Module 10: Securing Siebel Implementations

You might also like

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 23

Business Analyst (Siebel 7.


Module 10: Securing Siebel Implementations

Module Objectives
After completing this module you will be able to:
Describe the layers in the Siebel security model Provide a definition for the major entities used to specify a company within a Siebel application

Why you need to know:

You need to understand how to effectively secure a Siebel implementation

Siebel Application Security Framework

There are three layers in the Siebel security model

Physical infrastructure layer Application layer Data layer

Physical Infrastructure

Addresses network, communication, and data security

Data encryption Communication encryption Password security Firewalls

Application Layer

Addresses mechanisms to manage and authenticate users

Database authentication External directory authentication Web Single Sign On User Administration

Covered in the following modules

Controlling Access to Views Authenticating Users

Data Layer

Addresses the set of data that an authenticated user can access Consists of a collection of mechanisms known as Access Control

Access Control

Consists of mechanisms that:

Restrict access to views Restrict access to data records in the Siebel database so that:

Pertinent records are easy to find Users see only appropriate records

Access to Views

Users require access to different views based on their job function or role, for example:
Call center agents need access to views displaying service requests, calls in their queue, and campaign information Customers need access to views displaying their current orders or available products

Covered in the Controlling Access to Views module


Field Sales Rep




Channel Partners Call Center Agent

Service Requests


Access to Data

Users require access to different data to complete their jobs

Project managers need to access data for their projects Sales executives need to access accounts and opportunities they are working on Service reps need to access the service requests they are handling

Users with the same job role are assigned the same set of views
Some of their views are configured to filter data

Covered in the following modules:

Controlling Access to Customer Data Controlling Access to Master Data

Company Structure

Companies deploying Siebel applications are structured using the following entities:
Divisions Organizations Positions

Covered here and in the Creating the Company Structure module


Represents a part of a company at a specific location and/or performing a specific type of work Captures the business structure of a company Is part of a division hierarchy
Each division has zero or one parent division
MegaCorp Headquarters

MegaCorp Sales

MegaCorp Government Serv

Domestic Sales

Foreign Sales

Govt West

Govt East


Is a division that has been specifically designated to allow data to be associated with it
Its data is segregated from data associated with other organizations

Typically represents partner companies or special divisions in a company

MegaCorp Headquarters
Division designated as organization

MegaCorp Sales

Division designated as organization

MegaCorp Government Serv

Domestic Sales

Foreign Sales

Govt West

Govt East


Are also arranged in an organization hierarchy

Determines for a given organization:

Its parent organization Its child organizations

Structure derived from division hierarchy

MegaCorp Headquarters

MegaCorp Sales

MegaCorp Government Serv

Domestic Sales

Foreign Sales

Govt West

Govt East

Default Organization

Is an organization (and division) provided as seed data in every Siebel installation Is assigned by default to records that require an organization when no organizations have been explicitly created Should not be changed


Is a job title in a hierarchical reporting structure of an internal or partner organization Is more stable than an individuals assignment to that position
People might change, but a position is static

Is used as a mechanism to restrict access to a set of data

Position Hierarchy

Consists of the set of positions organized into a hierarchical reporting structure

Each position reports to one and only parent position

Should reflect the reporting and data access needs of the organization
Managers should be able to access data their subordinates are working on
MegaCorp Headquarters MegaCorp Sales VP Sales CEO

Dir. Government Services

MegaCorp Government Serv

Domestic Sales

US Sales Mgr

Foreign Sales Mgr

Foreign Sales

Govt West

Govt East

Project Mgr East

Positions and Organizations

Each position is also associated with one and only one organization
The organization of the assigned division

MegaCorp Headquarters MegaCorp Sales

VP Sales


Dir. Government Services

MegaCorp Government Serv

Domestic Sales

US Sales Mgr

Foreign Sales Mgr

Foreign Sales

Govt West

Govt East

Project Mgr East

Positions and Employees

Some positions have a single employee

Typical toward the top of a reporting hierarchy, where a job is more specialized

For example: CEO, VPs

Some positions have multiple employees

Can occur at the bottom of a reporting hierarchy, where a job is less specialized

For example: a group of call center agents all doing the same work

Craig One is associated with the VP Marketing position

Primary Employee

When there are multiple employees per position, one employee is defined as the primary employee for a position
When a position is assigned to a record, the primary employees name appears in the primary field for the record, even if other users are associated with the same position

Click the Select button in the Last Name field to see all employees per position

One employee is defined as primary employee for a position

Employees and Positions

Employees can have multiple positions if they do different types of work or need to see different sets of data Employees occupy one and only position at any given time
By default, login is based on the employees primary position

M. Westerly is associated with these positions; Service Rep W1 is his primary position

Change Position

Employees can change position during a session

From the application-level Tools menu, select User Preferences > Change Position

This module showed you how to:
Describe the layers in the Siebel security model Provide a definition for the major entities used to specify a company within a Siebel application


In the lab you will:

Examine a company structure in the sample database

You might also like