In contrast to the other authorization types, Authorization for Attribute controls access to specific attributes of a Business object. It could also be called Column Authorization. Implicitly, a role is granted access to all attributes of the business object. Thus, in the catalogs, all fields by the catalog definition are displayed, including the associated attributes from relations with other objects, regardless the user’s rights to the target object the relation points to. Normally, the administrator ensures that the catalogs displays only the attributes the role is allowed to see and consequently, often various catalogs specifically customized for administrators, managers and other users are in use. The for attribute authorization enables you to override the implicit setting and prohibit a role from viewing selected attributes. Note: The default authorization does not affect the authorization for attribute. They are completely independent. Valuemation Authorization Manager checks whether the column is restricted or not. If anything other than No Read is defined for an attribute, the access is allowed. This is regardless of the default right and other rights that may refer to types and instances of business objects. Authorization for Attribute The Working Area contains one element:
The name of the attribute. All attributes of the business object are listed in the window; the appropriate one can be selected. See Authorization for Attribute sequence. | |||||