Authorisation (Enhanced)

NOTE  : To ensure no regression impact current customers must activate the enhanced security before it will apply. New customers will be enabled by default. It is expected that all customers will migrate to using the enhanced security – at which point it will become the default delivery.

Background

Prior to SP28 access to Promenta was controlled via a simple authorisation – users could either access or they could not. If granted access then the user had access to make requests or approve requests (if set up as an approver). 

This was controlled via object YZYMCCFORM  – see section “Restrict Webflow access (Promenta authorisation)”. Additional control was possible via custom plugins.

Since SP28 it is possible to limit the access to making requests, approving requests or both. This means you can prevent approvers from making their own requests (if needed)

 

Activate Enhanced Security

Table /PROMENTATM999 – using the override tree of /PROMENTA/TM999 must be set to enable the security

To activate set the WEBFORMS/SECURITY_ENHANCED value to be ON in the override decision tree.

Object YZYMCCFORM  

YZYMFORMID = <form id of the request>

ACTVT = <activity values – see below>

Activity Values

01 = Create – allow creation of  arequest (requesters can start new requests)

02= Change – allow changing of a request (approvers to approve)

03=Display (all users)

70 = Admin display – allow admins to open request in display mode

94= Admin – allowed to open a request in EDIT mode that does not belong to them

91 = Allow users to act as both requester and approver (in the same request)

 

Error message

if an authorisation error occurs a screen similar to the one below will be shown.

Note that the section to the right “Technical information” tells you the object and missing auth level