Authorization Rights
All authorizations which are defined use one of the following Rights. They are listed in the order of their strength (starting with the lowest priority, which needs to be taken into account when the user is assigned to various roles).
|
The role cannot read the data to which the authorization refers. The information is not displayed. If the No Read authorization is used for an attribute of a business object, then the object will be displayed to the user, but without the relevant attribute (column).
|
|
The role can read information but cannot update it.
|
|
The role can both read data and update it (e.g. create business objects, change data…). However, it doesn’t allow the user to delete business objects.
|
|
The role can perform all operation including delete. This authorization right has the highest priority of all.
|
In addition, Actions and Workflows can be executed (started), which is used to distinguish the administrative access involving a change to the workflow definition from a mere executing of a workflow on the production data.
|
The role cannot execute neither change a workflow / action.
|
|
The role can execute a workflow / action (e.g. create order, start incoming goods…). However, it doesn’t allow the user to change or delete a workflow definition.
|
|
The role can change a workflow definition. However, it doesn’t allow the user to delete a workflow.
|
Note: Change and Delete rights already include the right to Execute.
|