Authorization review and drill back

	Authorization review and drill back The term “Drill back” must be read as: "Start an LN session from outside LN through Infor Ming.le ". This can be initiated by another user and without providing any authorization context. For example; an approval step from a workflow set up in ION. In this approval step you must view specific LN data to decide on approval or rejection. To set up the correct authorization for your DEM users to drill back from Infor Ming.le into LN you must specify several sessions with information. The classic method to start a session is by selecting a session by the user within an UI. In the LN UIs you can use: Menu Browser Process Browser Process Viewer Run Program. The menu option Allow Run Program by Session Code. This option can start a session by specifying the session code. Within the UIs several personalization options are available to overrule and hide parts of the UI that are initially enabled on the server. View sets are maintained within the View Modeler (tlvwm0601m000) on the server where custom views overrule Standard Views as delivered by Infor. Run the View Modeler from Web UI. In the View Modeler both Standard, read-only and as delivered by Infor, and configurable Custom view sets are shown. DEM and AMS When a session is started from the “Menu Browser” or “Run Program”, the AMS authorization is used. AMS session authorization is the highest (aggregated) authorization level defined for a specific user for all assigned AMS roles. To be able to use AMS the menu browser and the Allow Run Program by Session Code check box in the User Data Template (ttams1110m000) session must be selected. You can gather and view the authorization information for the AMS and DEM user with these sessions: Aggregate DEM Authorizations for AMS (tgbrg9298m100) Display Authorization Data (tgbrg9598m000) The Aggregate DEM Authorizations for AMS (tgbrg9298m100) session can export DEM authorization information to enhanced AMS. When these authorizations are exported, the corresponding AMS roles are generated. Both AMS and DEM authorizations become active. If required the authorization data can be further maintained in AMS. With the Display Authorization Data (tgbrg9598m000) session all authorization data per user is listed. With this list you can review the authorizations for the LN users and consider any changes. DEM without AMS When a session is started from the “Process Browser” or “Work Area” the DEM generated authorization advice is used. The authorization is based on the “active” DEM role. For DEM end-users the UI settings have granted access to the “Process Browser” and/or “Process Viewer”. The menu browser and the Allow Run Program by Session Code check box in the User Data Template (ttams1110m000) session must be cleared. This prevents confusing authorization situations where AMS is not the same as DEM. You can gather and view the authorization information for the DEM user with these sessions: Aggregate Authorization Data (tgbrg9298m000) Print DEM session authorizations (tgbrg8441m000) The Aggregate Authorization Data (tgbrg9298m000) session collects modelled information to be used by external programs, for example Approva, Excel etc. The modelled information is mainly the output of Print DEM session authorizations (tgbrg8441m000).