I've been working with BaanIV for years but am new to BaanV. I noticed there are no company authorizations in BaanV, only the ability to limit session and database authorizations by company. This doesn't work very well because users are still able to change to the company that they have no authorization for. They are only restricted when they try to run a session, or access data that they are not authorized for. This is confusing to some end-users. Is there any other way to restrict company access, so that the user will get a more understandable error message immediately when they try changing to the restricted company?

Thanks!

Would it help removing the permissions for ttdsk2003m000? Disadvantage of it is that the users are no longer allowed to go to any other company.

Thanks for the reply. That is an option, but one I've already considered and can't use because, as you mentioned, it would prevent the user from changing to any company and the users need to change to some companies but not others.

You might try to control company access through roles, ttams2100m000 and ttams3144m000, by controlling the access to the ttaad100 table.

permission for ttdsk2003m000
Would it help removing the permissions for ttdsk2003m000? Disadvantage of it is that the users are no longer allowed to go to any other company.

Valid for BaaN-5/ERP series
This also depends on how your company and database is set up too. If you have one company per database and the database user is also created, if there is authorization for ttdsk2003m000 then the user can always switch companies. But if there is no database user account then the user, cannot access that database.

If the user has all company access/authorization from the role authorization template, then he can also use the BW option -
-- -set BSE_COMPNR=company to login into specific company
and use that company.

Hence, the real solution will be to set the Role Authorization Templates to be company specific {seems quite explicit which user works where} (OR) create database user for different database or not (disadvantage is the maintaining different user accounts for different databases).

Hence you have to come up with the Security Method based on your setup and requirement.

Dear bsyeven,

We currently don't use Tools authorisation in BaanERP, but DEM authorisation. Using DEM authorisation, to prevent users from being able to switch to a certain company, simply disconnect him/her from the active project model for that company. Just a thought in case you needed a very different approach :)

Rgds,
Paul