Authorization review and drill back

The term “Drill back” must be read as: "Start an LN session from outside LN through Infor Ming.le".

This can be initiated by another user and without providing any authorization context. For example; an approval step from a workflow set up in ION. In this approval step you must view specific LN data to decide on approval or rejection. To set up the correct authorization for your LN Enterprise Modeler users to drill back from Infor Ming.le into LN you must specify several sessions with information.

The classic method to start a session is by selecting a session by the user within an UI. In the LN UIs you can use:

  • Menu Browser
  • Process Browser
  • Process Viewer
  • Run Program. The menu option Allow Run Program by Session Code. This option can start a session by specifying the session code.

Within the UIs several personalization options are available to overrule and hide parts of the UI that are initially enabled on the server. View sets are maintained within the View Modeler (tlvwm0601m000) on the server where custom views overrule Standard Views as delivered by Infor. Run the View Modeler from Web UI UI. In the View Modeler both Standard, read-only and as delivered by Infor, and configurable Custom view sets are shown.

Enterprise Modeler and AMS

When a session is started from the “Menu Browser” or “Run Program”, the AMS authorization is used. AMS session authorization is the highest (aggregated) authorization level that is defined for a specific user for all assigned AMS roles.

To use AMS the menu browser and the Allow Run Program by Session Code check box in the User Data Template (ttams1110m000) session must be selected.

You can gather and view the authorization information for the AMS and Enterprise Modeler user with these sessions:

  • Aggregate Modeled Authorizations for AMS (tgbrg9298m100)
  • Display Authorization Data (tgbrg9598m000)

The Aggregate Modeled Authorizations for AMS (tgbrg9298m100) session can export Enterprise Modeler authorization information to enhanced AMS. When these authorizations are exported, the corresponding AMS roles are generated. Both AMS and Enterprise Modeler authorizations become active. If required the authorization data can be further maintained in AMS.

With the Display Authorization Data (tgbrg9598m000) session all authorization data per user is listed. With this list you can review the authorizations for the LN users and consider any changes.

LN Enterprise Modeler without AMS

When a session is started from the “Process Browser” or “Work Area” the Enterprise Modeler generated authorization advice is used. The authorization is based on the “active” Enterprise Modeler role. For Enterprise Modeler end-users the UI settings have granted access to the “Process Browser” or “Process Viewer”.

The menu browser and the Allow Run Program by Session Code check box in the User Data Template (ttams1110m000) session must be cleared. This prevents confusing authorization situations where AMS is not the same as Enterprise Modeler.

You can gather and view the authorization information for the Enterprise Modeler user with these sessions:

  • Aggregate Authorization Data (tgbrg9298m000)
  • Print Enterprise Modeler session authorizations (tgbrg8441m000)

The Aggregate Authorization Data (tgbrg9298m000) session collects modeled information to be used by external programs, for example Approva, Excel etc. The modeled information is mainly the output of Print Enterprise Modeler session authorizations (tgbrg8441m000).