| LN user authorizations (OP-CE)Initially, Normal users cannot use LN. Therefore, you
must define some authorizations for the various LN software
components. The authorizations of an employee in a company are related to the
employee’s functionality or role in that organization, some employees have more
authorizations than others. Likewise, LN ’s Authorization
Management System (AMS) also uses a role concept to define the authorizations
of LN users. In addition to these role-dependent authorizations, you can
define some additional dependent authorizations that are not defined by the
employee’s role. For example, the development parameters, device preferences,
and other authorizations. These non-role-dependent authorizations are defined
in templates, which you can connect to the user profile. Note At minimum, users must have some sort of session
authorization, table authorization, and library authorization to use LN. Some default roles
are already automatically generated to ensure normal users have sufficient
authorization to logon. Session Authorization (DEM, AMS and Enhanced
AMS) Use these methods for defining employee roles: - Dynamic Enterprise Modeler (DEM)
- Authorization Management System (AMS)
- Enhanced AMS, that fully integrates with DEM
DEM In DEM you can model Business Processes. Business
Processes contain activities to be executed. Those activities can be LN sessions. Roles are linked to Business Processes, activities and
employees. This way the access to the LN sessions is
controlled. On runtime the employee has a specific DEM menu, the
Process browser. When an employee runs LN sessions from the
Process browser, the modeled DEM authorizations are used for those sessions.
The DEM authorizations are deduced from the modeling information and are not
stored into static authorization tables. Note: If you launch sessions from the Process browser, LN ignores any roles
and authorizations defined in AMS. The AMS authorizations are applicable if you
launch sessions through the Run Program command. AMS In AMS you can define roles for Session Authorization,
Table Authorization and Table Field Authorization. Those roles can be linked to
Normal users. By default Normal users do not have any authorization. Super
users have Full authorization for all sessions and all tables. You can define different authorization types, for example
Full authorization, Read Only authorization, and other
authorizations. You can launch sessions from the Menu browser. The roles
that are linked to your LN user account decide what is allowed to execute or not. The DEM roles and authorizations are not applicable if you
launch sessions from the Menu browser. Enhanced AMS This method is available to improve the management of
authorizations. You must explicitly enable Enchanced AMS, otherwise the
default, classic authorization model applies. You can activate the Enhanced AMS
at AMS Parameters. Previously known as SSO Parameters. When Enhanced AMS is
activated, the menu Tools/User Management/Authorization Management System
contains the corresponding new sessions. For example, the classic sessions are
removed from that menu. Activation of Enhanced AMS must involve a Convert to
Runtime of all Roles and all Users. When using DEM, we recommend that you integrate Enhanced
AMS with DEM. You can specify a parameter at AMS Parameters, to export the DEM
roles to AMS. This simplifies the modeling of DEM subapplications. It suffices to specify the authorizations for the
sessions that users must perform for a specific business task. The Aggregate DEM Authorizations for AMS (tgbrg9298m100) session aggregates DEM
Authorizations and the explicitly modeled subapplications. When these
Authorizations are exported, the corresponding AMS roles are generated. The Role Data (ttams4600m000) session provides an overview of the AMS roles and
their origin. The AMS role modeler can still change or overrule a specific AMS
role. For more details see DEM.
Customers require a clear overview of the authorizations of a
certain employee for the LN applications. This is in connection with the Sarbanes - Oxley Act
(officially titled the Public Company Accounting Reform and Investor Protection
Act of 2002). These sessions are available to print the session
authorizations: DEM Print DEM session authorizations (tgbrg8441m000) AMS Print Session Authorizations by User (ttams3400m000) Enhanced AMS No specific Print session exists. The preferred method is to
export data to Excel using the Role Data (ttams4600m000) session.
| |