Authorization Concept in SAP KW

Use

Authorizations are used to control access to the contents of SAP KW. The authorizations depend on the role of the relevant user in the enterprise, which in turn defines the activities that a user can execute in the system.

Authorizations in SAP KW are assigned at folder level. To restrict authorizations, for example, to give a user write authorization for one folder only, you can assign folders to folder groups.

Integration

For authorization assignment, SAP KW uses the authorization concept and the corresponding standard functions of the SAP system.

Features

The authorizations in SAP KW are controlled using the following three authorization objects:

S_IWB (Knowledge Warehouse)

This authorization object defines the authorizations for the basic functions in SAP KW, that is, for the attributes Area, Folder Group, Language or Target Language (Translation), Enhancement, Enhancement Release, and Country. It includes the activities Create, Change, Display, Delete, and Translate.
S_IWB_ADM (Knowledge Warehouse Administration)

This authorization object defines the authorizations for administrative functions in SAP KW. Administrators are given the authorization for areas, the use of administrative tools, for example, print control, administrative actions at folder level.
S_IWB_ATTR (Authorizations for Attribute Values)

This authorization object checks the user’s authorizations for changing info object attributes in SAP KW.

To activate the appropriate authorization check, execute the required activity in transaction SI24.

Note

In addition to the SAP KW-specific authorization objects, all users who want to call the application help stored in SAP KW from an SAP system also require the authorization object S_RFC (authorization check for RFC access). This authorization object is included in the SAP user roles.