In addition to the general security functions, openUTM provides a two-level authorization concept specifically for administration.

• Level 1: Read access to all administrative data

  If ADMIN=READ is assigned to a transaction code of an administration program during configuration, the corresponding program is granted read access to all administrative data. The user does not require administration authorization to call this transaction code. The information is thus accessible to all users.

• Level 2: Full administration authorization

  To gain unrestricted access to all administration functions (commands and user-defined administration programs), the following requirements must be met:

  • ADMIN=Y must be set during configuration for a transaction code that calls an administration program.

  • The user calling this transaction code must have administration authorization, i.e. PERMIT=ADMIN must be set for the user ID and the partner application during configuration.

It is also possible to define more subtle differentiations using the data access control mechanism of the lock/key code concept (see "Data access control (authorization)").