Managing Authorizations at Object Level

This page is available for all objects. It helps you fine-tune the administration of access and function rights at object level and complements the company policy defined in the Authorization system.

This topic provides information on the following:

Overview

After installing the application, your system administrator has defined users and user groups and has assigned them authorizations and privileges according to their roles within the company. As regards the specific rights to work with objects, this definition can be insufficient since, at this level, it is only possible to grant rights (read, write, execute, etc.) at object type level.

For example, user SMIT has been granted full rights to the JOBP (Workflow) object type. This is how it looks like in the Administration perspective:

Let's suppose that there is a workflow called JOBP.NEW.32.STANDARD in your company that only selected users should be able to modify, SMIT not being one of them. However, SMIT should be able to see it and its reports and execution data.

The overall authorization definition does not cater for this situation. However, you can specify this restriction directly in the JOBP.NEW.32.STANDARD definition, provided your user profile has been assigned the right to Deal with authorizations at object level.

Make sure that you have at least Read and Write rights on the object before specifying other users' authorizations to it. Otherwise, you would lock yourself and wouldn't be able to access it anymore. Take this into account also when considering user groups. In the example described above, SLA/VIE (with read and write rights) is restricting SMIT' access to the object.

Authorizations and Object Transfers

Since these rights are saved with the object definition, when you transfer an object from one Automation Engine system or from a client to another, you must make sure that the users and user groups to whom rights to the object have been granted have already been defined in the target system. Otherwise, the object cannot be accessed.

To Define Authorizations at Object Level

  1. Open the object and navigate to the Authorizations page.
  2. Click the Add Row button to start specifying the authorizations.
  3. Select the user or the user group you want to grant or revoke rights to from the User or User group dropdown list.
  4. Activate or deactivate the individual checkboxes to grant or revoke the following rights:
    • R: Read
    • W: Write
    • X: Execute
    • D: Delete
    • C: Cancel
    • S: Execution Data
    • P: Reports
    • M: Modify at runtime
    • L: Allow Service Orchestrator users to define Automation Engine SLAs for objects with the allowed object types
  5. Save your changes.

See also:

User Management: Defining and Managing the Authorization System