Application management : Accounts : Authorization settings : Authorization methodology differences
Authorization methodology differences
Users can be assigned to multiple user groups. If a user is linked to two user groups, one with filters and one without filters, the functional/data access is different:
Combining data and functional access
Separating data and functional access
the access rights of users expands, granting full access/allowing all actions.
Access rights of users is decreased, limiting the access/available actions.
When using authorization links, and a user is linked to two user groups, one with links and one without links, the functional/data access is different:
Combining data and functional access
Separating data and functional access
The link is only applied to the data set of the linked user group
The link is applied to the data set of both user groups.
Examples
The following scenarios will further help understand the authorization methodology differences.
Imagine three users having access to all, or parts of the following data:
Data set Amsterdam
Total number of orders
Orders > €1000
Orders < €1000
750
250
500
Data set Maastricht
Total number of orders
Orders > €1000
Orders < €1000
550
300
250
Combining functional and data access:
Overview with user groups and function profiles for North and South.Overview with user groups and function profiles for North and South.
Each user group has its own function profile and action filter.
Separating functional and data access:
Overview with data groups for North and SouthOverview with data groups for North and South
Only a single function profile is required, splitting role (fields, actions, etc.) and data access.
Combining functional and data access (and using authorization links):
Overview with user groups, function profiles and authorization links.Overview with user groups, function profiles and authorization links.
The filter is only applied to one data set, limiting data access for this data set only.
Separating functional and data access (and using authorization links):
Overview with data groups and authorization links.Overview with data groups and authorization links.
The filter is taken into account for both data sets, limiting the data access.
* 
System reports available in Authorization provide an overview of authorization per business object/user group. For more information, see .