Authorizations Page

{"URL":["/*.*/awa/pa_view_sheet_object_authorizations"],"heroDescriptionIdentifier":"ice_object_authorizations_page","customCards":[{"id":"ice_authorizations_page_example","title":"Example","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/*.*/Automic%20Automation%20Guides/Content/AWA/Objects/obj_AuthPage.htm","languages":["en-us"]},{"id":"ice_authorizations_page_object_transfers","title":"Authorizations and Object Transfers","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/*.*/Automic%20Automation%20Guides/Content/AWA/Objects/obj_AuthPage.htm","languages":["en-us"]},{"id":"ice_defining_authorization_system","title":"Defining and Managing an Authorization System","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/*.*/Automic%20Automation%20Guides/Content/AWA/AdministrationPerspective/AG_DefiningAuthorizationSystem.htm","languages":["en-us"]},{"id":"ice_exporting_tables","title":"Exporting Tables","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/*.*/Automic%20Automation%20Guides/Content/_Common/CommonFunctions/CF_CSVExport.htm","languages":["en-us"]},{"id":"ice_working_with_tables","title":"Working with Tables","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/*.*/Automic%20Automation%20Guides/Content/_Common/CommonFunctions/CF_WorkingWithTables.htm","languages":["en-us"]}]}

The Authorizations page is available for all objects. It helps administrator users fine-tune the access and function rights at object level and complements the company policy defined in the Authorization system.

Note: Defining authorizations at an individual level is not the recommended method to design a solid and easy-to-maintain user management policy in your company. The recommended method is to define User Groups, assign them Users and grant authorizations and privileges to the User Groups. Take into account that combining User and User Group rights with additional object authorizations can lead to contradictory definitions. Use object authorizations sparingly.

You can also grant or deny authorizations at object level through the REST API, see AE REST API - Granting Authorizations and Privileges.

This page includes the following:

Overview

object authorizations,authoriations page,authorizations at object level

After installing the application, your system administrator has defined Users and User Groups and has assigned them authorizations and privileges according to their roles within the company.

For example, user SMIT has been granted full rights to the JOBP (Workflow) object type. This screenshot shows what it looks like in the Administration perspective:

Screesnshot of user object displaying the Authorizations tab

Let's suppose that there is a Workflow called JOBP.NEW.32.STANDARD in your company that only selected users should be able to modify, SMIT not being one of them. However, SMIT should be able to see it and its reports and execution data.

The overall authorization definition does not cater for this situation. However, you can specify this restriction directly in the JOBP.NEW.32.STANDARD definition, provided your user profile has been assigned the right to Deal with authorizations at object level.

Screenshot of the Workflow object displaying the Object Authorizations page

Important!

  • You need at least Read and Write rights on the object before specifying other users' authorizations to it. Otherwise, you would lock yourself and would not be able to access it anymore. Take this into account also when considering User Groups.
  • The rights that are defined here at object level overwrite the ones that have been defined for a User or User Group.

Authorizations and Object Transfers

object authorizations,authoriations page,authorizations at file transfer level

Since these rights are saved with the object definition, when you transfer an object from one Automation Engine system or from a Client to another, you must make sure that the Users and User Groups to whom rights to the object have been granted have already been defined in the target system. Otherwise, the object cannot be accessed.

To Define Authorizations at Object Level

  1. Open the object and navigate to the Authorizations page.
  2. Click the Add Row button to start specifying the authorizations.
  3. Select the User or the User Group you want to grant or revoke rights to from the User or User group dropdown list.
  4. Activate or deactivate the individual checkboxes to grant or revoke the following rights:
    • R: Read
    • W: Write
    • X: Execute
    • D: Delete
    • C: Cancel
    • S: Execution Data
    • P: Reports
    • M: Modify at runtime
    • L: Allow Service Orchestrator users to define Automation Engine SLAs for objects with the allowed object types
  5. Save your changes.

The authorization names differ slightly in AWI and the REST API. When using the REST API, use the following parameters:

  • READ

  • WRITE

  • EXECUTE

  • DELETE

  • CANCEL

  • READ_STATISTIC

  • READ_REPORT

  • MODIFICATION_AT_RUNTIME

See also: