User management
Authorization Management System (AMS) - History on AMS data
If Enhanced AMS is enabled, you can select the Role History check box in the AMS Parameters (ttams0100m000) session. If the Role History check box is selected, the Role History Data (ttams4175m000) session is displayed in the menu.
The history data is generated when a role is converted to runtime. Every time a role is converted to runtime, a history record is written with the next version tag. The changed session, table, table field, and library authorizations that were converted to runtime fall under this version tag. The history contains this information:
- The user that performed the change and the date the data was changed.
- The user that performed the conversion and the date the role was converted to runtime.
You can start these commands from the Role History Data (ttams4175m000) session:
If one role history record is selected, then you can use this version to restore the role and its authorizations to a previous version. The authorizations are overwritten with the data from history. You must convert the changed role to runtime.
To purge the role history for a selection of roles until a date and time. If no history for a role exists after the specified date and time, then the last version tag before the specified date is kept.
The role history contains a calculated hash code based on the role and its authorizations. If data is changed directly in the database, or through the General Table Maintenance (ttaad4100) session, then the hash differs from the calculation. Roles with this issue are displayed on a report.
If an issue with the hash code of a role exists, then you must trace the cause of this issue. You can, for example, run an audit on the database and tables or check the logging of the General Table Maintenance (ttaad4100) session. After solving the problem, you can recalculate the value.