Organisational Criteria:

Authorizations
for
Table Access at Key Level
Dr. Ulrich Frenzel
AEW - Implementation Tools

SAP AG 1999 Dr. Ulrich Frenzel / 1

Overview
Current situation
Authorisations in customizing

Organisational criterion
Definition and rules
How it works

Work to be done
by SAP-basis, application development, and customers

Summary

SAP AG 1999 Dr. Ulrich Frenzel / 2

Introduction: Current Situation

Standard customizing dialogues:
Authorisation gives access to a customizing-table or -view as a whole.
Todays existing authorisation objects:

S_TABU_DIS
authorisation group of the table/view
activity (maintain or read only)

S_TABU_CLI
allowance for cross-client customizing

No more detailed authorisations relating to organisational units

(e.g. factories, company codes, coutries...).

In concrete terms (HR):

Theres a well thought-out full-authorisation concept for country specific
tables in HR:
A colleague responsible for customizing of the norwegian country
version cannot to change settings in country specific tables for
Argentina.
But: Everybody has access to every country specific dataset in
predominant tables (e.g. T510A).
SAP AG 1999 Dr. Ulrich Frenzel / 3

Current Situation: Authorisation Check

view V_T510A:
pay scale type

users
authorisations

COUNTRY
NORWAY

PAY_SCALE F 1
F2
PS1
value1
...
ARGENTINA
PS35
value25
...

customizingtransaction

check authorisation
for table V_T510A

Wanted:
Connection between organisational
unit (here: country) and authorisation

SAP AG 1999 Dr. Ulrich Frenzel / 4

authorisation
objects
S_TABU_DIS:
authorisation
group
activity
S_TABU_CLI
cross client
maintenance

Definition: Organisational Criterion

Defines the users work area for one or a group of tables via
authorisation values.
Connects organisational unit(s) and authorisation.
Defined by 1 - 8 attributes:
Every organisational unit is expressed by a table key field
Key field is connected to an authorisation field of the new authorisation
object S_TABU_LIN

SAP AG 1999 Dr. Ulrich Frenzel / 5

Organisational Criterion: How to build it up

organisational criteria
org.
org.criterion
criterion
user's
user'scountry
country

attribute
table
attribute
table
country
T500L
country
T500L

field
field
MOLGA
MOLGA

authorisation
in
activity group

authorisation object
S_TABU_LIN
organisational
organisationalcriterion
criterion
activity
activity
1.1.attribute
attribute
2.2.attribute
attribute
3.3.attribute
attribute
4.4.attribute
attribute
5.attribute
5.attribute
6.6.attribute
attribute
7.7.attribute
attribute
8.8.attribute
attribute
SAP AG 1999 Dr. Ulrich Frenzel / 6

IMG-activity
maintain org. crit.

activity group
maintenance

"user's
"user'scountry"
country"
"maintain"
"maintain"
"Norway"
"Norway"
**
**
**
**
**
**
**

Organisational Criterion: How it works

view V_T510A:
pay scale type

users
authorisations

COUNTRY
NORWAY

PAY_SCALE F 1
F2
PS1
value1
...
ARGENTINA
PS35
value25
...

customizingtransaction

check authorisation
for view V_T510A

check existence of an
organisational criterion
related to view
V_T510A

authorisation
objects
S_TABU_DIS:
authorisation
group
activity
S_TABU_CLI
cross client
maintenance

organisational criteria
org.
org.criterion
criterion
user's
user'scountry
country

attribute
table
attribute
table
country
T500L
country
T500L

SAP AG 1999 Dr. Ulrich Frenzel / 7

field
field
MOLGA
MOLGA

check authoritsation
for field value in
V_T510A-COUNTRY

S_TABU_LIN:
organisational
criterion
activity
attributes

Organisational Criterion: Opportunities in Detail

OC may be activated client-dependently.
OC defined for a table key field takes effect at every table which
contains a key field sharing the same domain.
OC may also be defined exclusively for one table.
When maintaining a table, more than one OC may take effect, thus
the users working area can be specialized with additional OCs.

SAP AG 1999 Dr. Ulrich Frenzel / 8

Authorisations: Rules
Different authorisations for showing and maintaining possible.
Authorisation values define selection for the key fields related to the
attributes of the OC.
Values do not need to exist in related tables.
Selection:
single values or intervals
always linked with OR

SAP AG 1999 Dr. Ulrich Frenzel / 9

Organisational Criteria: Who has to do what?

SAP-Basis
Develops maintenance- and check methods.
Inserts check methods into standard customizing dialogues (SM30).
Develops a central callback routine for search helps (F4).
Writes Documentation.

SAP-Development
Builds up and delivers organisational criteria according to the
customers requirement as standard IMG-settings.
Inserts check methods into individual customizing transactions.
Inserts callback routine into affected search helps.

Customers
Those who do not want to use OCs do not need to do anything.
Can activate the organisational criteria they need (IMG-activity).
May define organisational criteria for their own purpose.
Maintain authorisations according to the organisational criteria they
have activated.
Will be happy.

SAP AG 1999 Dr. Ulrich Frenzel / 10

Summary

An organisational criterion instantiates an authorisation for one or

more tables on key level.
Organisational criteria are embedded into the standard authorisation
concept.
Additional authorisation, optionally checked after those used
previously.
Delivery
Release 4.6C: for HR only
From 5.0: systemwide

Questions
concerning HR-content:
Karin Fischer
Andreas Jassoy-Vogel
concerning tools:
Ulrich Frenzel

Further information: Customizing im Sapnet

(see under Table Maintenance)

SAP AG 1999 Dr. Ulrich Frenzel / 11