-
SAP AG 1999 Dr. Ulrich Frenzel / 1
Dr. Ulrich FrenzelAEW - Implementation Tools
Organisational Criteria:Authorizations
for Table Access at Key Level
-
SAP AG 1999 Dr. Ulrich Frenzel / 2
Overview
Current situationAuthorisations in customizing
Organisational criterionDefinition and rulesHow it works
Work to be doneby SAP-basis, application development, and
customers
Summary
-
SAP AG 1999 Dr. Ulrich Frenzel / 3
Introduction: Current Situation
Standard customizing dialogues:
Authorisation gives access to a customizing-table or -view as a
whole. Todays existing authorisation objects:
S_TABU_DIS
authorisation group of the table/view
activity (maintain or read only)S_TABU_CLI
allowance for cross-client customizing
No more detailed authorisations relating to organisational
units(e.g. factories, company codes, coutries...).
In concrete terms (HR):
Theres a well thought-out full-authorisation concept for country
specific tables in HR: A colleague responsible for customizing of
the norwegian countryversion cannot to change settings in country
specific tables for Argentina.
But: Everybody has access to every country specific dataset in
predominant tables (e.g. T510A).
-
SAP AG 1999 Dr. Ulrich Frenzel / 4
Current Situation: Authorisation Check
check authorisationfor table V_T510A
COUNTRY PAY_SCALE F 1 F 2NORWAY PS1 value1
...ARGENTINA PS35 value25
...
view V_T510A:pay scale type
customizingcustomizing--transactiontransaction
users authorisations
authorisationobjects
S_TABU_DIS:authorisation group
activity
S_TABU_CLIcross client
maintenanceWanted:Connection between organisational unit (here:
country) and authorisation
-
SAP AG 1999 Dr. Ulrich Frenzel / 5
Definition: Organisational Criterion
Defines the users work area for one or a group of tables via
authorisation values.Connects organisational unit(s) and
authorisation.Defined by 1 - 8 attributes:
Every organisational unit is expressed by a table key field
Key field is connected to an authorisation field of the new
authorisation object S_TABU_LIN
-
SAP AG 1999 Dr. Ulrich Frenzel / 6
Organisational Criterion: How to build it up
authorisation objectS_TABU_LIN
"user's country""maintain""Norway"
*
*
*
*
*
*
*
"user's country""maintain""Norway"
*
*
*
*
*
*
*
authorisationin
activity group
activity groupmaintenance
organisational criterionactivity
1. attribute2. attribute3. attribute4. attribute5.attribute6.
attribute7. attribute8. attribute
organisational criterionactivity
1. attribute2. attribute3. attribute4. attribute5.attribute6.
attribute7. attribute8. attribute
organisational criteriaorg. criterion attribute table field
user's country country T500L MOLGA
org. criterion attribute table fielduser's country country T500L
MOLGA
IMG-activitymaintain org. crit.
-
SAP AG 1999 Dr. Ulrich Frenzel / 7
COUNTRY PAY_SCALE F 1 F 2NORWAY PS1 value1
...ARGENTINA PS35 value25
...
view V_T510A:pay scale type
Organisational Criterion: How it works
check authorisationfor view V_T510A
check existence of an organisational criterion
related to view V_T510A
users authorisations
authorisationobjects
S_TABU_DIS:authorisation group
activity
S_TABU_CLIcross client
maintenance
S_TABU_LIN:organisational criterion
activityattributes
check authoritsationfor field value in
V_T510A-COUNTRY
organisational criteriaorg. criterion attribute table field
user's country country T500L MOLGA
org. criterion attribute table fielduser's country country T500L
MOLGA
customizingcustomizing--transactiontransaction
-
SAP AG 1999 Dr. Ulrich Frenzel / 8
Organisational Criterion: Opportunities in Detail
OC may be activated client-dependently.OC defined for a table
key field takes effect at every table which contains a key field
sharing the same domain.OC may also be defined exclusively for one
table.When maintaining a table, more than one OC may take effect,
thusthe users working area can be specialized with additional
OCs.
-
SAP AG 1999 Dr. Ulrich Frenzel / 9
Authorisations: Rules
Different authorisations for showing and maintaining
possible.Authorisation values define selection for the key fields
related to the attributes of the OC.Values do not need to exist in
related tables.Selection:
single values or intervals
always linked with OR
-
SAP AG 1999 Dr. Ulrich Frenzel / 10
Organisational Criteria: Who has to do what? LLLL
SAP-Basis
Develops maintenance- and check methods.
Inserts check methods into standard customizing dialogues
(SM30).
Develops a central callback routine for search helps (F4).
Writes Documentation.SAP-Development
Builds up and delivers organisational criteria according to the
customers requirement as standard IMG-settings.
Inserts check methods into individual customizing
transactions.
Inserts callback routine into affected search
helps.Customers
Those who do not want to use OCs do not need to do anything.
Can activate the organisational criteria they need
(IMG-activity).
May define organisational criteria for their own purpose.
Maintain authorisations according to the organisational criteria
they have activated.
Will be happy.
-
SAP AG 1999 Dr. Ulrich Frenzel / 11
Summary
An organisational criterion instantiates an authorisation for
one or more tables on key level.Organisational criteria are
embedded into the standard authorisation concept.Additional
authorisation, optionally checked after those used
previously.Delivery
Release 4.6C: for HR only
From 5.0: systemwideQuestions
concerning HR-content:Karin FischerAndreas Jassoy-Vogel
concerning tools:Ulrich Frenzel
Further information: Customizing im Sapnet (see under Table
Maintenance)
