To create roles and authorizations (OP-CE)

Initially, normal users do not have any authorizations for LN. Therefore, you must define the role-dependent authorizations for their function. This section provides information and instructions on how you can use LN ’s Authorization Management System (AMS) to create roles for normal users and the associated role-dependent authorizations.

You can use the authorization management system to:

  • Create roles and authorizations.
  • Create templates.
Procedure result and prerequisites
Result

The authorization management procedures create a user environment with clearly defined tasks and duties for the normal users in a company.

Prerequisites

The following prerequisites are required to create roles and authorizations:

  • The functions and associated tasks are clearly defined for the employees.
  • The software components to which access is required for the functions are clearly defined.

The following case study explains how to create roles and authorizations and helps you understand the functions and features of LN ’s AMS. The case study also describes the role concept in the context of a real situation.

The case study describes authorization management at Global Enterprises, which has offices in The Netherlands and the United States. These offices are designated as the Holland Company and the USA Company. Employees of Global Enterprises must be able to use the company’s data dictionary and the databases of both offices.

For detailed instructions on how to enter data in the described sessions, refer to the online help of the sessions

Procedure introduction

The authorization management procedure is split up into several smaller procedures, which the system administrator can use as stand-alone procedures to maintain the authorizations at the various levels. The additional roles, which define additional authorizations on top of the standard role, can also be created with this procedure.

Case study - Authorization management at Global Enterprises

The system administration department at Global Enterprises is responsible for management of the employees’ authorizations. Authorization management involves the definition of the role-dependent authorizations for the employees in roles. To ensure that the user authorizations are easily maintainable, the system administrator defines one standard role with the most basic authorization, as well as additional roles for specific tasks.

The authorizations defined in the standard role are required by the users to use Global Enterprises’ general data dictionary and the data of the offices in The Netherlands and the USA.

In the standard role, the system administrator defines the session authorizations and library authorizations at the various levels. In addition, the system administrator makes sure that the users cannot change their own user data.

Procedure summary

This list shows the procedure steps and the corresponding sessions.

  1. Take inventory of the roles in your organization
  2. Define the authorizations per role - Role Data (ttams2100m000)

    Via the appropriate menu in this session, you can:

    • define session authorizations
    • define database authorizations (table and table field authorizations)
    • define library authorizations
    • Optionally: define authorizations in sub-roles and link these sub-roles to the main role - Subroles by Role (ttams2101m000)
    For details on the authorization types, see Role-dependent authorizations (OP).
  3. Convert the user file to the runtime data dictionary (ttams2200m000)
  4. The relevant users must log off and log on again.