Question
Authorization Objects in IBC
Fellow Celonauts,
Im curious if the Celonis IBC has the same authorization object capabilities as on-prem version 4.5. Ive been scouring the documentation and team settings in Celonis snap, but I dont see any mention of authorization objects or a place to configure the authorization key queries. We have recently undertaken a substantial project to align our on-prem instance of Celonis with our global reporting and analytics security standards using table-based authorization. Were looking to upgrade to the IBC in the next year, but if we cannot migrate the current table-based authorization setup to the IBC this could be a major problem for us.
Thanks for any insight!
-Tyler
Hi Tyler,
The capability is available within IBC it has just been renamed to Data Permissions. If you search for that term in the Snap/IBC Help you will find everything you need to know.
Best regards,
Pol
Hi Pol,
Ive looked into the Permissions of each workspace in Snap, but I still dont see an option to assign a specific value from the process data that users can view. For example, if I wanted to limit a user to see only orders from a specific sales org, in Celonis 4.5 I could create an authorization object for VBAK.VKORG = 1000 and assign it to the users that belong to that organization, limiting their view to only those orders. Can you clarify how I would do that in Snap or the IBC?
Thanks,
Tyler
Hi Tyler,
This is type of permission is a property of the data model and set in the Event Collection. You need to create a data model for that. See also picture below:
image.png1164614 65.5 KB
Further I would highly recommend to look up the article on Data Permissions in the online help. It really explain things in detail.
Best regards,
Pol
OK I found the article now that you mentioned that its tied to the data model. I was looking in the other Permissions section related to Team Settings. Its a bit confusing to use the same term for two different things. Thanks for the direction.
Hi Tyler,
it's important to keep in mind when using data permissions on the data model level, that you need to create a rule for each user one you enable this. So let's say you enable this feature and had admin permissions before, then you would see nothing because you need to specify in the data permissions what you are allowed to see. There is the option to grant unlimited access to users which would be applicable to admin users.
Hope this helps
Best
Kevin
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.