Administration Guide > Authorization System > Access to Objects

Access to Objects

Authorizations for users and user groups can be defined on object level. By doing so, users and user groups obtain exclusive access rights to a particular object.

This is a very restrictive function and should only be used in exceptional cases. If no access rights have been defined for an object,  it can be accessed by all authorized users. Objects including their properties play an important role in the authorization system.

When accessing an object, the system first checks whether the user has the relevant right in the User object. If so, the access rights are subsequently checked on object level.

Object authorizations are called using the Properties command from the File menu or Explorer's context menu. Access is only granted to users who have a write permission (W) for the particular object.

On object level, you can only define access rights. These rights describe the functions that are available for a particular user or all members of a user group. As soon as authorizations have been assigned to a particular object, access is denied to all other users and user groups . At least one user or user group must have write access to this object as otherwise, authorizations cannot be modified anymore. A dialog informs about this requirement when authorizations are defined.

The access type can be selected or unselected using the space bar or the mouse button. Click Apply in order to activate access rights immediately.

Table column

Description

R

Access type: Read

W

Access type: Write

X

Access type: Execute

D

Access type: Delete

C

Access type: Cancel

S

Access to statistics

P

Access to reports

M

Access type: Modify at runtime

L

Allows Service Orchestrator (SVO) users to define Automation Engine SLAs for objects with the allowed object types.

Problems can arise if objects are transferred to other AE systems or clients which include individual access rights that are defined in their properties. These transferred objects cannot be accessed unless all specified users and user groups are also available in the new environment.