Primary Position/Owner based Security

Oracle BI Applications allow using the same Visibility Concept like Siebel. The following possibilities are supported within the Standard:

  • Primary Position/Owner Security
  • Organisation Security

The following Article focuses on the First Option “Primary Position/Owner Security”. It’s Important to understand a few Basics about Siebel:

  1. A Position defines a specific job Slot within a Company and usually starts with the Position of the CEO, having the CIO,CFO, CTO etc. reporting to him. The next Position e.g. Vice President Sales then Reports to the CFO.
  2. A Position can have a particular Incumbent (or Employee). E.g. “John Smith” is the current Incumbent of the Position Sales Manger West for Automotive. There might be other employees before “John Smith” how aren’t active in this Position anymore
  3. Most Objects in Siebel like Opportunities, Marketing Campaigns etc. are associated to a Position and not the Employee. However, a few Objects which are shorter lasting like Activities, Service Request etc. are associated to an Employee directly.

It is Important to note that the Concept is called Primary Position/Owner based Security. Thus, there is no either or. Depending on the Object either the Position linkeage or the Owner Linkeage will be used and the Position Hierarchy will always be respected even if Objects are linked to Owners. It’s also possible to have two Employees sharing a Position at the same Point in Time, but only the Primary Employee will be able to see the data within the Analytical Application (BI Apps). This is because the Position Hierarchy (W_POSITION_DH) will be used to limit the Visible data based on the Position within the Hierarchy and the Primary Employee is an Attribute of that Position. Thus, it’s not possible to have a many to one Relationship in this Hierarchy, but only one Employee (the Primary) as a Descriptive Attribute of the Position Hierarchy.

E.g. the West Rep1 Position does only have the Primary Incumbent in the Position as a descriptive Attribute to the Position.

This is stored in the W_INT_ORG_DH in the following way:

To Configure the Security correctly one needs to administer the Incumbents within a Position in the following Screens in Siebel CRM:

The following is the Administration Screen to select an Employee within a Position:

The Child Position needs to be configured accordingly:

After setting up the Position Hierarchy and Incumbents in Siebel the Hierarchy will be loaded into the BI Applications data model. Based on the Hierarchy the BI Server will create a Query like the following:

The above Query is for the Position that is located at the top of the Hierarchy. Note that the Login is used to compare to the login, thus the Position Incumbent. Hence, if multiple Employees share the same position only the login (Employee) that is the Primary Employee will have access to the data. Other Employee’s won’t have any!

For the Position that is located below the following Query will be created:

And for the Position below:

And for the Position that is located at the very bottom, the Base Position will be used:

All of this is steered through the Position Security Hierarchy within the Business Model Layer of the BI Admin Tool (.rpd) using the INDEXCOL Function on the “Dim – Position Security” Dimension.

INDEXCOL( VALUEOF(NQ_SESSION."HIER_LEVEL"), 
"Core"."Dim - Position Security"."Current Base Level Login", 
"Core"."Dim - Position Security"."Current Level 1 Login", 
"Core"."Dim - Position Security"."Current Level 2 Login", 
"Core"."Dim - Position Security"."Current Level 3 Login", 
"Core"."Dim - Position Security"."Current Level 4 Login", 
"Core"."Dim - Position Security"."Current Level 5 Login", 
"Core"."Dim - Position Security"."Current Level 6 Login", 
"Core"."Dim - Position Security"."Current Level 7 Login", 
"Core"."Dim - Position Security"."Current Level 8 Login", 
"Core"."Dim - Position Security"."Current Level 9 Login", 
"Core"."Dim - Position Security"."Current Level 10 Login", 
"Core"."Dim - Position Security"."Current Level 11 Login", 
"Core"."Dim - Position Security"."Current Level 12 Login", 
"Core"."Dim - Position Security"."Current Level 13 Login", 
"Core"."Dim - Position Security"."Current Level 14 Login", 
"Core"."Dim - Position Security"."Current Level 15 Login", 
"Core"."Dim - Position Security"."Current Level 16 Login", 
"Core"."Dim - Position Security"."Current Top Level Login")

This Function uses the Session Variable “HIER_LEVEL” which determines the Level one Particular Employees is in to steer the correct Data Visibility. This Session Variable is Initialized using the following Authorization Block:

This means that one Employee can see always “his” correct data even for Objects which are linked to positions e.g. like Opportunities.

Advertisements