LN user authorizations

Initially, normal users cannot use LN at all. Therefore, you must define some authorizations for the various LN software components. The authorizations of an employee in a company are related to the employee’s functionality or role in that organization, some employees have more authorizations than others. Likewise, LN ’s Authorization Management System (AMS) also uses a role concept to define the authorizations of LN users.

In addition to these role-dependent authorizations, you can define some additional dependent authorizations that are not defined by the employee’s role: for example, the development parameters, device preferences, and so on. These non-role-dependent authorizations are defined in templates, which you can then connect to the user profile.

The following figure shows a schematic overview of how the user authorizations are split up into role-related authorizations and non-role-dependent authorizations:
Schematic overview of the authorization concept in LN
Schematic overview of the authorization concept in LN
Nota

At minimum, users must have some sort of session authorization, table authorization, and library authorization to use LN. During the installation of LN, some default roles are automatically created. The default roles ensure that the normal users can use the Worktop browser and the browser’s associated functions and commands.

Session Authorization (DEM and AMS)

You can use two different methods for defining employee roles. First you can define roles in the Dynamic Enterprise Modeler (DEM). Second you can define roles in the Authorization Management System (AMS).

  • DEM

    In DEM you can model Business Processes. Business Processes contain activities to be executed. Those activities can be LN sessions.

    Roles are linked to Business Processes, activities and employees. This way the access to the LN sessions is controlled.

    On runtime the employee has a specific DEM menu, the Process browser in Web UI or Worktop. When an employee executes LN sessions from the Process browser, then the modeled DEM authorizations are used for those sessions. The DEM authorizations are deduced from the modeling information and are not stored into static authorization tables.

    Note: If you launch sessions from the Process browser, LN ignores any roles and authorizations defined in AMS. However, the AMS authorizations are applicable if you launch sessions through the Run Program command in Web UI or Worktop.

  • AMS

    In AMS you can define roles for Session Authorization, Table Authorization and Table Field Authorization. Those roles can be linked to normal users. By default normal users do not have any authorization. Super users have Full authorization for all sessions and all tables.

    You can define different authorization types, for example Full authorization, Read Only authorization, and so on.

    You can launch sessions from the Menu browser in Web UI or Worktop. The roles that are linked to your LN user account decide what is allowed to execute or not.

    The DEM roles and authorizations are not applicable if you launch sessions from the Menu browser.

In connection with the Sarbanes - Oxley Act (officially titled the Public Company Accounting Reform and Investor Protection Act of 2002) customers feel the need to have a clear overview of the authorizations of a certain employee for the LN applications.

The following sessions are available to print the session authorizations:

  • DEM
    Print DEM Session Authorizations (tgbrg8441m000)
  • AMS
    Print Session Authorizations by User (ttams3400m000)