Access Control Mechanism

Their are two type of access control mechanism(ACM)

View level & Data Level

View-Level Access Control

 Organizations are generally arranged around functions, with employees being assigned one or more

functions. View-level access control determines what parts of the Siebel application a user can

access, based on the functions assigned to that user. In Siebel applications, these

functions are called responsibilities.

Responsibilities define the collection of views to which a user has access. An employee assigned to

one responsibility may not have access to parts of the Siebel applications associated with another

set of responsibilities. For example, typically a system administrator has the ability to view and

manage user profiles, while other employees do not have this ability.

Each users primary responsibility also controls the users default screen tab layout and tasks. 

Record-Level Access Control 

Record-level access control assigns permissions to individual data items within an application. This

allows Siebel customers to authorize only those authenticated users that need to view particular data

records to access that information.

Siebel applications use three types of record-level access: position, organization, and access group.

When a particular position, organization, or access group is assigned to a data record, only

employees within that position, organization, or access group can view that record.

 A position represents a place in the organizational structure, much like a job title. Typically, a

single employee occupies a position; however, it is possible for multiple employees to share a

position. Position access allows Siebel customers to classify users so that the hierarchy between

them can be used for access to data.

For example, a supervisor would have access to much of the data that a subordinate has access

to; the same applies to others who report to the same manager.

 

 Similarly, an organization such as a branch of an agency or a division of a company is a

grouping of positions that map to the physical hierarchy of a company. Those employees assigned

to a position within a certain organization are granted access to the data that has been assigned

to that organization. Visibility to data can be set up to restrict employees from accessing data

outside their own organization.

  An access group is a less-structured collection of users or group of users, such as a task force.

Groups can be based on some common attribute of users, or created on an ad hoc basis, pulling

together users from across different organizations and granting them access to the same data.