Explanation of Roles DB Authorizations Display

Explanation of Authorizations Display on the Web

In the Roles Database, an Authorization is a rule that lets you perform a specific business function within a computer-based application. Authorizations have three main parts: Person, Function, and Qualifier, plus some flags and timestamp fields. (See Introduction to the Roles Database application.) A Person can perform a business Function limited by a Qualifier.

Qualifiers can be Funds, Fund Centers, Organizational Units, etc.. (See a list of qualifier types.) In each Authorization, the type of Qualifier must fit the Function. For example, an Authorization for CAN SPEND OR COMMIT FUNDS must have a Qualifier of type "FUND" (Fund or Fund Center), whereas an Authorization for "REPORT BY CO/PC" must have a Qualifier of type COST (Profit Center or Cost Object).

Some Functions, such as the various JV Functions, are either "on or off", and are not restricted by a Qualifier. (Or, in the case of "REQUISITIONER" or "CREDIT CARD VERIFIER", the Function is linked to the Qualifier on "CAN SPEND OR COMMIT FUNDS" authorizations.) All Authorizations for these Functions have a Qualifier of NULL. The Person is allowed to perform the Function, and NULL is a simply a placeholder for the Qualifier field.

The "Authorizations for a Person" display contains a list of Authorizations for a person within a single category or application (such as SAP) or for all categories. Your ability to view Authorizations for other people is controlled by a kind of meta-authorization. The display includes the following fields:

Function
Category The application or system, such as SAP or the Data Warehouse, to which the Authorization applies. (See a list of Function Categories.)

Function
Name The short name of the Function component of the Authorization. (See a list of Functions within a Function Category.) If the function name is shown in gray, then the authorization is not in effect due to the do_function flag or expiration/effective dates.

Qualifier
Code The Organizational Unit, Fund Center, Cost Object, or other item that limits the data for which the Person can perform the Function.

Do
Function Y (Person can do the business Function), or N (cannot). N is specified for people who can grant an Authorization but cannot perform the business Function themselves.

Grant Y (Person can grant the Authorization) or N (cannot).

Effective
Today Y (Authorization is in effect today) or N (Authorization is expired or does not go into effect until a future date).

Click for
Details Click on the asterisk ( *) for more details on the Authorization.

Function Category	The application or system, such as SAP or the Data Warehouse, to which the Authorization applies. (See a list of Function Categories.)
Function Name	The short name of the Function component of the Authorization. (See a list of Functions within a Function Category.) If the function name is shown in gray, then the authorization is not in effect due to the do_function flag or expiration/effective dates.
Qualifier Code	The Organizational Unit, Fund Center, Cost Object, or other item that limits the data for which the Person can perform the Function.
Do Function	Y (Person can do the business Function), or N (cannot). N is specified for people who can grant an Authorization but cannot perform the business Function themselves.
Grant	Y (Person can grant the Authorization) or N (cannot).
Effective Today	Y (Authorization is in effect today) or N (Authorization is expired or does not go into effect until a future date).
Click for Details	Click on the asterisk ( *) for more details on the Authorization.

Back to main Roles web interface page