Start of Content Area

Function documentation Authorizations for Master Data Locate the document in its SAP Library structure

Use

Authorization checks are possible with changing or displaying master data.

You are able to define how authorization assignments and checks are to take place by characteristic, either:

·        By characteristic or

·        By characteristic value.

Features

Two authorization objects exist for this:

·        With authorization object S_RS_IOMAD a blanket authorization check takes place for a characteristic

·        With authorization object S_TABU_LIN (from the SAP Web Application Server) an authorization check takes place per characteristic value.

With authorization checks by characteristic value, the system generates an organization criterion for the characteristic. The organization criterion generates a connection between table key fields and the authorization fields for the authorization object S_TABU_LIN.

Using authorization object S_TABU_LIN you are able to enter characteristic values in each key field of the master data table for which the user is to have authorization. Do this in the profile generator in role maintenance. In this way you are able to use authorizations to protect the maintenance and display of master data/ texts for this characteristic at single record level.

Characteristic values for which the user has no authorization are then not displayed in the input helps either.

Activities

To grant authorizations for characteristics, proceed as follows:

In characteristic maintenance:

Activate authorization assignment by characteristic value by setting the Master Data Maintenance with Authorization Check indicator in the Master Data/ Texts tab page. Activate the characteristic.

See tab page: Tab Page: Master Data/ Texts

In role maintenance (transaction PFCG):

You can find the more extensive documentation on this procedure in Setting Up Authorizations with Role Maintenance.

...

For blanket authorizations for characteristics, add authorization object S_RS_IOMAD to the role. You will find this authorization object under Business Information Warehouse  ® Administrator Workbench – Maintain Master Data.

For authorizations for single characteristic values, add authorization object S_TABU_LIN to the role. You will find this authorization object under Basis Administration ®  Authorization for Organizational Units.

Example

For the characteristic 0COSTCENTER, you can assign authorization to display values 1000 - 1010 to user A , and authorization to display values 2000 – 2010 to user B.

 

End of Content Area