This sample role is for access control context administrators and allows the creation and maintenance of access control contexts (ACCs), access control lists (ACLs), objects and user groups.
Caution
This role should be used as a demo role with demo users only. A demo role must not be used in a production system in case it contains wildcards “*” (asterisks) for parameters, which might grant too many authorizations to users. After copying this role to a production system, each authorization parameter containing an asterisk must be thoroughly checked before use.
Object Type |
Activity |
Description and Comment |
Corresponding Activity in Database Table TACT |
---|---|---|---|
Document |
Display |
Displaying document metadata Displaying classification included |
03 (Display) |
Change |
Changing document Changing classification included |
02 (Change) |
|
Maintain ACL |
Maintaining ACLs for document |
70 (Administer) This activity only works with activity Change and for owned objects. (For assigned objects, the user can only display ACLs.) |
|
Display ACL |
Displaying ACLs for document |
70 (Administer) This activity only works with activity Display. |
|
View Original |
Starting application to download or view files attached to document |
53 (Display application start) |
|
Material |
Change |
Changing material Changing classification included |
02 (Change) |
Display |
Displaying material Displaying classification included |
03 (Display) |
|
Maintain ACL |
Maintaining ACLs for material |
70 (Administer) This activity only works with activity Change and for owned objects. (For assigned objects, the user can only display ACLs.) |
|
Display ACL |
Displaying ACLs for material |
70 (Administer) It works only with the Display activity. |
|
Material BOM |
Change |
Changing material BOM Changing classification included |
02 (Change) |
Display |
Displaying material BOM Displaying classification included |
03 (Display) |
|
Maintain ACL |
Maintaining ACLs for material BOM |
70 (Administer) This activity only works with activity Change and for owned objects. (For assigned objects, the user can only display ACLs.) |
|
Display ACL |
Displaying ACLs for material BOM |
70 (Administer) This activity only works with the Display activity. |
|
Change Number |
Change |
Changing change number Changing classification included |
02 (Change) |
Display |
Displaying change number Displaying classification included |
03 (Display) |
|
Maintain ACL |
Maintaining ACLs for change number |
70 (Administer) This activity only works with activity Change and for owned objects. (For assigned objects, the user can only display ACLs.) |
|
Display ACL |
Displaying ACLs for change number |
70 (Administer) This activity only works with activity Display. |
|
Access Control Context |
Create |
Creating subordinate context The General Data, Context Hierarchy, Roles/Users views are visible, but the Objects view is not. |
01 (Create or generate) |
Display |
Displaying context The following views are visible: General Data, Context Hierarchy and Objects. (Only objects and contexts that the user has authorization for.) Any user assigned through a context role to a certain context implicitly gets the Display activity granted for this context. |
03 (Display) |
|
Analyze |
Analyzing context This activity allows displaying contexts on the context screen for audit purposes. All views of the context screen are visible. |
71 (Analyze) |
|
Change |
Change context This activity allows changing contexts on the context screen. The user can change all views of the context screen. |
02 (Change) |
|
Delete |
Deleting context |
06 (Delete) |
|
Assign |
Transferring or assigning objects to the context This activity also requires the granting of the Publish activity in the source context. |
78 (Assign) |