Show TOC

Function documentationDefine Authorization Locate this document in the navigation structure

 

You use this phase to define authorization data for the role by adding Transactions, Functions, and Authorization Objects to a role, along with maintaining the Org. Values.

Note Note

To maintain the Org. Values, you need to first display the Organizational Level fields in the role.

End of the note.

Features

To view the Authorization Data screen, choose the Authorization Data pushbutton, located along the bottom of the Define Authorization phase screen. You may change the authorization data; or, you can choose Save and move on to the next phase.

The Change History and the Save pushbuttons are also located at the bottom of the Define Authorization phase. The Change History button is a read-only record of all modifications made to this role. The table includes the date and the time that each phase was modified.

Note Note

Whenever you want to bypass a phase, you can simply enter the phase and choose   Save   Back to Role Definition  

End of the note.

The following table describes the authorization tabs:

Note Note

Ticket Number and comments: only if you have configured a pop-up box for entering a ticket number, when you Save authorizations you are then prompted to enter a ticket number and comments. These comments then appear in the history for this role.

End of the note.
Authorization Tabs

Authorization Tab

Description

Prerequisites

Functions

The functions group is a set of Security transactions and authorizations. These functions populate the remaining tabs.

The Functions tab appears only if you use Enterprise Role Management with Risk Analysis and Remediation. The Allow Adding Functions to the Authorization Settings on the Miscellaneous Configuration screen must be set to Yes.

Transactions

You can add or delete the transactions in this tab Use the add and subtract icons to add and remove transactions. When you add a transaction, the Search Transactions screen opens. You can search for a transaction by transaction name or description.

NA

Objects by Class

You can configure objects in the Objects by Class tab by field and value, or authorization level. You can add objects to a role, but you can only delete an authorization within the object. In addition, if you have completed a PFCG integration setup and have access to PFCG, you can maintain all the objects within PFCG. For details, see the section Maintain in PFCG in the topic: Adding Objects by Class.

NA

Objects by Transaction

Objects in the Objects By Transaction tab are view-only. You can expand each transaction to view its hierarchical structure and associated values, but you cannot make changes to the transactions.

NA