Defining authorizations

For normal users, authorizations are defined for the use of sessions, databases, and libraries.

These authorizations are defined in roles that you can link to the user profiles. In addition, you can define authorizations that do not depend on a role, such as development parameters and device preferences. These authorizations are defined in templates that you can link to the user profiles. Super users do not have any restrictions and are not linked to roles.

The authorizations are specified with the Authorization Management System (AMS), which is an integrated part of the User Management module.

The system manager can use the AMS module for these actions:

  • Define roles and subroles.
  • Connect a user to roles.
  • Define the various types of authorizations, for example, session authorizations, database authorizations, text group authorizations, and library authorizations.
  • Connect the various authorizations to roles.
  • Group some of the user data with templates.

You can define the authorizations for a group of related users that are identified by their role in an organization. The users can be connected to more than one role and a role can have subroles. For example, the manager of a department must have the same authorizations as the employees, but also requires additional authorizations.

The roles are defined in the Role Data (ttams2100m000) session. You can define the several authorizations through the appropriate commands on the appropriate menu in this session.

When the required data is specified, a conversion to the run-time data dictionary must take place to activate the new or revised authorizations.