Map Security Roles to Business Role
The Map Security Roles to Business Role (BUSCROL) page is used to grant and remove security roles assigned to a Business Role. This is a configuration page, which is used in conjunction with the Populate Security Roles action on the User Maintenance (UDOC) transaction, to streamline the population of security roles based on business roles.
The first step is to locate the business role. Select and edit the selected business role record for which you need to assign security roles from the displayed grid. The Edit Map Security Roles to Business Role page has two tabs. The Business Role ID and Business Role Name of the selected record will appear above these tabs.
Row-level actionsRow-level actions
-
Remove Current Role - This action deletes the association between the security role and the business role.
-
Top, Up, Down, Bottom - These actions arrange the security roles for the business role. If a user is assigned to more than one Security Role, keep in mind that during various authorization checks the system checks the user’s Security Roles in order of precedence until authority is found or all the user’s roles have been checked. When a user requests access to an Application Resource, the system first checks the Security Role listed at the top of the grid on this tab. If that role allows access to the requested Application Resource, the system allows the user to access it. If it does not allow access, the system then checks the next role in the list. If the second role allows access to the requested Application Resource, the system allows the user to access it. The system continues down the list, checking the access rights for each Security Role, until it finds one that grants access or until it reaches the end of the list. For performance reasons, organize the Security Roles with the most frequently used role at the top. To rearrange the order of the roles, select the role in the grid and then select the action.
Available RolesAvailable Roles
Field InformationField Information
|
Field |
Description |
|
Security Role ID |
The unique identification of a security role. |
|
Description |
Description of a security role. |
|
Effective From |
When a role should only be delegated and not assigned permanently to a user, this date records the start of that delegation. |
|
Effective To |
When a role should only be delegated and not assigned permanently to a user, this date records the end of that delegation. |
|
Delegate |
Select Yes in this drop-down field when a role should be assigned only for a period of time and enter Effective From, Effective To, and Delegate Reason. |
|
Delegate Reason |
When a role should only be delegated and not assigned permanently to a user, this descriptive field is intended to capture the reason for it. |
-
Add Available Role - This action adds the security role to the selected business role.
Note:
-
The Business Role to Security Roles mapping is a configuration page used in conjunction with the Populate Security Roles action on the User Maintenance (UDOC) transaction. It does not independently impact security roles assigned to specific users. Any changes made to the Business Role to Security Roles mapping page are only effective on new UDOC transactions created after the change is made (changes are not automatically applied to existing users).
-
The highest precedence is given to the Map Security Roles to Business Role (BUSCROL) table while listing the security roles.
-
By using the Populate Security Roles action, an authorized user can populate the security roles in User Maintenance (UDOC), LDAP User to Business Role Association (LUSRBROL) and User to Business Role Association (USRBROLE).
-
Deleting the Business Roles will not affect the already assigned security roles via the Map Security Roles to Business Role page.
