How to remove read access to "All partners" data for a given channel user Role?

(Doc ID 2233991.1)

Last updated on MARCH 03, 2017

Applies to:

Oracle Fusion Sales Cloud Service - Version 11.1.11.1.0 and later
Information in this document applies to any platform.

Goal

Aim:
This document will help you to create the necessary data security policies that will restrict an internal user, so that he is unable to view / query for any partner organizations in the List / Picker UI.


Current Behavior:
As of today, the data security policies that we ship out of the box allow an internal user to search and view partner records unconditionally.
Any one who has functional access to view the "Partners List UI" or launch the "Partner Picker UI" will be able to search and drill down to view the details of all partner accounts present in the system.


Expected Behavior:
After making the changes suggested in this document, Users who are granted a particular Channel User role, will not see any partners in the search results of the Partners List / Picker UI pages.


Pre-requisites:
• A top-level Internal User application role - Ex: Channel Operations Manager.
• Access to Authorization Policy Manager


Summary of the Required Changes:

• All top level Channel User application roles inherit one or more application roles that come provisioned with global grants. These global grants give them unconditional access to TCA Party records of all organizations and Persons.
We will end-date these existing global grants.
We will create new grants, such that logged-in users can read TCA party records, only
 If the TCA party record is NOT a partner organization
• A few application roles come provisioned with a conditional grant. Example: Allow read access to the TCA party record of all parties that are not (a sales account or a sales prospect).
However this condition will be met by any TCA party that is a partner organization.

We will end-date these existing conditional grants.
We will create new grants such that logged-in users can read TCA party records,
o If the TCA party record is NOT a partner organization (AND)
o If the TCA party record is neither a Sales Account nor a Sales Prospect


 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms