Example of session and data authorization

This table uses the Purchase Order session as an example to explain the two authorization systems:

  • AMS or DEM: Authorization is applied at the session level.
  • Authorization and Security: Authorization is applied at the business object level (for example, Project and RFQ).
Note

The application uses the most secure authorization system.

Session Authorization (AMS or DEM)Data Authorization (SEC)Result
No PermissionAll Authorization LevelsUser cannot access the session.
DisplayNo PermissionUser can access the session but data is not displayed.
View / Use / ModifyUser can access the session and can only view the data.
Print/DisplayNo PermissionUser can access the session but data is not displayed or printed.
View / Use / ModifyUser can access the session and authorized data can only be viewed and printed.
Modify/Print/DisplayNo PermissionUser can access the session, but no data is displayed.
View / UseUser can access the session and all authorized data can only be viewed, printed, or both.
ModifyUser can access the session and authorized data can be viewed, printed, or modified.
Insert/Modify/Print/DisplayNo PermissionUser can access the session but no data is displayed
View / UseUser can access the session and all authorized data can only be viewed, printed, or both.
ModifyUser can access the session and action can be executed, except delete, to the authorized data.
Full AuthorizationNo PermissionUser can access the session, but no data is displayed
View / UseUser can access the session, and all authorized data can only be viewed and printed.
ModifyUser can access the session, any action can be executed, except delete, to the authorized data.

 

In case modifications or higher permissions in AMS or DEM (for a session that uses the data object) are required, for example, Projects in Hours Accounting, the following is applicable:

Session Authorization (AMS or DEM)Data Authorization (SEC)Result
Modify/Print/DisplayNo PermissionUser can view and modify all the registered hours, but cannot use the project or zoom to the related project data.
ViewUser can view and modify the related registered hours but cannot use the project, but can zoom to the related project data.
Use / ModifyUser can view and modify the related registered hours and can use project.
Insert/Modify/Print/DisplayNo PermissionUser can create, view and modify all the registered hours, but cannot use the project or zoom to the related project data.
ViewUser can create, view and modify the related registered hours but cannot use the project, but can zoom to the related project data.
Use / ModifyUser can create, view and modify the related registered hours and can use project.
Full AuthorizationNo PermissionUser can delete, create, view and modify all the registered hours, but cannot use the project or zoom to the related project data.
ViewUser can delete, create, view and modify the related registered hours but cannot use the project, but can zoom to the related project data.
Use / ModifyUser can delete, create, view and modify the related registered hours and can use project.