CRM security is not just at the row level. We can implement basic row security either by user ID or by permission list.
In either case, we can define which BUs and tablesets are accessible for a given user or for a given permission list.
1)Over and above these security levels, CRM has something called Dataset Roles and Dataset Rules, to further restrict the access. These are all configurable once you build the appropriate SQL views in app designer.
Most of the CRM search pages are 'Configurable Search' pages which are controlled by a huge chunk of setup data. That is the place where we can setup these dataset rules.
2)Another place to look for security for the functional folks is setting up 'functional options'. This specific security level is not very well described or documented. E.g. There may be few people in the organization who can setup and modify the company information, but only those who have sepcific 'functional option' which is mainly derived from PeopleTools roles, can add account team members for that company and not anyone else.
Instead of using delivered roles, we can build the memberships and view lists for customers or for other CRM roles
3) Secured worker role is for restricting the access to the sensitive worker information like DOB,address,phone,job data, etc.
There is a separate setup to allow specific roles to view/modify the CRM Worker data.This is again one level above row level security
--DATASET ROLES
ReplyDeleteSELECT * FROM PS_EOEC_MP_ROLE
SELECT * FROM PS_EOEC_MP_ROLE_CI
SELECT * FROM PS_EOEC_MP_ROLRULE
--DATASET RULES
SELECT * FROM PS_EOEC_DATASET
SELECT * FROM PS_EOEC_MP_RULE
SELECT * FROM PS_EOEC_MP_RULCOND