Example of session and data authorization

This table uses the Purchase Order session as an example to explain the two authorization systems:

  • AMS or DEM: Authorization is applied at the session level.
  • Authorization and Security: Authorization is applied at the business object level (for example, Project and RFQ).
Note: The application uses the most secure authorization system.
Session Authorization (AMS or DEM) Data Authorization (SEC) Result
No Permission All Authorization Levels User cannot access the session.
Display No Permission User can access the session but data is not displayed.
View / Use / Modify User can access the session and can only view the data.
Print/Display No Permission User can access the session but data is not displayed or printed.
View / Use / Modify User can access the session and authorized data can only be viewed and printed.
Modify/Print/Display No Permission User can access the session, but no data is displayed.
View / Use User can access the session and all authorized data can only be viewed, printed, or both.
Modify User can access the session and authorized data can be viewed, printed, or modified.
Insert/Modify/Print/Display No Permission User can access the session but no data is displayed
View / Use User can access the session and all authorized data can only be viewed, printed, or both.
Modify User can access the session and action can be executed, except delete, to the authorized data.
Full Authorization No Permission User can access the session, but no data is displayed
View / Use User can access the session, and all authorized data can only be viewed and printed.
Modify User can access the session, any action can be executed, except delete, to the authorized data.

In case modifications or higher permissions in AMS or DEM (for a session that uses the data object) are required, for example, Projects in Hours Accounting, the following is applicable:

Session Authorization (AMS or DEM) Data Authorization (SEC) Result
Modify/Print/Display No Permission User can view and modify all the registered hours, but cannot use the project or zoom to the related project data.
View User can view and modify the related registered hours but cannot use the project, but can zoom to the related project data.
Use / Modify User can view and modify the related registered hours and can use project.
Insert/Modify/Print/Display No Permission User can create, view and modify all the registered hours, but cannot use the project or zoom to the related project data.
View User can create, view and modify the related registered hours but cannot use the project, but can zoom to the related project data.
Use / Modify User can create, view and modify the related registered hours and can use project.
Full Authorization No Permission User can delete, create, view and modify all the registered hours, but cannot use the project or zoom to the related project data.
  View User can delete, create, view and modify the related registered hours but cannot use the project, but can zoom to the related project data.
  Use / Modify User can delete, create, view and modify the related registered hours and can use project.