Authorization levels
You can use this function to limit the access an operator has to specific modules, menu options, and procedures, over and above security set up in SA Operator Setup. Each system client operator can have a level of authorization for each authorization point. Use authorization points judiciously because they can slow or stop workflow.
The system administrator pre-defines an operator's access in SA Authorization Security Administration.
Each operator can be assigned one of these three security levels for each authorization point in the system:
- Level 1: Not Authorized:- The operator must be granted authority (or denied it) by an operator with level 3 authorization.
- Level 2: Authorized: The operator is authorized to perform the task, but not allowed to authorize another operator to perform the task.
- Level 3: Grant Authority: The operator is allowed to grant (or deny) authorization for the particular task. The system-level operator always has level 3 authority for all operators, even if the system-level operator’s own security level is set to level 1 or 2 for some of the authorization points. If the system-level operator encounters an authorization point for which his security level is set to 1, the system-level operator must obtain help from another operator with grant authority to proceed.
Authorization levels are assigned separately for each authorization point. When an operator encounters an authorization point (functionality that checks for authorization) one of two things occurs. If the operator has level 2 or 3 authority for that authorization point, the operator can perform the transaction.
If the operator has level 1 authority, and is not authorized to perform the task, the operator will get a notification window and must cancel out of the task or contact a supervisor (who has level 3 authority for that particular functionality) to request granting of authority to allow the operator to proceed in SA Authorization Security Administration. The supervisor can either grant (or deny) authorization for the task using the Authorize Transactions window. Contact might be through email, a phone call, or by some other electronic or personal communication.