Below is a diagram that presents the general architecture of Self Service in Sage CRM.

The key thing to point out in this diagram is that the people who access CRM data through self service screens are called 'Visitors'. The people who logon into Sage CRM through its main interface are 'Users'. Users consume a license. Visitors do not consume a license (although you must have Self Service included in the general license for the instance of Sage CRM).

Users

Users are always authenticated when they login and a session is created. This login is either explicit because they have entered their username and password in Sage CRM or implicit in a system where IIS Auto Login is used as they will have previously been authenticated as they entered their Windows username and password.

A user will have a session created for them. As their session is created they are granted permission to access different parts of the system. These permissions are controlled by their security profiles and territory rights.

Self Service Visitors

Visitors can either be anonymous or authenticated.

• Anonymous access means that some areas of the corporate site are designed to allow access without having to enter a username or password. Typically anonymous access is used for pages that include an enquiry or registration request form - obviously you do not want to have a registration form for new visitors on a page that they they can't access without logging in! Another use for anonymous access is to create public access to data held in CRM tables for example a Knowledge-base that draws from the solutions table. But any custom table in Sage CRM could be exposed through self service.
• Authenticated access means that users are required to enter a username and password. A cookie is used to store the user credentials and the validity of this cookie can be checked on subsequent pages that the visitor accesses.

Note: Authentication in Self Service essentially means 'Can this visitor access this page?' but if does not provide complete security over data access. The design of the pages in self service has to be carefully considered to prevent visitors using the pages access data they they should not see. This is covered in other articles.

Enabling a Person for Self Service.

Enabling a contact for Self Service is just a question of selecting the Self Service tab and then clicking to enable the 'Self Service Enabled' box. You can change the person's login ID and password by typing the new values in the Logon ID and Password fields. Once the save button is clicked the person is enabled for Self Service.

The image below shows that when you next select the Self Service tab for that person the Self Service and Person details are displayed.

Administration of Visitors

A system administrator can control visitors through the administration screens.

Administration -> System -> Self Service

You can drill down into each visitor record to update the information given there.

Note: The values in these fields can automatically maintained by code in the actual self service pages that the visitor accesses on the corporate web site.

The details of visitors can be purged from the system if necessary.

I have discussed the Self Service Configuration tab in the article "Some more thoughts on Self Service".