1. What is basic access control?
Basic access control consists of the following:
--View level access control – Restriction of what views a user can see.
--Record(data) level access control – Restriction of what data records a user can see.
2. What are the mechanisms for record level access control?
The mechanisms are;
--Personal access control
--Position based access control
--Organization based access control
--‘All’ access control.
--Access group access control.
3. What is personal access control?
If individual data can be associated with a user’s Person record in the database, then you can restrict access to the data, to that person. E.g. My activities, My service requests. Some ‘My’ views apply Position or organization based access control. E.g. ‘My opportunities’ applies position based access control.
4. What is position based access control?
--A position is a job title in a company. A position represents reporting hierarchy. Positions provide an appropriate basis for access control because a position is more stable than the individual’s assignment to that position. Customer data and some types of referential data can be associated with one or more positions.
--If individual data can be associated with a position, then you can apply position based access control to the data by one or more of the following means:
Single position – Associate single position to individual data.
Sales Team – associate multiple positions to individual data.
Manager – Grant access concurrently to data associated with subordinate positions in a reporting hierarchy.
-- All position based access control for an employee or partner user is determined by an active position. One of the user’s position is designated as the primary position. When a user logs in, the primary position is the active position.
5. Describe single position access control?
You can associate a single position to individual data. A business components’ view modes determine whether single position access control, can be applied in a view that is based on the business component. To have a single position access control available, a business component must have a view mode of owner type ‘Position’, with an entry in the visibility field column.
6. Describe sales team access control?
You can associate multiple positions, in the form of a team, to individual data e.g. In My opportunities view, an internal employee or partner with a particular active position can see all the opportunities for which that position is included in the opportunities sales team.
A business components’ view modes, determine whether a Sales Team access control can be applied in a view that is based on a business component. The business component must have a view mode of owner type ‘Position’, with entries in the ‘Visibility MV Field’ and ‘Visibility MV Link’ columns.
7. Describe manager access control?
You can indirectly associate a position with data associated with subordinate positions in a reporting hierarchy.
Manager – subordinate relationships are determined from a position hierarchy. You can specify one present [position for a position, which represents that, the position is a direct report to the parent. The parent of an internal position may be in the same division or in a different division.
In a view using manager access control, the employee or partner has access to the following data.
--If the business component on which the view is based uses a single position access control, the user sees data associated directly with the users’ active position or with subordinate positions.
--If the business component on which the view is based uses sales team access control, the user sees data for which the users active position is the primary position on the team or, a subordinate position is the primary member on the team.
Manager access control is set at view level. It requires that the business component on which the view is based on a view mode with owner type position. (i.e. the visibility applet & visibility applet type ).
8. Describe organization based access control?
When individual data can be associated with an organization, you can apply organization based access control to the data by one or more of the following.
Single organization – Single organization with individual data.
Multiple organizations – Multiple organization with individual data.
Sub-organizations – Grant access concurrently to the data associated with subordinate organizations in the organization hierarchy.
A user is associated with one organization at any given time, the organization to which the user’s active position belongs.