Example of session and data authorization
This table uses the Purchase Order session as an example to explain the two authorization systems:
- AMS or DEM: Authorization is applied at the session level.
- Authorization and Security: Authorization is applied at the business object level (for example, Project and RFQ).
Note: The application uses the most secure authorization system.
Session Authorization (AMS or DEM) | Data Authorization (SEC) | Result |
---|---|---|
No Permission | All Authorization Levels | User cannot access the session. |
Display | No Permission | User can access the session but data is not displayed. |
View / Use / Modify | User can access the session and can only view the data. | |
Print/Display | No Permission | User can access the session but data is not displayed or printed. |
View / Use / Modify | User can access the session and authorized data can only be viewed and printed. | |
Modify/Print/Display | No Permission | User can access the session, but no data is displayed. |
View / Use | User can access the session and all authorized data can only be viewed, printed, or both. | |
Modify | User can access the session and authorized data can be viewed, printed, or modified. | |
Insert/Modify/Print/Display | No Permission | User can access the session but no data is displayed |
View / Use | User can access the session and all authorized data can only be viewed, printed, or both. | |
Modify | User can access the session and action can be executed, except delete, to the authorized data. | |
Full Authorization | No Permission | User can access the session, but no data is displayed |
View / Use | User can access the session, and all authorized data can only be viewed and printed. | |
Modify | User can access the session, any action can be executed, except delete, to the authorized data. |
In case modifications or higher permissions in AMS or DEM (for a session that uses the data object) are required, for example, Projects in Hours Accounting, the following is applicable:
Session Authorization (AMS or DEM) | Data Authorization (SEC) | Result |
---|---|---|
Modify/Print/Display | No Permission | User can view and modify all the registered hours, but cannot use the project or zoom to the related project data. |
View | User can view and modify the related registered hours but cannot use the project, but can zoom to the related project data. | |
Use / Modify | User can view and modify the related registered hours and can use project. | |
Insert/Modify/Print/Display | No Permission | User can create, view and modify all the registered hours, but cannot use the project or zoom to the related project data. |
View | User can create, view and modify the related registered hours but cannot use the project, but can zoom to the related project data. | |
Use / Modify | User can create, view and modify the related registered hours and can use project. | |
Full Authorization | No Permission | User can delete, create, view and modify all the registered hours, but cannot use the project or zoom to the related project data. |
View | User can delete, create, view and modify the related registered hours but cannot use the project, but can zoom to the related project data. | |
Use / Modify | User can delete, create, view and modify the related registered hours and can use project. |