Previous Topic

Book Contents

Book Index

Next Topic
Authorization by Attribute Value

Authorization by Attribute Value controls access to one or more instances of a Business Object Type depending on evaluation of a single attribute of that BO Type according to a simple condition. The Working Area contains the definition of that simple condition and the attribute to which it applies.

Help Image

Authorization by Attribute Value

There are three different ways to specify Authorization by Attribute Value:

  • Field

Specifies the field (attribute) to which the following conditions should be applied. A click in the Field entry activates a separate window in which you can specify the particular attribute (displayed as a tree view).

The Field (attribute) itself can be then specified in two different ways - by:

  • Value

If the specified attribute of the business object matches these criteria then the authorization applies to the whole business object. A wild card '%' can be used to represent several characters.

Note: The wild card symbol '%' can be placed only once within the value. Then the values are compared to the place of the '%' appearance. Any text mentioned in the permission definition behind the % sign is irrelevant and cuts no figure for the assessment of rights.

Example: All objects that have Location = 10, which might represent an authorization to carry out an inventory for a specific room.

See Authorization by Attribute Value using Specific Value sequence.

  • Range

Sets a range of values that the attribute of the target business object should be in. The upper and lower bounds are treated inclusively.

See Authorization by Attribute Value using Value Range sequence.

  • Variable

Specifies the attribute which value should match the contents of a particular User Variable (for example allowedDepartments). A right mouse click in the Variable entry activates a separate window in which you can specify the particular attribute (displayed as a tree view).

See Authorization by Attribute Value using Variable sequence.

  • Variable by Dataset

Select this item to use the Authorization by (Multitenancy) Dataset value. The combo box contains the hlq1 (hlq2, hlq3...) attributes which have defined a set of values (per user or per group) which make the additional condition for the authorization.

For instance, if a user selects Department Object Type, selects "read" right and applies the hlq attribute, he will be able to "read" the Departments, but ONLY those Departments which the hlq field property applies to. See Multitenancy Definition section for details.

Additionally, the 'Not Operator' check box can be used to define that a negation of the specified condition is to be used.

In This Chapter

Not Operator Usage

See Also

Permission to Object Types

Authorization by Type

Authorization by Instance

Authorization by Relation

Authorization for Attribute

Task in Permission to Object Types Tab