View object type 44 Manager visibility 25.

98 defining 70 Primary Table property Dock Object object type 55 Private value Visibility Level property of Dock Object object type 54 ProductDefect dock object 54 proxies adding 77 assigning positions 80 assigning responsibilities 82 defined 107 Report object type 48 responsibilities 98 adding and removing for employees 22 adding views to 18 copying 75 creating 18 defining 73 responsibility defined 107 Responsibility Administration view 17 routing restrictions 50 defined 107 row ID-based drilldown defined 107 S Sales Rep value Visibility Applet Type property of View object type 44 Sales Team visibility 26 about 25. 24. 42 Owner Visibility Field property Business Component object type 40 P Personal value Visibility Applet Type property of View object type 44 Personal visibility 26. 32 Position Visibility Field property Business Component object type 36. 37. 27 defined 107 sales teams 26 seed data modifying queries on 83 selective retrieval 60 selective routing 60 defined 107 Sequence property Dock Object object type 58 Dock Object Visibility Rule object type 59 ServiceRequest dock object 54 system preferences limiting access to 74 R record-access visibililty defined 107 record-access visibility 26 remote users about 50 T Team in view names 27 territory about 30 defined 107 Version 6. 2000 1:36 pm Controlling Access to Information 111 .Index Business Component object type 41 Organizational visibility 27 defined 106 Owner Delete property Business Component object type 41 Owner Field property Business Component object type 36. 27.0 TechPubs Draft Modified: May 15. 34 defined 106 Popup Visibility property Business Component object type 41 position defined 106 Position Administration view 28. 40 positions 9.

Index territory assignment defined 107 process for creating 30 U user access by organization 76 user IDs using to set visibility 24 user responsibility defined 107 V View Administration view in Siebel applications 23 View bar impact of visibility on 25 View Mode property Report object type 48 View Name list column Responsibility Administration view of Siebel applications 19 views Employee Administration 28 Position Administration 28 properties related to visibility 42 visibility All 26. 50 112 Controlling Access to Information Modified: May 15. 26. 27 Visibility Applet property View object type 44 Visibility Applet Type field 99 Visibility Applet Type property View object type 43 Visibility Emp MVField property Business Component object type 40 Visibility Level property Dock object type 53 Visibility MVLink property Business Component object type 40 Visibility Rule Applied property Link object type 46 visibility strength concept in dock object visibility 58 Visibility Strength property Dock Object object type 58 Dock Object Visibility Rule object type 59 Visibility Type property Drilldown Object object type 47. 51 defined 107 drilldown behavior and 49 Manager 25. 38. 27. 37 Organizational 27 Personal 26.0 TechPubs Draft . 2000 1:36 pm Version 6. 34 relationship with responsibilities 24 Sales Team 25. 27.