Authorization by Relation refers to a complete Business Object Type. However, unlike the Authorization by Type, this authorization does not have a fixed value but the authorization changes according to an evaluation of a specific relation the given object has. The permission is evaluated in the runtime by the right the current user has to the target object the relation points to.

This possibility allows the administrator to quickly create multiple authorizations to objects, according users rights to another related object. For example, you can create an authorization that grants users automatically the access to subcomponents, provided they have the appropriate rights to the parent system.

WARNING: The "by relation" authorization type can slow down the performance of the application significantly! The relations are evalueated recursively which can go to very deep level. The customizer should check the possible catenation of objects before applying this type of authorization.

If the relation points to a collection, the access is allowed if at least one of the objects held by the collection permits it. If such a collection is empty, the permission is ignored.

Note:  You can only grant access using this right, but you are unable to restrict it.

Authorization by Relation

The Working Area contains one element:

• Relation

Selects a relation held by the selected Object Type.

See Authorization by Relation sequence.