Terms/Legend
Admin: user assigned to the admin role
BC: business context
BIE owner: the user specified as a BIE's owner
manage [x]: create, edit, or delete [x]
manage context: manage BCs, context categories, or context schemes (including context category values)
←→: association
: no user (not even admins)OP: User action is applicable to an on-prem instance (just a visual cue)
MT: User action is applicable to a multi-tenant instance (just a visual cue)
Authorization table
The authorization indicated in the “On-prem instance” column reflect Score’s current (pre-multi-tenant) behavior.
| 1 |
| Authorizations | |
| 2 | On-prem instance | Multi-tenant instance | |
| 3 | Manage user OPMT | Admin | Admin |
| 4 | Manage tenant MT |
| Admin |
| 5 | Manage user←→tenant MT |
| Admin |
| 6 | Manage BC←→tenant MT |
| Admin |
| 7 | Create BIE OPMT | Any user1 | Any user associated with a tenant2,3 |
| 8 | Manage BC←→BIE OPMT | BIE owner3 | BIE owner2,3 |
| 9 | Manage context OPMT | Any user | Admin |
| 10 | Manage Core Components OP | Developer |
|
| 11 | Make BIE reusable OP | BIE owner |
|
| 12 | Create ABIE extension locally OP | BIE owner |
|
| 13 | Create ABIE extension globally OP | BIE owner |
|
1All BCs are available to the user.
2The BCs available to the user are limited by their tenancy. Users not associated with a tenant cannot create a BIE since they would not be able to assign a BC on BIE creation (all the BCs would all be filtered out). However, it would make sense to alert the user, perhaps on login, that they can’t do anything useful in Score until they have been assigned to a tenant.
3Note that Admins have no special authorization in this case.