Authorization Objects in IBC

Fellow Celonauts,

I’m curious if the Celonis IBC has the same authorization object capabilities as on-prem version 4.5. I’ve been scouring the documentation and team settings in Celonis snap, but I don’t see any mention of authorization objects or a place to configure the authorization key queries. We have recently undertaken a substantial project to align our on-prem instance of Celonis with our global reporting and analytics security standards using table-based authorization. We’re looking to upgrade to the IBC in the next year, but if we cannot migrate the current table-based authorization setup to the IBC this could be a major problem for us.

Thanks for any insight!
-Tyler

Hi Tyler,
The capability is available within IBC it has just been renamed to “Data Permissions”. If you search for that term in the Snap/IBC Help you will find everything you need to know.
Best regards,
Pol

Hi Pol,

I’ve looked into the “Permissions” of each workspace in Snap, but I still don’t see an option to assign a specific value from the process data that users can view. For example, if I wanted to limit a user to see only orders from a specific sales org, in Celonis 4.5 I could create an authorization object for VBAK.VKORG = ‘1000’ and assign it to the users that belong to that organization, limiting their view to only those orders. Can you clarify how I would do that in Snap or the IBC?

Thanks,
Tyler

Hi Tyler,
This is type of permission is a property of the data model and set in the Event Collection. You need to create a data model for that. See also picture below:

Further I would highly recommend to look up the article on “Data Permissions” in the online help. It really explain things in detail.

Best regards,
Pol

OK I found the article now that you mentioned that it’s tied to the data model. I was looking in the other “Permissions” section related to Team Settings. It’s a bit confusing to use the same term for two different things. Thanks for the direction.