Security in Assignment and Authorization can be controlled by:

User Specific Rights can be applied to assignees and allow for access/visibility to the assignment record to be restricted by a select group of users or special security groups, company segments and country. This will be honored at each level individually (Assignment vs. Authorization) until Final Approval of the Authorization is received then Assignment level security will be followed.

For example, if an Assignment is in a special security group that the user does not have rights to the user will not able to see that Assignment. But if the Authorization associated with that Assignment is not in that special security group then the user will have access to Authorization. Once the Authorization reaches Final Approval then the Assignment rights will take over and the user will no longer be able to access the Assignment or Authorization.

Assignments and authorization can also be restricted by the resource allocated to it. Users can be restricted to view assignments that are assigned to them. You can know more about restriction user access here.

Access groups are also available at the assignment level. An assignment can have more than one access group identified. This can provide access to specific group of users with the same access group linked to them.

A user can be linked to several access groups and an assignment can also be linked to several access groups. This means that a relationship from a user to an assignment can be created using different access groups. In the below example, users with at least 1 access group defined from the assignment record will be able to see the assignment record even if it has multiple access groups tagged. This does not require users to have the same access groups as the assignment. Please refer to Figure 1.

Access groups can also prevent users from viewing the assignment record. Configuration made with specific group can restrict access. Please refer to Figure 2.