Authorizations
To grant audit security permissions to users, the administrator must use the Audit Authorizations (ttaad4562m000) session. These permissions determine whether the user can use the sessions in the Audit Management business object.
Security permissions that are assigned to users are checked against previously existing records to check for conflicts.
You can assign security permissions for all packages, modules, table numbers, and companies. You can provide some permissions for all packages, and provide no permissions to a range of packages to disable these permissions.
You can use the Specified command to provide particular permissions to a specified package. Using Specified, the highest priority is given to the security permissions that are assigned for that particular package, module, table, and company.
You cannot assign security permissions for a range within a range. Suppose you assign some permissions using the All command, then disable permissions for a range between tt—vv. You cannot enable permissions within this range or an overlapping range. But you can use the Specified command to enable the permissions for a specific package.
The conflicting records are not stored in the table.
The security permissions for users are stored in a table ttaad462, which you can access using the sessions in the Audit Management business object.
The security checking is carried out at two layers: one at user level and another for reading audit information. The user can have permissions at the user level but not for reading the audit information. At audit level, the security permissions are stored in the audit information header of the audit information file.
| User level permissions | Audit level permissions |
|---|---|
| None | |
| All | Clean |
| Maintain | |
| Clean | Application-defined |
| Maintain |
At user level, the administrator user can grant permissions in various combinations. The administrator user assigns permissions to print and clean audit information through the Audit Authorizations (ttaad4562m000) session. You can find the Audit Authorizations (ttaad4562m000) session on the Enterprise Server Audit Management menu. The only session the administrator user can execute without being assigned any security permissions is the maintain session.
Example
| None | No permissions |
| All | Print, clean, and maintain permissions |
| Only print permissions | |
| Print/Clean | Print and clean permissions |
| Print/Clean/Maintain | Same as all permissions |
| Application defined | Access to some sessions that are restricted |
| Maintain/Application | Only maintain permission, no print and clean-defined permissions |
At audit level, the permissions can be granted in combinations except application-defined. Only maintain can be combined with application-defined.
The user cannot print or clean up any audit information. To print, clean, or maintain the audit information from the audit files, the permissions must exist at both levels.
- Permission at user level: Print or print/clean
- Permission at audit level: Application-defined
The user cannot print or clean up any audit information in the audit files using the sessions in the Audit Management Business Object. The user can, however, run the Audit Information File (ttaad4160s000) session, because the user has maintain permission only at audit-file level.
- Permission at user level: Maintain or print/maintain or clean/maintain
- Permission at audit level: Maintain/application-defined
If the user is not the administrator and only application-defined exists at the audit file level, no session of the Audit Management business object can be executed. The administrator user can use the maintain session even if no permissions are assigned to the administrator user. However, the administrator user cannot use print and clean sessions unless security permissions are assigned to the administrator.
If user
bsp has print permission at user level, a further
check is made to see the security permissions at audit level.
User
bsp can only continue if print permission is available
at the audit level. Otherwise, the session is canceled and an appropriate
message is displayed.