Entering content frame!--a11y-->

Background documentation Authorization Objects and Example Roles 

Authorization checks are made in the SAP system and in the J2EE Engine. The J2EE Engine only checks the authorizations for authorization object F_ACT_EBPP (F_KK_EBPP). Checks on the rest of the authorization objects (detailed below) are made in the SAP system. Authorization object F_ACT_EBPP (F_KK_EBPP) controls the specifically SAP Biller Direct authorizations. The authorizations for this authorization object are downloaded from the SAP system following successful authentication of the Web user, and checked before each of the Web user activities on the J2EE Engine.

Accounts Receivable Accounting (FI-AR):

All special functions for SAP Biller Direct are protected by authorization object F_ACT_EBPP.

In addition, the Web user authorizations are checked for the following authorization objects in the SAP system:

Object class AAAB:

·  B_NOTIF

·  S_RFC

Object class BC_A:

·  S_SPO_DEV

·  S_TABU_DIS

·  S_USER_GRP

Object class BC_Z:

·  S_BDS_DS

·  S_OC_DOC

·  S_OC_ROLE

·  S_OC_SEND

Object class FI:

·  F_ACT_EBPP

·  F_BKPF_BUK

·  F_BKPF_KOA

·  F_KNA1_APP

·  F_KNA1_BUK

·  F_KNA1_GEN

·  F_KNA1_GRP

·  F_WEB_EBPP

Object class PM:

·  I_QMEL

Object class SD:

·  V_VBRK_FKA

·  V_VBRK_VKO

You can assign roles with the appropriate authorizations or partial authorizations to the Web users. SAP delivers example roles that summarize the necessary authorizations. As these roles have generic authorizations, you have to copy these and adapt them for your requirements.

·  SAP_FI_FSCM_BD_POOLUSER
Contains all of the authorizations the pool user requires, if the user is only to have read access to the back end. In this case, you have to use named connections for the changing accesses to the SAP system.

·  SAP_FSCM_BD_AR_POOL_RW
Contains all of the required authorizations for the pool user, if the user is to execute read and write access to the back end. You use this role when you do not have named connections.

·  SAP_FIN_FSCM_DM_RFC_COMM

Use this role in addition for the pool user, if you are operating SAP Biller Direct in conjunction with SAP Dispute Management.

·  SAP_FI_FSCM_ALL
Contains all of the authorizations that a user of
SAP Biller Direct requires. Note that you must enter values for this role if the user is to be able to carry out functions such as partial payments or address changes.

You can find more example roles with transaction PFCG using the input help and search template *FSCM*.

Contract Accounts Receivable and Payable (FI-CA):

All special functions for SAP Biller Direct are protected in FI-CA by authorization object F_KK_EBPP. In addition, the Web user authorizations are checked for the following authorization objects in the SAP system:

Object class AAAB:

·  B_ALE_MODL

·  B_BUPA_FDG

·  B_BUPA_RLT

·  B_CCARD

·  B_NOTIF

·  S_RFC

Object class BPCT:

·  B_PCONTACT

Object class FI:

·  F_KKKO_BEG

·  F_KKKO_BUK

·  F_KKVK_BEG

·  F_KKVK_BUK

·  F_KKVK_VKT

·  F_KK_AVIS

·  F_KK_EBPP

Object class PM:

·  I_QMEL

Object class BC_Z:

·  S_BDS_DS

You can assign roles with the appropriate authorizations or partial authorizations to the Web users. SAP delivers example roles that summarize the necessary authorizations. As these roles have generic authorizations, you have to copy these and adapt them for your requirements.

...

·  SAP_FI_FSCM_BD_POOL
Contains all of the authorizations the pool user requires, if the user is only to have read access to the back end. In this case, you have to use named connections for the changing accesses to the SAP system.

·  SAP_FSCM_BD_CA_POOL_RW
Contains all of the required authorizations for the pool user, if the user is to execute read and write access to the back end. You use this role when you do not have named connections.

·  SAP_FIN_FSCM_DM_RFC_COMM

Use this role in addition for the pool user, if you are operating SAP Biller Direct in conjunction with SAP Dispute Management.

·  SAP_FI_FSCM_ALL_BD
Contains all of the authorizations that a user of
SAP Biller Direct requires. Note that you must enter values for this role if the user is to be able to carry out functions such as partial payments or address changes.

You can find more example roles with transaction PFCG using the input help and search template *FSCM*. Proposed values that are dependent on the settings you have defined in Customizing are not delivered in the standard system. You need to adapt these as appropriate.

 

 

 

Leaving content frame