4

Security

Copyright © 2016, Oracle and/or its affiliates. All rights reserved.

Implementing Oracle Engagement Cloud 4 - 1

Objectives

After completing this lesson, you should be able to:

• Describe the security model used in Engagement Cloud
• Describe how the job roles in Engagement Cloud extend Sales Cloud

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4-3

Implementing Oracle Engagement Cloud 4 - 2

Engagement Cloud Security Model

• Leverages the same security model used by Sales Cloud, including:

– Job roles assigned to users
– Duty roles associated with jobs
– Role-based access control policies that assign privileges to:
— Access specific data (visibility)
— Manipulate that data (functionality)

Users Roles Privileges

Users have roles... ...that grant privileges to
perform actions

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4-5

Implementing Oracle Engagement Cloud 4 - 3

Basic Concepts – Security

Functional Security Data Security

What actions the user can do What data the user can see

Job Role / Enterprise Role Data Security Policy (a seeded query on

→ Duty Role a specific object)

→ Privilege

Examples: Examples:
Job: Customer Service Representative All SRs
Duty: Service Request Troubleshooter My SRs (team member)
Privilege: Create Service Request (SR) SRs for my Accounts
Message

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4-7

Implementing Oracle Engagement Cloud 4 -

Concept/Definition – Functional Security

• Functional privileges are granted

through a set of seeded job roles, duty Job Role
roles, and privileges (Customer Service Representative)
– Define what actions a particular
user can do with data the user can
Duty Role
access (Service Request Troubleshooter)
• Data Security Policies are defined
separately from the Duty Roles and
Create Service Edit Service Compose
Privileges Request Request Response
(Privilege) (Privilege) (Privilege)
• Data Security Policies define what
data a user can view, update, or
delete

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4-9

<Course name> 1 - 5
 Job Roles

• Job roles specific to Engagement Cloud come pre-defined with the application
– Customer Service Representative
– Customer Service Manager
– Knowledge Analyst
– Knowledge Manager
• Some Sales Cloud job roles provide Engagement Cloud privileges also
– For example, the Sales Representative and Sales Manager roles can view and edit
Service Requests
• There is not a separate Service Administrator job role. Full access to the Engagement
Cloud application is part of the Sales Administrator job role.
• You can also create customized roles by copying seeded roles and making changes to
the copy

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4 - 11

You can not modify any seeded job roles in the application. To make changes to the Duties and
Privileges within a Job Role, you must copy a seeded Role and then make changes to your copy.

Implementing Oracle Engagement Cloud 4 - 6

 Seeded Job Roles
New (introduced in R12):
Customer Service Representative
Customer Service Manager
Knowledge Analyst (can author and search knowledge)
Knowledge Manager (full privileges)

Existing roles granted additional service privileges:

Sales Administrator (full privileges) Note: there is no separate ‘Service Administrator’
Sales Representative & Sales Manager (can view SRs)
Channel Sales Manager (can interact with SRs for assigned partner accounts)
Partner Sales Representative (external user from partner company that can login & create SRs)
Contract Manager (defines SLA rules)

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4 - 13

Starting in R12 you cannot change the as-delivered roles. Instead, to modify a role, you need to
copy it within Security Console and then edit the copy.

Implementing Oracle Engagement Cloud 4 -

Seeded Job Roles

• Customer Service Representative

• Customer Service Manager
• Knowledge Analyst (can author and search knowledge)
• Knowledge Manager (full privileges)
• Existing roles granted additional service privileges:
– Sales Administrator (full privileges)
— Note: there is no separate "Service Administrator"
– Sales Representative & Sales Manager (can view SRs)
– Channel Sales Manager (can interact with SRs for assigned partner accounts)
– Partner Sales Representative (external user from partner company that can login &
create SRs)
– Contract Manager (defines SLA rules)

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4 - 15

Implementing Oracle Engagement Cloud 4 -

Differences from the Sales Cloud Security Model

• Service Requests (SRs) provide an extra Data Security policy for queue-based visibility
that other objects do not have
– For example, an agent can see the list of SRs in their queue(s) regardless of whether
that agent is currently the SR owner or an SR team member
• Territory Management is a security related framework specific to objects such as
customers and opportunities, but Territories are not applied to service-specific features
such as Service Requests and Work Orders

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4 - 17

Implementing Oracle Engagement Cloud 4 - 9

Common Considerations with Job Roles

• When setting up roles and privileges, consider some common situations:

– Customer Service Representatives and Customer Service Managers
— What information do they need access to (such as Opportunities, Contracts, or Orders) in
order to perform their primary duty of resolving customer issues?
– Sales Reps and Sales Managers
— Should they have editing privileges for Service Requests, or view-only privileges?
– Knowledge contributors
— Should they be limited to creating/editing/authoring privileges or do they need full
knowledge administrative access to approve and publish articles or to change
administrative settings such as user privileges and locales?
– Blended roles such as "Relationship Managers" or "Account Managers"
— May need a combination of sales and service privileges, but the fine grained privileges
within Sales and Service roles may differ from pure Service Reps and pure Sales Reps.

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4 - 19

Implementing Oracle Engagement Cloud 4 - 10

 Basic Concepts – User Management

• Employees come from Human Capital

Management
Parties of Type = Person
• Users
– Are granted Roles
Employees Users Customer – Can login to the system from
Contacts
employee-facing or customer self-
service end points
Resources
• Resources own things
– Own or are assigned to objects; for
example team members own
transactions
– Are part of a Resource Organization

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4 - 21

This topic is covered in more depth in a subsequent lesson.

Note that in Partner Resource management, partner contacts are created as resources

Implementing Oracle Engagement Cloud 4 -

Lesson Highlights

• The security model used by Engagement Cloud is similar to that of Sales Cloud,
although there are some specific differences
• Additional job roles are seeded in Engagement Cloud

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4 - 23

Implementing Oracle Engagement Cloud 4 - 12

Practice

• Explore security and job roles

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 4 - 25

Implementing Oracle Engagement Cloud 4 - 13