To create roles and authorizations - details

The procedure details are based on the case study in the To create roles and authorizations (OP-CE) section.

To create the standard role that contains the basic user authorizations:

  1. Add a new role
    1. Start the Role Data (ttams2100m000) session.
    2. On the toolbar, click New to create the standard role.
    3. Enter an identifier in the Role column, and enter a descriptive name for the role in the Description column. For this case study, enter Standard as the role identifier and Basic Employee Authorizations as the role’s description.
    4. Click Save to save the role in LN ’s data dictionary.
  2. Define session authorizations at company level

    Users must be able to view and print the data in the Global Enterprises’ general data dictionary. The users must also have full, round-the-clock authorizations for the data in the Holland Company and the USA Company.

    To define these authorizations at company level:

    1. In the Role Data (ttams2100m000) session, select the Standard role in the grid.
    2. On the appropriate menu, point to Session Authorizations and click Session Authorizations by Company . The Session Authorizations by Company (ttams3133m000) session starts.
    3. On the toolbar, click New.
    4. In the Company field, zoom to the Companies (ttaad1100m000) session and select Data Dictionary_General (000) company.
    5. In the Authorization Groups box, select Print/Display.
    6. In the StartTime and EndTime fields, define the time interval 00:00 and 24:00, respectively.
    7. Repeat Steps 3 and 4 for the Holland Company and the USA Company and click Save.
    8. Exit the Session Authorizations by Company (ttams3133m000) session to return to the Role Data (ttams2100m000) session.
  3. Define session authorizations at module level

    Full authorization is required to ensure that users can use LN ’s Chart Manager for the sessions in the Chart Manager module. The session authorizations at module level are an addition to the print/display authorization of the Global Enterprise’s general data dictionary (000).

    Because the Chart Manager module is part of LN Tools (tt), you must add the session authorization for the chart manager module to the standard role.

    To add this session authorization, you must add LN Tools to the general data dictionary in the standard role. Then add full authorization for the Chart Manager to the standard role.

    To define the session authorizations at module level:

    1. In the Role Data (ttams2100m000) session, select the Standard role in the grid.
    2. On the appropriate menu, point to Session Authorizations and click Session Authorizations by Module . The Session Authorizations by Module (ttams3131m000) session starts.
    3. On the toolbar, click New Group.
    4. In the Company field, zoom to the Companies (ttaad1100m000) session and click Data Dictionary_General (000).
    5. In the Package field, zoom to the Packages (ttadv1100m000) session and click tt (Tools).
    6. On the toolbar, click New, and in the Module field, zoom to the Modules (ttadv1101m000) session and select the Chart Manager (CHM) module.
    7. In the Authorization Groups box, select Full Authorization.
    8. In the Start Time and ClosingTime fields, define the time interval 00:00 and 24:00, respectively, and click Save.
    9. Exit the session to return to the Role Data (ttams2100m000) session.
  4. Define session authorizations at session level

    To ensure that all necessary functionalities in Global Enterprises’ general data dictionary function properly, some authorizations at the session level must be restricted or added to LN Tools. For example, the authorization for the General Table Maintenance (ttaad4100 ) session must be restricted to no authorization. You must also extend the authorization for the Select Device (ttstpsplopen ) session to full authorization.

    To extend this authorization, you must add LN Tools to the general data dictionary in the standard role, and add the session authorizations at session level. For example, restrict the authorizations for the General Table Maintenance (ttaad4100 ) session to no authorizations.

    To add the session authorizations at session level:

    1. In the Role Data (ttams2100m000) session, select the Standard role in the grid.
    2. On the appropriate menu, point to Session Authorizations , and click Session Authorizations by Session . The Session Authorizations by Session (ttams3132m000) session starts.
    3. On the toolbar, click New Group.
    4. In the Company field, zoom to the Companies (ttaad1100m000) session and select Data Dictionary_General (000).
    5. In the Package field, zoom to the Packages (ttadv1100m000) session and select tt (Tools).
    6. On the toolbar, click New, and in the Session field, zoom to the Sessions (ttadv2506s000) session and select General Table Maintenance (ttaad4100 ) session.
    7. In the Authorization Groups field, select No Authorization.
    8. In the Start Time and ClosingTime fields, define the time interval 00:00 and 24:00, respectively, and then click Save.
    9. Exit the session to return to the Role Data (ttams2100m000) session.
  5. Define table authorizations at company level

    You must assign the table authorizations at company level to the standard role. These authorizations are required to ensure that the employees can perform all the necessary database transactions in Global Enterprises’ general data dictionary, the Holland Company, and the USA Company.

    To define the table authorizations for the standard role:

    1. In the Role Data (ttams2100m000) session, select the Standard role in the grid.
    2. On the appropriate menu, point to Table Authorizations , and click Table Authorizations by Company . The Table Authorizations by Company (ttams3144m000) session starts.
    3. On the toolbar, click New. In the Company field, zoom to the Companies (ttaad1100m000) session and select the Data Dictionary_General (000) company.
    4. In the Authorization Indicator field, select Delete/Insert/Modify/Read.
    5. Repeat Steps 2 through 4 for the Holland Company and the USA Company, and then click Save.
    6. Exit the session to return to the Role Data (ttams2100m000) session.
  6. Define table field authorizations

    Ensure that the users cannot change their own user name, user type, and system logon. The employee’s authorizations for these table fields in the User Data (ttaad200) table must be restricted to read only.

    To define the table authorizations for the standard role at table field level:

    1. In the Role Data (ttams2100m000) session, select the Standard role in the grid.
    2. On the appropriate menu, point to Table Authorizations , and click Table Field Authorizations . The Table Field Authorizations (ttams3143m000) session starts.
    3. On the toolbar, click New Group.
    4. In the Company field, zoom to the Companies (ttaad1100m000) session and select Data Dictionary_General (000).
    5. On the toolbar, click New. In the Field Name field, zoom to the Table Fields (ttadv4529m000) session and select the name (ttaad200.name) field in the User Data (ttaad200) table.
    6. In the Authorization field, select Read.
    7. Repeat Steps 4 and 5 for the User Type table field and the System Logon table field, and then click Save.
    8. Exit the session to return to the Role Data (ttams2100m000) session.
  7. Convert the role to the run-time data dictionary.

    You must now convert the standard role to the run-time data dictionary. This step completes the procedure to create the standard role.

    1. In the Role Data (ttams2100m000) session, on the appropriate menu, click Convert Changes to Runtime DD . The Convert Changes to Runtime DD (ttams2200m000) session starts.
    2. Under Roles , click Database Authorizations and Session / Library Authorizations .
    3. Click Convert to Runtime to convert the standard role to LN ’s run-time data dictionary.
    4. Restart LN: to apply the new settings, the relevant users must log off and log on again.

    The employees’ basic authorizations are now defined in the standard role. This concludes the case study. At this point, you can create additional roles and sub-roles for specific tasks. You must use the User Data (ttaad2500m000) session to link the roles to the individual LN users. See “To create LN users,” in the User-related procedures (OP) section.