Defining database authorizations

Normal users have only restricted authorizations in Tools.

The authorizations that a group of users, linked to a role in an organization, have for a database, are defined in the database authorizations. They contain a set of sessions that can be used to print, display, maintain, and convert the authorizations for a specific table or table field.

The type of authorizations must also be specified for all database authorizations. For example, read, update, insert, delete, or not authorized. Tools uses this data to determine if a user is authorized to perform database actions on tables or table fields. If no database authorizations are specified for a user, then the user has no database permission at all.

You can specify the database authorizations for specific companies, or for all companies. The authorizations for a specific company have the highest priority.

You can specify the database table authorizations at several levels. For example:

  • At company level. Exceptions can be maintained at package, module, table, and table data level.
  • At package level. This is an exception to the company level, and exceptions can be maintained on a module, table, and table data level.
  • At module level. This is an exception to the company and package level, and exceptions can be maintained at table and table data level.
  • At table level. This is an exception to the company, package and module level, and exceptions can be maintained at table data level.
  • At table data level. This is the most specific authorization.

You can also specify the database table field authorizations at these levels:

  • At form field level. Exceptions can be maintained at form field data level.
  • At form field data level. This is the most specific form field authorization.

The authorization that is stated at the most specific level has the highest priority. For example, the table authorizations per table data, for a specific company. The authorization that is stated at the most global level has the lowest priority. For example, the table authorizations per company for all companies.

You can define conditions and expressions to limit the authorizations for a form field for a group of users who are linked to the role. Define the expressions in the Table Field Data Authorizations (ttams3146m000) session, or in the Table Data Authorizations (ttams3145m000) session.

Example

Expression : ttaad200.user between dwatson and sholmes.

The user cannot access the ttaad200 table for users between dwatson and sholmes.