iQ-Basis uses a comprehensive authorization concept. Therein it can be determined if a user is allowed to view or edit
(i.e. add, change and delete content) a form or not. This authorization concept is limited to functions.
While executing a function the security services can check if the function may be used.
The different authorizations of persons with respect to editing the same business processes are assured with iQ-Objekte (e.g. audits of site 2 may not be viewed by auditors of site 1).
Specification of the Security Services
- Objects that underlie the security services have to be divided into object groups, e.g. one object group for electronic and one for mechanical test equipment.
- Every object group obtains an object number
- The rights for an object number are declared; following rights are possible:
- Change of object no.
- No authorization
Security Services for Areas and Persons
- For a site (all cost centres, all persons of a site)
- For a cost centre (all persons working at the cost centre)
- For a person subgroup
- For a single person
Application of the Security Services
- E.g. before displaying an overview of objects that underlie the security services it is checked if the registered user has appropriate rights.
- All other entries for that the user does not have an authorization are not displayed
- All entries for that the user has an authorization are displayed
- Changing the security services in a form for that the authorization has to be granted
- Placing of the object no.
- Manually; display of a catalogue with object numbers (e.g. one number for all test equipment of site 1)
- The operator chooses the correct object no.
- Automatically; interval where an object is created in the background, e.g. a maintenance order because of a due appointment