When a user requests a function, the security entries specified in 'Authorization by User. Display' (SES401) are searched for a matching combination of user and function by authorization check program (CAUTCHK) to assure full functional coverage.
M3 BE Security uses company-level entries if the requesting user is working at the division level and there are no security entries at division level. Remember the relationship between company and division.
If the search is unsuccessful, M3 Business Engine Security refers back to the authorization required setting in the function definition 'Function. Open' (MNS110). If this is 1, the request is denied; if this is 0, the request is permitted.