Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Authorizations
for
Table Access at Key Level
Dr. Ulrich Frenzel
AEW - Implementation Tools
Overview
Current situation
Authorisations in customizing
Organisational criterion
Definition and rules
How it works
Work to be done
by SAP-basis, application development, and customers
Summary
S_TABU_DIS
authorisation group of the table/view
activity (maintain or read only)
S_TABU_CLI
allowance for cross-client customizing
users
authorisations
COUNTRY
NORWAY
PAY_SCALE F 1
F2
PS1
value1
...
ARGENTINA
PS35
value25
...
customizingtransaction
check authorisation
for table V_T510A
Wanted:
Connection between organisational
unit (here: country) and authorisation
authorisation
objects
S_TABU_DIS:
authorisation
group
activity
S_TABU_CLI
cross client
maintenance
Defines the users work area for one or a group of tables via
authorisation values.
Connects organisational unit(s) and authorisation.
Defined by 1 - 8 attributes:
Every organisational unit is expressed by a table key field
Key field is connected to an authorisation field of the new authorisation
object S_TABU_LIN
organisational criteria
org.
org.criterion
criterion
user's
user'scountry
country
attribute
table
attribute
table
country
T500L
country
T500L
field
field
MOLGA
MOLGA
authorisation
in
activity group
authorisation object
S_TABU_LIN
organisational
organisationalcriterion
criterion
activity
activity
1.1.attribute
attribute
2.2.attribute
attribute
3.3.attribute
attribute
4.4.attribute
attribute
5.attribute
5.attribute
6.6.attribute
attribute
7.7.attribute
attribute
8.8.attribute
attribute
SAP AG 1999 Dr. Ulrich Frenzel / 6
IMG-activity
maintain org. crit.
activity group
maintenance
"user's
"user'scountry"
country"
"maintain"
"maintain"
"Norway"
"Norway"
**
**
**
**
**
**
**
users
authorisations
COUNTRY
NORWAY
PAY_SCALE F 1
F2
PS1
value1
...
ARGENTINA
PS35
value25
...
customizingtransaction
check authorisation
for view V_T510A
check existence of an
organisational criterion
related to view
V_T510A
authorisation
objects
S_TABU_DIS:
authorisation
group
activity
S_TABU_CLI
cross client
maintenance
organisational criteria
org.
org.criterion
criterion
user's
user'scountry
country
attribute
table
attribute
table
country
T500L
country
T500L
field
field
MOLGA
MOLGA
check authoritsation
for field value in
V_T510A-COUNTRY
S_TABU_LIN:
organisational
criterion
activity
attributes
Authorisations: Rules
Different authorisations for showing and maintaining possible.
Authorisation values define selection for the key fields related to the
attributes of the OC.
Values do not need to exist in related tables.
Selection:
single values or intervals
always linked with OR
SAP-Development
Builds up and delivers organisational criteria according to the
customers requirement as standard IMG-settings.
Inserts check methods into individual customizing transactions.
Inserts callback routine into affected search helps.
Customers
Those who do not want to use OCs do not need to do anything.
Can activate the organisational criteria they need (IMG-activity).
May define organisational criteria for their own purpose.
Maintain authorisations according to the organisational criteria they
have activated.
Will be happy.
Summary
Questions
concerning HR-content:
Karin Fischer
Andreas Jassoy-Vogel
concerning tools:
Ulrich Frenzel