Authorizations

If the 'Add' button (item 3) is clicked:

To enable authorizations, you first have to add authorization objects to Celonis 4.

Therefore, navigate to the Homescreen and choose Authorizations (item 1) from the main menu.

1. Authorizations: click here to open the authorizations screen.
   
   
2. Authorization objects: list of already created authorization objects. Click on them to view their properties. 
   
   
3. Add authorizations: click to create new authorization objects. 
   
   
4. Name: name of the authorization object.
   
   
5. Value mapping: here you can decide whether the values for your mapping should be queried from a database or entered manually.

A. Values queried from a database

A. Values queried from a database

1. Database source: select the database that contain the authorization queries
   
   

2. Global: select this ticker if you want your authorization to be active for all users or groups

   Note

   If the object is set to GLOBAL the authorization object assignment to the user profiles is not done immediately for all profiles.
   Whenever a user is opening an analysis that is restricted by the respectiv authorization, the application will add the autorization object to the user profile (and immediately synchronize the values)

3. Automatic sync: select this ticker if you want your authorization to be automatically queried and define the time interval between syncs. The minimum value in hours is 1.

   Note

   The synchroniation timeout is checked upon accessing an analysis for each user individually.

4. SQL query: define the query that returns values according to a given username

B. Values entered manually

B. Values entered manually

Choose this option if you want to add the allowed values manually. However, please be aware that the values have to be adapted every time they change, as they are not queried from any external data source.

       10. Source for possible values: define a source which contains possible values that may be filtered. 

       11. Allowed values: list of allowed values.

       12. Add: add a new allowed value.

After you have added all required authorization objects, you have to apply them to the dedicated data models.

To do so, open the authorizations tab in your Data Model.

1. Current authorizations: authorizations that were already applied in this data model. Click on one to view its properties.
   
   
2. All authorizations: authorizations that have still not been applied in this data model. To deploy an authorization object to the data model, simply hover over it and click on the emerging add button.
   
   
3. Name: name of the selected authorization.
   
   
4. Table: table in which the authorization filter will be applied.
   
   
5. Column: column of the selected table above in which which the authorization filter will be applied.

Once the authorization is created or edited, confirm your operation with the 'Save' button.

In this step, you have to apply the authorizations to the respective users/groups.

To do so, click on 'Manage authorizations' on the desired User Profile (see item 5 of the 'User Profile' section in the 'User Profile' page).

1. Current authorizations: authorizations that were already applied to this user. Click on one to view its properties.
   
   
2. All authorizations: authorizations that have still not been applied to this user. To deploy an authorization object to the data model, simply hover over it and click on the emerging add button.
   
   
3. Name: name of the selected authorization.
   
   
4. Values: list of values which the user is allowed to see.
   
   
5. Add: add new values to this authorization.

Once the authorization is created or edited, confirm your operation with the 'Save' button. After this is done, the user can only view the part of the data you have authorized him/her to see.