Table Data Authorizations (ttams3145m000)

Use this session to maintain table data authorizations. You can specify restrictions for normal users that are linked to the role to perform database actions on records of a table for a given condition. Table data authorizations are specified for a range of data in a table by defining a condition. The authorization defined in this session can be an exception or addition to the authorizations that are defined in these sessions:

  • Table Authorizations by Company (ttams3144m000)
  • Table Authorizations by Package (ttams3140m000)
  • Table Authorizations by Module (ttams3141m000)
  • Table Authorizations by Table (ttams3142m000)

You can use table data authorizations to block specific data in the database for normal users that are linked to the role.

You can define authorizations depending on the data of a table. For example, a user can only be allowed to insert sales orders with an order number between 100.000 and 200.000.

You can specify an authorization level, for each condition, for example, the data authorization. This can be another authorization level as the table authorization level, which is defined in the database table authorization sessions. If you have not specified table authorizations, the table authorization status is delete, insert, modify, or read.

An overlap can occur between two conditions for the same table with different authorization levels. The most restrictive authorization level is taken in this case.

For the meaning of the condition within the expression, see the list of expressions below:

Cond.Seq.FieldOperatorValue 1And/Or/End
11Xequal1And
12Yequal3Or
21Zequal4End

 

Cond.Seq.FieldOperatorValue 1And/Or/End
11Xequal1And
21Yequal3Or
22Zequal4End

 

When specifying the two expressions, they will turn out to be different.

Expression 1: (X=1 and Y=3) or (Z=4)

Expression 2: (X=1) and (Y=3 or Z=4)

You can define the table data authorizations for all companies or for a specific company. The authorizations for the specific company have the highest authority in this case.

The table data authorizations are an exception to the database table authorizations at company level, at package level, at module level, and at table level.

You can use the appropriate menu to:

  • Delete the table data authorizations for a range of tables.
  • Convert the changes of the database table authorizations to the runtime data dictionary. The database authorization data of the role is stored in the $BSE/lib/roles/db/<first character of role>/<role> file.
  • Copy the database table authorization to the related child fields when a field refers to the related table and the field is part of the primary key of the table for which the database table authorization is defined.

 

Role

The code of the role.

Role

The description of the role.

All Companies

If this check box is selected, the authorizations are defined for all companies.

If authorizations are defined for a specific company as well as for all companies, they can overlap. The authorizations for a specific company have the highest priority.

Company

The code of the company for which the database table authorizations at table data-level are defined.

Company

The description of the company.

Table

The code of the table for which the database table authorizations at table-data level are defined.

Table

The description of the table.

Authorization

The database table authorizations type, which is defined for the tables. This information is used by the server to determine whether a user is authorized to perform a database action on the tables in the package, depending on the specified expression.

Cond.

If the expression consists of multiple conditions, the condition sequence number is specified.

Sern

The number of the sub expression in the condition. An expression can contain more than one sub expression.

These examples explain the use of a condition sequence number in relation to the serial number:

Cond.SernFieldOperandValue 1And/Or/End
11Xequal1And
12Yequal3Or
21Zequal4End

 

Cond.SernFieldOperandValue 1And/Or/End
11Xequal1And
21Yequal3Or
22Zequal4End

 

Expression 1: (X=1 and Y=3) or (Z=4)

Expression 2: (X=1) and (Y=3 or Z=4)

Field

The code of the table field to which the condition applies.

If Customer Defined Fields (CDF) are defined for the table, they can also be used in the authorization process. In this field, specify the name of the CDF field as displayed in the Customer Defined Fields (ttadv4591m000) session. The session adds the “ cdf_ ” prefix to the field. When you zoom on this field, you can choose between zooming to normal table fields and zooming to CDF fields.

Note

To work properly in authorizations, the CDF field must be present in the current package combination of the user that defines the authorizations.

Operator

The operator that you can use in the expression.

Value 1

The value of the field in the condition.

Value 2

Only if the operator is between or not between, the second value applicable.

And/Or/End

The operator that links two conditions, or closes the expression.

Allowed values

and
or
end of expression

 

The expression is closed by using end of expression. If you have specified a condition that is closed by end of expression, all conditions after that condition will be ignored.