Authorization Implementation 
Purpose
This process describes the steps involved in:
· Defining authorizations using the Authorization Management Tool (AMT) for controlled access to a mobile client application
· Subsequent transports of the authorizations to mobile clients where mobile client users use mobile client applications
Prerequisites
·
A predefined role must be assigned to an AMT user
by the AMT system administrator. For more information, see 
Assigning a Predefined
Role to an AMT User.
· All mobile clients have subscribed to the following publications:
¡ AUTHORIZATION
¡ AUTHORIZATION1
¡ AUTHORIZATION2
·
Authorization is enabled in AMT. For more
information, see Authorization
Activation .
·
You have logged into AMT. For more information, see
Logon to
Authorization Management Tool.
Process Flow
...
1. Create authorization roles
You create roles and assign these roles to the authorizations defined for controlled access to user interfaces and their corresponding business data. Subsequently, you can assign these roles to mobile client users to enable authorization-based access to mobile client applications.
The Roles tile displays the authorization roles if existing, along with the predefined roles. We recommend that you do not modify or delete any predefined role.
2. Define authorizations for the user interface
You define authorizations for different roles to allow complete or controlled access to a mobile client application, its business components, tile sets, and tiles.
For more information, see Authorization at the
User Interface Level.
3. Define authorizations for the business logic level
You define authorizations to:
¡ Restrict access to the required business objects that display business data in the relevant tiles. However, you can create authorization tokens with rights to allow controlled access to these restricted business objects. Later, they assign these tokens to the required roles.
¡ Provide controlled access to the required business object properties that display business data in the associated controls of tiles. The rights defined in the token of a business object are applicable to all properties of the business object. However, you can create authorization field groups to allow controlled access to the required business object properties. Later, you can assign these field groups to the required roles.
For more information, see Authorization at the
Business Logic Level.
4. Assign roles to mobile client users
You assign one or more than one role to each mobile client user. In addition, you can also assign the same role to multiple users.
For more information, see Assigning an
Authorization Role to a Mobile Client User.
5. Storage of authorizations
The system stores authorizations defined in the user database.
6. Transport authorizations to mobile clients
The administrator of AMT connects to the CRM Server using ConnTrans. This operation transports authorizations from the user database to consolidated database (CDB). When mobile client users connect to the CRM Server using ConnTrans, they receive the appropriate authorizations on their mobile clients based on the publications they have subscribed.
For more information, see Transporting
Authorizations to Mobile Clients.
Result
The mobile client application users use the application with controlled access to user interface and business data, as defined in the roles that are assigned to them.
See also: