摘要 |
To facilitate the work of a user with a data processing network with a number of security levels of the applications and functions to be executed, a method is proposed for managing usage authorizations in this data processing network. In at least one embodiment of the method, when a user logs in at a work station, at least one role stored in a central authorization register is allocated to the user; when an application is called up a local security module of the application determines which authorizations are granted for the role of the user; and if there is no authorization for an application-related action, a central security module accesses a central collection of security rules, the security rules indicating the circumstances, in which, when a user's authorizations are not sufficient to carry out the application-related action, the user can still carry it out and determines whether according to at least one of the security rules a usage authority is possible for the application-related action and offers this to the user.
|