Create Access Attributes
Explanation
This activity is used to define a basic access attribute that protects access
to data. This protection restricts access to data itself, and not any particular
window. To achieve this, the attribute works as a filter placed over a
logical unit. Logical units are segments of the programming code
responsible for sending and receiving data from the main database. If an access
attribute is created and activated for a logical unit, only a user with this
attribute assigned will have access to data handled by this unit. To know the responsibilities of
a
particular logical unit, an in-depth knowledge of the application is required.
To make navigation easier, logical units are grouped in folders named after
areas of the application they cover. Inside, unit names indicate what sort of data every
unit is responsible for.
The attribute created in this activity allows only for the basic access
definition - once it is active, users will either have full access to the
logical unit, or no access at all.
Prerequisites
There are no prerequisites.
System Effects
As a result of this activity, a basic access attribute will be created. It
will allow full access or no access to data stored in the logical unit.
Window
Access
Attributes
Related Window Descriptions
Access Attributes
Procedure
- Open the Access Attributes window.
- Select a logical unit from the graphical object structure. Main folders
provide information about the general area that can be protected. In the
main folders, logical units are listed. Their names usually suggest what
data are they handling.
- In the header, add a new record.
- In the Attribute ID field, enter the unique identifier of the
attribute.
- In the Attribute Name field, enter the name of the attribute.
- In the Attribute Type field, select the type of the attribute.
Self-Access
- gives it's owner the ability to see and register their own data (data
connected to their own Person and Employee ID)
Access to Employee
- gives it's owner access to data of other employees (data connected to the
Employee ID).
Access to Person
- gives access to data of other persons (data connected to the Person ID)
Access to Organization
- gives access to data which is not connected
directly to employees or persons within an organization unit (e.g.,
headcount plan)
- In the Authorization Type field, enter the type of the
authorization used in other areas of the application. If you are defining an
access attribute for any of the areas listed in the expandable list of
values, you need to select the relevant item on that list. In most cases
this field should be left empty.
The Authorization Type field is used for backwards compatibility with
older functionalities relying on HR access solution where 4 authorization
types were available. By default, all attributes that need this field filled
in already have it. As such, this field should be left as it is unless there
are problems with authorization of items presented in the field's dropdown
list.
- Select the Active check box in order to activate the attribute.
Note: If the check box is not selected, the attribute will not work!
- Save your changes.