Overview

	Overview The Authorization and Security functionality enables you to define the permissions (no permission, view, use, and modify) for the employees or employee groups to access data for a specific business process. The Authorization and Security process helps businesses authorize data access based on a role, rule, or company policy across locations, products, or market combinations. For example, management must be allowed to analyze all the data but employees can be authorized only to work on a subset of data. Note If the Authorization and Security functionality is implemented for a business process such as Project Management or Procurement, the usage of various fields are determined based on the specified permissions. Example Project Manager or Cost Engineer is only allowed to: See certain Projects. Use certain Projects Example All employees who are authorized to create requisitions are only allowed to: View own Requisitions. Modify own Requisitions. Example While employee X is on holiday, employee Y is allowed to: View Requisitions of employee X Modify Requisitions of employee X You could use the AMS and DEM functionality to assign permissions to employees, which was used to control session access. Using the Authorization and Security functionality, you can now provide authorizations to specific business objects (Projects, Purchase Orders, RFQs, and so on) considering the related attributes. For example, register project hours for a project that is part of a specific program. The flowchart explains the authorization levels. Benefits: Allows the company’s management to analyze all activities and results. Sharing related (master) data across locations or product/ market combinations. Supports centralized processes such as, planning or procurement across entities. Reduces overhead by maintaining a single set of master data. Permissions Data authorizations (Permissions) can be based on Authorization policy, Authorization role, and Assigned rules. You can use these permission types individually or in a combination, to set up the security. The permissions and the related lines are created and maintained for each authorization business process (Project management, Requisition, and Procurement) with these authorization levels: View: The employee can view the data related to the specified business process. Use: The employee can use the data related to the specified business process. For example, the employee can use the project data in Hours Accounting. Modify: The employee can modify the data and execute the related processes. No Permission: The data related to the specified business process is not displayed. The permissions are version controlled and limited to specific companies. You can assign the permissions to employees or employee groups. You can also copy the permissions of an employee or employee group to multiple employees or employee groups. Note Data authorizations can be set up, only for employees currently working with the organization, by default, the authorization can be set to No Access, or View, or Use, or Modify. This flowchart explains the permissions setup. Authorization Definition company You can set up authorizations for a specific company and the data can be used by other companies. For example, companies 301, 302, and 575 can use the setup in company 300. After the authorizations and permissions are set up, you can activate the permissions for the users in the required company. Limitations This functionality is only applicable for certain processes such as Project management, Requisitions, and Procurement. In Project, you can only access the functionality for projects (not contracts). Also, not all Project sessions are considered for the authorization setup. See Supported Project sessions for authorization. Related topics Authorization and Security parameters Apply and enforce authorization Defining the types of permissions Example of session and data authorization Viewing permissions data Creating permissions Assigning permissions Supported Project sessions for authorization