Create Access Attributes

Explanation

This activity is used to define a basic access attribute that protects access to data. This protection restricts access to data itself, and not any particular window. To achieve this, the attribute works as a filter placed over a logical unit. Logical units are segments of the programming code responsible for sending and receiving data from the main database. If an access attribute is created and activated for a logical unit, only a user with this attribute assigned will have access to data handled by this unit. To know the responsibilities of a particular logical unit, an in-depth knowledge of the application is required. To make navigation easier, logical units are grouped in folders named after areas of the application they cover. Inside, unit names indicate what sort of data every unit is responsible for.

The attribute created in this activity allows only for the basic access definition - once it is active, users will either have full access to the logical unit, or no access at all.

Prerequisites

There are no prerequisites.

System Effects

As a result of this activity, a basic access attribute will be created. It will allow full access or no access to data stored in the logical unit.

Window

Access Attributes

Related Window Descriptions

Access Attributes

Procedure

  1. Open the Access Attributes window.
  2. Select a logical unit from the graphical object structure. Main folders provide information about the general area that can be protected. In the main folders, logical units are listed. Their names usually suggest what data are they handling.
  3. In the header, add a new record.
  4. In the Attribute ID field, enter the unique identifier of the attribute.
  5. In the Attribute Name field, enter the name of the attribute.
  6. In the Attribute Type field, select the type of the attribute.
    Self-Access - gives it's owner the ability to see and register their own data (data connected to their own Person and Employee ID)
    Access to Employee - gives it's owner access to data of other employees (data connected to the Employee ID).
    Access to Person - gives access to data of other persons (data connected to the Person ID)
    Access to Organization - gives access to data which is not connected directly to employees or persons within an organization unit (e.g., headcount plan)
  7. In the Authorization Type field, enter the type of the authorization used in other areas of the application. If you are defining an access attribute for any of the areas listed in the expandable list of values, you need to select the relevant item on that list. In most cases this field should be left empty.
    The Authorization Type field is used for backwards compatibility with older functionalities relying on HR access solution where 4 authorization types were available. By default, all attributes that need this field filled in already have it. As such, this field should be left as it is unless there are problems with authorization of items presented in the field's dropdown list.
  8. Select the Active check box in order to activate the attribute.
    Note: If the check box is not selected, the attribute will not work!
  9. Save your changes.