How Access Rights for Displaying Related Record-Type Records are Determined

	Print Open PDF Version of Online Help

How Access Rights for Displaying Related Record-Type Records are Determined

When a user successfully views the Detail page for a record, Oracle CRM On Demand uses the following process to determine which related records the user can see:

Oracle CRM On Demand verifies that the user’s role has the necessary privileges to view the record type. If the user's role does not have the necessary privileges to view the record type, the records of this related record type are not shown.
If the related record type is based on a primary record type, Oracle CRM On Demand verifies that the Has Access check box for the related record type is selected. If the Has Access check box is not selected for the related record type, the records of this related record type are not shown.
If the owner of the parent record is the current user, Oracle CRM On Demand extracts the access level for the related record type from the current user’s owner access profile.
If the owner of the parent record is the current user’s subordinate at any level in the reporting hierarchy, Oracle CRM On Demand extracts the access level for the related record type from the current user’s owner access profile.
If the owner of the parent record is an unrelated user:
- If the Can Read All Records option is selected for the related record type on the current user’s role, Oracle CRM On Demand extracts the access level for the related record type from the current user’s default access profile.
- If the Can Read All Records option is not selected for the related record type on the current user’s role, the current user's default access profile is not used.
  In this case, the current user gains access to the Detail page of the parent record in one or more of the following ways:
  - The current user is a member of the team on the parent record.
  - The current user has a direct or indirect subordinate who has access to the parent record.
  - The current user is a member of a book that contains the parent record, or the parent record is in a subbook of a book where the current user is a member.
  - The current user has been delegated by another user who has access to the parent record.
    Oracle CRM On Demand therefore extracts the access levels for the related record type from the access profiles for the parent record through each of the applicable access-control components.
Oracle CRM On Demand then evaluates all the related access levels to determine if the Inherit Primary access level is present in the set of access levels and determines what records to display, as follows:
- If the Inherit Primary access level is not found:
  - If the most permissive access level is No Access, then the related records are not shown.
  - If the most permissive access level is anything other than No Access, then all related records are shown, including records the current user is not authorized to see.
- If the Inherit Primary access level is found, and the Can Read All Records check box is selected for the related record type in the current user’s role, then all related records are displayed.
- If the Inherit Primary access level is found, and the Can Read All Records check box is not selected for the related record type in the current user’s role, then the set of related records that are shown includes all records where any one of the following is true:
  - The current user owns the related record.
  - The current user is a member of the team on the related record.
  - The current user has a direct or indirect subordinate who has access to the record.
  - The current user is a member of a book that contains the related record, or the related record is in a subbook of a book where the current user is a member.
  - The current user has been delegated by another user who has access to the related record.

How Access Rights for Displaying Related Record-Type Records are Determined

Related Topics