Defining the types of permissionsUsing the Authorization and Security functionality, you can define authorizations for an employee or employee group enabling access to specific data in a business process such as contract management, project management, requisition, procurement, sales, and warehousing. The applicable permission types: These roles, policies, and rules can be used individually or in a combination. You can also specify the data for: Permissions: Authorization Roles Authorization Role is a type of permission assigned to a set of employees with the same role. Note In the Authorization Roles (tcsec0120m000) session, you can also link a defined authorization role to an AMS or DEM role ( LN user authorizations (OP-CE)). Example To allow employees with the Project Manager role to modify their own projects, you must set the Authorization Level to Project Manager role and link the same to all the Project Managers. To link an authorization role to AMS or DEM Role:
You can use the AMS or DEM roles to set up session permissions with the required authorization levels. See, Example of session and data authorization. Authorization Policies Authorization Policies are used to define corporate policies for data authorization for a group of employees, irrespective of the employee role. Example A project is created to register an internal task in Hours Accounting (holidays or internal meetings) and all the employees are allowed to use this project. An authorization policy is linked to all the employees. Assigned Rules Assigned Rules are new, additional, or exceptional permission, specific to an employee and can be assigned without changing an existing authorization role or policy. Use the Assigned Rules (tcsec0160m000) session to view and maintain rules defined for an employee. Example Employee A goes on a holiday. You can assign a rule to another employee to provide access to the projects or purchase orders of employee A. To set an assigned rule to Expired:
| |||