Click here to load reader
Upload
brian-anthony
View
220
Download
0
Embed Size (px)
DESCRIPTION
BC set authorization
Citation preview
SAP AG 1999 Dr. Ulrich Frenzel / 1
Dr. Ulrich FrenzelAEW - Implementation Tools
Organisational Criteria:Authorizations
for Table Access at Key Level
SAP AG 1999 Dr. Ulrich Frenzel / 2
Overview
Current situationAuthorisations in customizing
Organisational criterionDefinition and rulesHow it works
Work to be doneby SAP-basis, application development, and customers
Summary
SAP AG 1999 Dr. Ulrich Frenzel / 3
Introduction: Current Situation
Standard customizing dialogues:
Authorisation gives access to a customizing-table or -view as a whole. Todays existing authorisation objects:
S_TABU_DIS
authorisation group of the table/view
activity (maintain or read only)S_TABU_CLI
allowance for cross-client customizing
No more detailed authorisations relating to organisational units(e.g. factories, company codes, coutries...).
In concrete terms (HR):
Theres a well thought-out full-authorisation concept for country specific tables in HR: A colleague responsible for customizing of the norwegian countryversion cannot to change settings in country specific tables for Argentina.
But: Everybody has access to every country specific dataset in predominant tables (e.g. T510A).
SAP AG 1999 Dr. Ulrich Frenzel / 4
Current Situation: Authorisation Check
check authorisationfor table V_T510A
COUNTRY PAY_SCALE F 1 F 2NORWAY PS1 value1
...ARGENTINA PS35 value25
...
view V_T510A:pay scale type
customizingcustomizing--transactiontransaction
users authorisations
authorisationobjects
S_TABU_DIS:authorisation group
activity
S_TABU_CLIcross client
maintenanceWanted:Connection between organisational unit (here: country) and authorisation
SAP AG 1999 Dr. Ulrich Frenzel / 5
Definition: Organisational Criterion
Defines the users work area for one or a group of tables via authorisation values.Connects organisational unit(s) and authorisation.Defined by 1 - 8 attributes:
Every organisational unit is expressed by a table key field
Key field is connected to an authorisation field of the new authorisation object S_TABU_LIN
SAP AG 1999 Dr. Ulrich Frenzel / 6
Organisational Criterion: How to build it up
authorisation objectS_TABU_LIN
"user's country""maintain""Norway"
*
*
*
*
*
*
*
"user's country""maintain""Norway"
*
*
*
*
*
*
*
authorisationin
activity group
activity groupmaintenance
organisational criterionactivity
1. attribute2. attribute3. attribute4. attribute5.attribute6. attribute7. attribute8. attribute
organisational criterionactivity
1. attribute2. attribute3. attribute4. attribute5.attribute6. attribute7. attribute8. attribute
organisational criteriaorg. criterion attribute table field
user's country country T500L MOLGA
org. criterion attribute table fielduser's country country T500L MOLGA
IMG-activitymaintain org. crit.
SAP AG 1999 Dr. Ulrich Frenzel / 7
COUNTRY PAY_SCALE F 1 F 2NORWAY PS1 value1
...ARGENTINA PS35 value25
...
view V_T510A:pay scale type
Organisational Criterion: How it works
check authorisationfor view V_T510A
check existence of an organisational criterion
related to view V_T510A
users authorisations
authorisationobjects
S_TABU_DIS:authorisation group
activity
S_TABU_CLIcross client
maintenance
S_TABU_LIN:organisational criterion
activityattributes
check authoritsationfor field value in
V_T510A-COUNTRY
organisational criteriaorg. criterion attribute table field
user's country country T500L MOLGA
org. criterion attribute table fielduser's country country T500L MOLGA
customizingcustomizing--transactiontransaction
SAP AG 1999 Dr. Ulrich Frenzel / 8
Organisational Criterion: Opportunities in Detail
OC may be activated client-dependently.OC defined for a table key field takes effect at every table which contains a key field sharing the same domain.OC may also be defined exclusively for one table.When maintaining a table, more than one OC may take effect, thusthe users working area can be specialized with additional OCs.
SAP AG 1999 Dr. Ulrich Frenzel / 9
Authorisations: Rules
Different authorisations for showing and maintaining possible.Authorisation values define selection for the key fields related to the attributes of the OC.Values do not need to exist in related tables.Selection:
single values or intervals
always linked with OR
SAP AG 1999 Dr. Ulrich Frenzel / 10
Organisational Criteria: Who has to do what? LLLL
SAP-Basis
Develops maintenance- and check methods.
Inserts check methods into standard customizing dialogues (SM30).
Develops a central callback routine for search helps (F4).
Writes Documentation.SAP-Development
Builds up and delivers organisational criteria according to the customers requirement as standard IMG-settings.
Inserts check methods into individual customizing transactions.
Inserts callback routine into affected search helps.Customers
Those who do not want to use OCs do not need to do anything.
Can activate the organisational criteria they need (IMG-activity).
May define organisational criteria for their own purpose.
Maintain authorisations according to the organisational criteria they have activated.
Will be happy.
SAP AG 1999 Dr. Ulrich Frenzel / 11
Summary
An organisational criterion instantiates an authorisation for one or more tables on key level.Organisational criteria are embedded into the standard authorisation concept.Additional authorisation, optionally checked after those used previously.Delivery
Release 4.6C: for HR only
From 5.0: systemwideQuestions
concerning HR-content:Karin FischerAndreas Jassoy-Vogel
concerning tools:Ulrich Frenzel
Further information: Customizing im Sapnet (see under Table Maintenance)