Specifying route authorizations for an API role

  1. Start the Route Tree Authorizations by Role (ttmtm6675m000) session.
  2. In the right-hand (Route Tree Authorizations) panel, select the API role for which to define authorizations.
    The /lnapi routes, such as /lnapi/odata/tdapi.purPurchaseOrder, are displayed in the left-hand (Route Tree) panel.
  3. To define authorizations for a particular route, select that route in the tree in the left-hand panel. The full address of the route, such as /lnapi/odata/tdapi.purPurchaseOrder, is displayed in the right-hand panel.
  4. On the Route Authorizations by Role tab in the right-hand panel, add a record and specify this information:
    All Methods
    Specify whether the authorization must apply to all methods of the route.
    Method
    If the authorization must not apply to all methods, specify the name of the method to which the authorization must apply.
    All Companies
    Specify whether the authorization must apply to all companies.
    Company
    If the authorization must not apply to all companies, specify the name of the company to which the authorization must apply.
    Granted
    If this check box is selected, the authorization is granted. If this check box is cleared, the authorization is denied.
    Cascade
    If this check box is selected, the authorization also applies to all child routes of the selected route.

    For example, you specify authorizations for the /lnapi/odata/tdapi.purPurchaseOrder route and you select Cascade . The authorizations also apply to the child routes of /lnapi/odata/tdapi.purPurchaseOrder, such as /lnapi/odata/tdapi.purPurchaseOrder/Orders and /lnapi/odata/tdapi.purPurchaseOrder/Lines.

    In the authorizations of these child routes, the Inherited From field contains /lnapi/odata/tdapi.purPurchaseOrder.

    Note: You can grant authorization for a parent route, and deny that authorization for one or more child routes of the parent route. For example, you grant authorization for all methods in all companies for the /lnapi/odata/tdapi.purPurchaseOrder route and indicate that this authorization must be cascaded to the child routes of that route. To do so, add a row with All Methods = Yes, All Companies = Yes, Granted = Yes, and Cascade = Yes. For one child route, you want to make an exception by denying authorization for all methods in all companies for this child route. To do so, in the authorizations of that child route, add a row with All Methods = Yes, All Companies = Yes, and Granted = No.
  5. In the right-hand panel, click Save.