Defining the types of permissions

Using the Authorization and Security functionality, you can define authorizations for an employee or employee group enabling access to specific data in a business process such as contract management, project management, requisition, procurement, sales, and warehousing.

These roles, policies, and rules can be used individually or in a combination.

You can also specify the data for:

Permissions:

Authorization Roles

Authorization Role is a type of permission assigned to a set of employees with the same role.

Note

In the Authorization Roles (tcsec0120m000) session, you can also link a defined authorization role to an AMS or DEM role ( LN user authorizations (OP-CE)).

Example

To allow employees with the Project Manager role to modify their own projects, you must set the Authorization Level to Project Manager role and link the same to all the Project Managers.

To link an authorization role to AMS or DEM Role:

  • From the Specific menu, select AMS Roles > Import in the Authorization Roles (tcsec0120m000) session, to create authorization roles with the same code and description as the AMS roles and link these roles to the appropriate AMS roles.
  • Select Import DEM roles in the Authorization Roles (tcsec0120m000) session, to create authorization roles with the same code and description as the DEM roles and link these roles to the appropriate DEM roles.

You can use the AMS or DEM roles to set up session permissions with the required authorization levels. See, Example of session and data authorization.

Authorization Policies

Authorization Policies are used to define corporate policies for data authorization for a group of employees, irrespective of the employee role.

Example

A project is created to register an internal task in Hours Accounting (holidays or internal meetings) and all the employees are allowed to use this project. An authorization policy is linked to all the employees.

See, Authorization Policies (tcsec0150m000).

Assigned Rules

Assigned Rules are new, additional, or exceptional permission, specific to an employee and can be assigned without changing an existing authorization role or policy. Use the Assigned Rules (tcsec0160m000) session to view and maintain rules defined for an employee.

Example

Employee A goes on a holiday. You can assign a rule to another employee to provide access to the projects or purchase orders of employee A.

To set an assigned rule to Expired:

  • Select the Expired check box.
  • If the assigned rule is set to Expired, you cannot modify the value of the Description field and the permissions cannot be applied.