Defining an Authorization Rule 
Use
You use this procedure to define an authorization rule for a property of a protected business object. This authorization rule imposes a condition on business data related to the business object property.
You can define a rule only on the property of a protected higher-level or lower-level business object (BO). When you protect a BO, all its properties are blocked and cannot provide business data to the related tile. However, by defining a token for the BO you can allow application users to access business data in the tile. In addition, you can define a rule to restrict the users’ access to specific data.
You define a rule on the CITY property of the BOCAPGEN business object with compare type EQUAL. If you specify “Frankfurt” as the value for this rule, application users can access records (business data) of BOCAPGEN related only to the city “Frankfurt”.
Prerequisites
You have:
· Protected the required business object
· Identified the property for which you want to define a rule
Procedure
...
1. In the navigation bar, choose Business Object Authorization ® Define Authorization Rules.
The Business Objects tile displays the protected business objects. A tree browser displays higher-level objects as nodes. You can expand a node to view the corresponding names of the relationships with lower-level business objects.
2. Select a business object.
To select a lower-level BO, select the corresponding name of the relationship with its higher-level BO.
The Available Business Object Fields tile displays the corresponding properties.
3. Select the required property for which you want to define a rule.
4. Choose Assign.
The Assigned Authorization Rules tile displays a row with default details of the new rule.
The default details, which include name and system information, are derived from the property. You can change the name of the rule. However, if you change the name of the corresponding property, the name of the rule does not change automatically.
You have created a rule (CITY) for the CITY property. Subsequently, if you change the property name to CITY1, then the name of the corresponding rule (CITY) does not change automatically to CITY1.
5. Enter necessary data for the rule.
The options you select for Compare Type and Data Type determine the criteria for evaluating the rule during runtime.
· To define a rule to allow access to attachments based on a specific file size: specify Less as the compare type and File Size as the data type for the NOTES property of the BOATTACHMENT business object. While assigning this rule to a token you have specified “2 KB” as a value for the rule. During runtime, only the records that have attachments of a size less than “2 KB” can be accessed.
· To define a rule to allow access to records based on a specific city: specify Equal as the compare type and In Collection as the data type for the CITY property of the BOADDRESS business object. While assigning this rule to a token you have specified “Frankfurt” as a value for the rule. During runtime, the records that contain the city “Frankfurt” can only be accessed.
6. Choose Data ® Save.
Result
You have defined an authorization rule for the property of a protected BO. To use this rule in the mobile client application during runtime, you must:
· Assign the rule to a token that has been defined for the same BO. For example, if you define a rule for a property of the BOATTACHMENT business object, then you must assign this rule only to the token defined for the same BO. For more information, see Defining an Authorization Token.
· Provide required values for the rule while assigning the token to an authorization role. For more information, see Assigning an Authorization Token to an Authorization Role.
See also: