Defining session authorizations

Normal users have only restricted authorizations in Tools.

The session authorizations that a group of users, linked to a role in an organization, have for specific sessions in a company are defined in the session authorizations. They contain a set of sessions that can be used to print, display, maintain, and convert the authorizations for specific sessions in a company.

The type of session authorization must also be specified for all session authorizations. You must at least specify one session authorization type. For example, delete, insert, modify, display, and print. Tools uses this data to determine if a user is authorized to start a session. The data is also used by the 4GL engine to determine which options are accessible to the user. If no session authorizations are specified for a user, then the user has no session permissions at all.

You can specify the session authorizations for specific companies, or for all companies. The authorizations for a specific company have the highest priority.

You can specify the session authorizations at several levels. For example:

  • At company level. Exceptions can be maintained at package, module, and session level.
  • At package level. This is an exception to the company level, and exceptions can be maintained at module and session level.
  • At module level. This is an exception to the company and package level, and exceptions can be maintained at session level.
  • At session level. This is an exception to the company, package, and module level.

The authorization that is stated at the most specific level has the highest priority. This is the session authorization per session for a specific company. The lowest priority is the authorization that is stated at the most global level. This is the session authorization per company for all companies.

In addition to the already mentioned levels, session authorizations for a user can also be specified in several roles. For example, a user has two roles. If one role states that the user has permission for a session, and the other role states that the user has no permission. Then the user ultimately has permission for that session.

The authorizations are time related. You must define the time period in which the users, linked to the role, are authorized to start sessions in Tools.