Entering content frame

Function documentation Authorization Concept in SAP KW Locate the document in its SAP Library structure

Use

Authorizations are used to control access to the contents of SAP KW. The authorizations depend on the role of the relevant user in the enterprise, which in turn defines the activities that a user can execute in the system.

Authorizations in SAP KW are assigned at folder level. To restrict authorizations, for example, to give a user write authorization for one folder only, you can assign folders to folder groups.

Integration

For authorization assignment, SAP KW uses the authorization concept and the corresponding standard functions of the SAP R/3 System.

For more information, see the SAP Library and choose mySAP Technology Components ® SAP Web Application Server ® Security ® Users and Roles.

Features

The authorizations in SAP KW are controlled using the following three authorization objects:

·        S_IWB (Knowledge Warehouse)

This authorization object defines the authorizations for the basic functions in SAP KW, that is, for the attributes Area, Folder Group, Language or Target Language (Translation), Enhancement, Enhancement Release, and Country. It includes the activities Create, Change, Display, Delete, and Translate.

·        S_IWB_ADM (Knowledge Warehouse Administration)

This authorization object defines the authorizations for administrative functions in SAP KW. It gives administrators authorization for areas, the use of administrative tools, the creation of offline presentations, the HTML export service, print control, administrative actions at folder level, and specific support functions.

·        S_IWB_ATTR (Authorizations for Attribute Values)

This authorization object checks the user’s authorizations for changing info object attributes in SAP KW. You can define, for example, that an author cannot release an info object that they have created themselves, but rather must submit it for approval in a workflow first.

To activate the appropriate authorization check, execute the require activity in the SAP KW Implementation Guide (IMG).

 

This graphic is explained in the accompanying text

In addition to the SAP KW-specific authorization objects, all users who want to call the application help stored in SAP KW from an SAP R/3 System also require the authorization object S_RFC (authorization check for RFC access). This authorization object is included in the SAP user roles.

 

Leaving content frame