13.1. SICS Access Security Overview

The SICS access security facility provides the capability to allow or deny users from performing various business functions.

SICS has two main techniques for controlling security: business process security and data-sensitive security.

Business process security answers the general question, “Can the user perform this business function?” It restricts the functions in the program the user can see and execute. Access to business processes is controlled through the combination of user roles, use cases and the identity of the logged-on user.

Data-sensitive security operates at a detailed level, often de_pending_ on the value of particular data used in a business transaction. For example, data-sensitive security could answer the question “Can an assistant accountant book payments that exceed <x> units of base currency,” where <x> is the amount of the payment. This kind of restriction in access is done through “Domain Restrictions.” (See Using Domain Restrictions at the end of this section for more information.)

When the user tries to access business functions in the system (which are security blocked), a standard dialogue is displayed:

Some business functions that are accessed through pop-up menus are blocked by disabling the blocked business option on the pop-up menu itself. When this happens, the name of the functions will be followed with [SB] to indicate a “security block”.