Overview

Focus Area: Security

SCRM now supports Business Unit (BU) security. Users will only have access to company and facilities they have been granted access to through SCRM Business Units on the UGM user profile. This feature also filters the users’ business unit selection list, only showing those business units they have access to.

GSM Business Unit Security Overview

GSM BU Security has been available since 5.2.1. While GSM has always filtered EQT search results based on BU visibility rules, users could still follow a URL to the specification tied to a business unit they didn’t have access to and they would be able to read that specification (and depending on the WFA settings). With GSM BU security, if users were to follow a URL to a specification tied to a business unit they didn’t have access to, they will receive a Permission Denied screen. In addition, business unit security also secures associated objects. For example, if a sourcing approval is tied to a specification the user doesn’t have access to, the user will not be allowed to see the sourcing approval. With 6.0, SCRM objects (companies, facilities and sourcing approvals) have been extended to support business unit security functionality.

Business units are tied to the user through their UGM user profile.

Figure 1. UGM User Profile

Feature Configuration

GSM BU security is configurable and can be turned on or off. The default feature configuration is off. You can turn GSM BU security on by editing the following configuration line.

The Business Unit Hierarchy and Defining Access

For both GSM and SCRM BU security, users will have access to all business units above and below the node they have been assigned. Take a look at the examples below. If you were to give a user access to Texas, the user would have access to objects tied to the business units in red.

North America

· United States

o California

o Florida

o Texas

§ Dallas

§ Houston

· Canada

If you were to give a user access to the United States, the user would have access to objects tied to the business units in red.

North America

· United States

o California

o Florida

o Texas

§ Dallas

§ Houston

· Canada

The Basics

Previously the only security in SCRM was found in sourcing approvals, since they are tied to WFA templates and Object Level Security. Now SCRM objects can be secured by business unit, much like GSM.

The SCRM user will only be able to read and edit companies and facilities that are tied to business units they have access to. This will also apply to sourcing approvals tied to those companies or facilities.

This feature filters all SCRM search results, so companies/facilities the user doesn’t have access to do not appear in the results.

In addition, this feature filters the business unit selection list. So when a user opens the control to assign or edit a business unit, they will only see the business units they have access to. This makes sure that the user can not assign a BU they don’t have read access to.

Figure 2. Facility Profile: Business Unit Selection

Note: BU selection filtering is not available in GSM BU security.

Much like GSM, the user can see which business units they have access to by using the Profile and Preferences tool: Access Information tab.

Figure 3. Access Information tab: SCRM Business Units section

Defining Access

When configured on, it is required to provide SCRM business units to each UGM user. A new field has been added underneath the GSM Business Units field on a users UGM profile. The SCRM Business Units assigned here will be the business units the user has access to.

Figure 4. Assigning SCRM business units

Important: Just like GSM, if a user’s SCRM business units are left blank, the user will have access to all SCRM Business Units.

Configuration

Feature Configuration

SCRM BU security is configurable and can be turned on or off. The default feature configuration is off. You can turn SCRM BU security on by editing the following configuration line.

SCRM Business units are associated to statuses. For example, a single company can be approved for the United States BU but still in review for the Canada BU and inactive for the Mexico BU. Configured statuses can be ignored by SCRM BU Security. In the above example, you would probably want security to ignore business units with a status of inactive.

Set up which SCRM BU statuses you would like to secure in the CustomerSettings.config file, inside the SCRM block. Notice that each status is referenced by the pkid value.

<SCRM>

</SecuredStatuses>

</BusinessUnit>

</Security>

</SCRM>

The above values are from the certified database. The statuses can be found in the scrmEntityStatus database table. There will also be a toolkit widget to manage this table in a future extensibility pack release.

SCRM BU Security Example

The system is configured with the following statuses:

status	configuration
Null	Secured
In Review	Secured
Approved	Secured
Not Approved	Secured
Inactive	Not Secured

User A has access to the United States BU and User B has access to the Canada BU.

Figure 5. User A’s UGM User Profile

Figure 6. User B’s UGM User Profile

Figure 7. Company Profile – BU and Status Pairing


company	BU – Status Pair Defined	Users who have access
A	United States – Approved Mexico – Not Approved Canada – Null	User A User B
B	United States – Approved	User A
C	Mexico – Inactive	User A User B
D	Mexico – Approved United States – Inactive	None

User A will not see company D or any company, facility or sourcing approval tied to company D in EQT search results. If the user follows a URL to any object tied to company D they will be presented with a Permission Denied screen.