Table Data Authorizations (ttams3145m000)
Use this session to maintain table data authorizations. You can specify restrictions for normal users that are linked to the role to perform database actions on records of a table for a given condition. Table data authorizations are specified for a range of data in a table by defining a condition. The authorization defined in this session can be an exception or addition to the authorizations that are defined in these sessions:
- Table Authorizations by Company (ttams3144m000)
- Table Authorizations by Package (ttams3140m000)
- Table Authorizations by Module (ttams3141m000)
- Table Authorizations by Table (ttams3142m000)
You can use table data authorizations to block specific data in the database for normal users that are linked to the role.
You can define authorizations depending on the data of a table. For example, a user can only be allowed to insert sales orders with an order number between 100.000 and 200.000.
You can specify an authorization level, for each condition, for example, the data authorization. This can be another authorization level as the table authorization level, which is defined in the database table authorization sessions. If you have not specified table authorizations, the table authorization status is delete, insert, modify, or read.
An overlap can occur between two conditions for the same table with different authorization levels. The most restrictive authorization level is taken in this case.
For the meaning of the condition within the expression, see the list of expressions below:
| Cond. | Seq. | Field | Operator | Value 1 | And/Or/End |
|---|---|---|---|---|---|
| 1 | 1 | X | equal | 1 | And |
| 1 | 2 | Y | equal | 3 | Or |
| 2 | 1 | Z | equal | 4 | End |
| Cond. | Seq. | Field | Operator | Value 1 | And/Or/End |
|---|---|---|---|---|---|
| 1 | 1 | X | equal | 1 | And |
| 2 | 1 | Y | equal | 3 | Or |
| 2 | 2 | Z | equal | 4 | End |
When specifying the two expressions, they will turn out to be different.
Expression 1: (X=1 and Y=3) or (Z=4)
Expression 2: (X=1) and (Y=3 or Z=4)
You can define the table data authorizations for all companies or for a specific company. The authorizations for the specific company have the highest authority in this case.
The table data authorizations are an exception to the database table authorizations at company level, at package level, at module level, and at table level.
You can use the appropriate menu to:
- Delete the table data authorizations for a range of tables.
- Convert the changes of
the database table authorizations to the runtime data dictionary. The database
authorization data of the role is stored in the
$BSE/lib/roles/db/<first character of role>/<role>file. - Copy the database table authorization to the related child fields when a field refers to the related table and the field is part of the primary key of the table for which the database table authorization is defined.
Field Information
- Role
-
The code of the role.
- Role
-
The description of the role.
- All Companies
-
If this check box is selected, the authorizations are defined for all companies.
If authorizations are defined for a specific company as well as for all companies, they can overlap. The authorizations for a specific company have the highest priority.
- Company
-
The code of the company for which the database table authorizations at table data-level are defined.
- Company
-
The description of the company.
- Table
-
The code of the table for which the database table authorizations at table-data level are defined.
- Table
-
The description of the table.
- Authorization
-
The database table authorizations type, which is defined for the tables. This information is used by the server to determine whether a user is authorized to perform a database action on the tables in the package, depending on the specified expression.
- Cond.
-
If the expression consists of multiple conditions, the condition sequence number is specified.
- Sern
-
The number of the sub expression in the condition. An expression can contain more than one sub expression.
These examples explain the use of a condition sequence number in relation to the serial number:
Cond. Sern Field Operand Value 1 And/Or/End 1 1 X equal 1 And 1 2 Y equal 3 Or 2 1 Z equal 4 End Cond. Sern Field Operand Value 1 And/Or/End 1 1 X equal 1 And 2 1 Y equal 3 Or 2 2 Z equal 4 End Expression 1: (X=1 and Y=3) or (Z=4)
Expression 2: (X=1) and (Y=3 or Z=4)
- Field
-
The code of the table field to which the condition applies.
If Customer Defined Fields (CDF) are defined for the table, they can also be used in the authorization process. In this field, specify the name of the CDF field as displayed in the Customer Defined Fields (ttadv4591m000) session. The session adds the “
cdf_” prefix to the field. When you zoom on this field, you can choose between zooming to normal table fields and zooming to CDF fields.Note: To work properly in authorizations, the CDF field must be present in the current package combination of the user that defines the authorizations. - Operator
-
The operator that you can use in the expression.
- Value 1
-
The value of the field in the condition.
- Value 2
-
Only if the operator is between or not between, the second value applicable.
- And/Or/End
-
The operator that links two conditions, or closes the expression.
Allowed values
and or end of expression The expression is closed by using end of expression. If you have specified a condition that is closed by end of expression, all conditions after that condition will be ignored.