Object Authorization

iQ-Basis uses a comprehensive authorization concept. Therein it can be determined if a user is allowed to view or edit (i.e. add, change and delete content) a form or not. This authorization concept is limited to functions. While executing a function the security services can check if the function may be used.
The different authorizations of persons with respect to editing the same business processes are assured with iQ-Objekte (e.g. audits of site 2 may not be viewed by auditors of site 1).

Specification of the Security Services

• Objects that underlie the security services have to be divided into object groups, e.g. one object group for electronic and one for mechanical test equipment.
• Every object group obtains an object number
• The rights for an object number are declared; following rights are possible:
  • Display
  • Change
  • Add
  • Change of object no.
  • Delete
  • No authorization

Security Services for Areas and Persons

• For a site (all cost centres, all persons of a site)
• For a cost centre (all persons working at the cost centre)
• For a person subgroup
• For a single person

Application of the Security Services

• E.g. before displaying an overview of objects that underlie the security services it is checked if the registered user has appropriate rights.
• All other entries for that the user does not have an authorization are not displayed
• All entries for that the user has an authorization are displayed
• Changing the security services in a form for that the authorization has to be granted

• Placing of the object no.
  • Manually; display of a catalogue with object numbers (e.g. one number for all test equipment of site 1)
  • The operator chooses the correct object no.
  • Automatically; interval where an object is created in the background, e.g. a maintenance order because of a due appointment