Access Keys:
Skip to content (Access Key - 0)

Roles Database Help - Authorization Detail Screen

Below are explanations of the fields that appear on this screen.
Authorization detail screen

  1. Kerberos Name (or Last name)
    This field must contain the Kerberos name of the person to whom the Authorization is assigned.
    Enter a partial Kerberos name or a partial last name and you'll see a pick list of possible matches.

  2. Name
    Once you have filled in the Kerberos name, if it is a valid username, the name field will automatically be filled in with the person's name. Do not try to type in this field.

  3. Close
    To close the Authorization Detail window, click the Close button.
    The close button does not automatically save any changes made in the detail window - if you want to save changes, make sure you do so before pressing the close button.

  4. Category
    This is a pull-down menu of categories from which you can pick at least one Function to assign in a new Authorization. Choose the desired category. After you have chosen a category, you can then choose a Function Name.

  5. Function Name
    This is a pull-down menu of functions from which you can pick when creating a new Authorization. You must choose a Category before you can choose a Function. Choose the desired Function name from this list.

  6. Function Description
    The Function Description is automatically filled in after you have chosen a Function. Do not try to type in this field.

  7. Qualifier Code
    Either type in the desired Qualifier Code, or click the Lookup qualifiers link to open a window of qualifiers that you can choose for the given Function. The Qualifiers shown will:
    • be of the appropriate type for the selected Function
    • may be limited to Qualifiers associated with the department or departments for whom you are a Primary Authorizer.
      Before looking up qualifiers, you must first select the Category and Function name. See Qualifier List Window

  8. Qualifier Type
    The Qualifier Type is automatically filled in after you have specified a Category and Function name. Each Function is associated with a Qualifier Type. In an Authorization, the Qualifier must be of the appropriate type to match that required by the Function. Do not try to type in this field.

  9. Qualifier Name
    The Qualifier Name is automatically filled in after you have picked a valid Qualifier Code. Do no try to type in this field.

  10. Effective Date
    The Effective Date indicates the first date on which the Authorization goes into effect. (Note also that some Authorizations are not made available to target systems until an overnight feed.) By default, the Effective Date is set to the date the Authorization is first created. To change the Effective Date, click on the calendar icon and choose a date in the future. Do not choose a date in the past.

  11. Expiration Date
    By default, the Expiration Date is set to null, meaning the Authorization is not due to expire and it will remain in effect until explicitly deleted. To set an Expiration date, click on the calendar icon and choose an expiration date in the future.

  12. More details
    Click the More details link to see some additional fields. These additional fields are displayed by default on old Authorizations (when you click the hourglass icon), but they are hidden for new Authorizations.
    In general, you will not need to change the settings for "Do Function" or "Grant Authorization." See Appendix: More Details.
    The "Modified By" and "Modified On" fields show you the person who created or last updated this Authorization and the date that the last update was made.

  13. Create button
    After you have filled in the Kerberos name, Category, Function name, and Qualifier Code, and optionally set other fields, click the Create button to create a new Authorization. Check the messages displayed to make sure that the Authorization was created as intended.
    You can also use the Create button if you have selected an existing Authorization by clicking the hourglass icon and then made a change to the Kerberos name field, the Function field, and/or the Qualifier code field. This would allow you to add a new Authorization with some of the same settings as an existing one.
    Note: You may need to click the Find Matching Authorizations button again to see changes or additions reflected in the Authorizations list. Also, be aware that you may have created a new Authorization that doesn't match the criteria of the current selection - you may need to change the Selection Set or criteria to see the new Authorization in the list.

  14. Replace button
    The Replace button is only visible if you have gotten to the Authorization Detail screen by clicking on the hourglass icon next to an existing Authorization. You can change one or more of the fields in the Authorization and click Replace to replace the old Authorization from the new one - the operation is similar to deleting an old Authorization and creating a new one. Check the messages displayed to make sure that the Authorization was replaced as intended.
    Note: You may need to click the Find Matching Authorizations button again to see changes reflected in the Authorizations list.

  15. Delete button
    The Delete button is only visible if you have gotten to the Authorization Detail screen by clicking on the hourglass icon next to an existing Authorization. Click this button to delete the displayed Authorization.
    Note: You may need to click the Find Matching Authorizations button again to see changes reflected in the Authorizations list.

Appendix: More Details

There are two rarely used check boxes available on the Authorization Detail Screen.

  1. Do Function: This is normally checked. If unchecked, it means that the Authorization is not in effect, i.e., the user cannot "do" the Function listed in the Authorization for the given Qualifier. There are two reasons why you might want to uncheck the "Do Function" check box:
    • For testing purposes, you might want to temporarily turn off an Authorization for a person, and then later turn it back on by rechecking the check box.
    • You might want to use the "Do Function" check box in conjunction with the "Grant Authorization" check box to allow a person to grant an Authorization, but not have the Authorization enabled for his or herself.
  2. Grant Authorization: This is normally not checked. It is used in rare cases to allow a user to grant an Authorization to a different person for the same Function and either the same Qualifier or a child of the given Qualifier. (However, most people who have the authority to grant Authorizations have that authority because they have a Primary Authorizer authorization or an Authorization to "CREATE AUTHORIZATIONS".) Use the Grant Authorization check box if you want to allow a person to grant just a single Function and limited Qualifiers in an Authorization.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

November 23, 2011

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
authorizationdetails authorizationdetails Delete
m-hermes m-hermes Delete
roles roles Delete
database database Delete
authorization authorization Delete
detail detail Delete
c-granting_authorizations c-granting_authorizations Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki