Authorizations

SAP roles and authorizations are used to control access to the various SAP Profitability and Performance Management functions.

The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For role maintenance, you use the profile generator (transaction PFCG) on the AS ABAP.

The solution comes with the following predefined roles:
  1. Administration role /NXI/P1_ADMIN_USER or /NXI/P1_ADMIN_USER_ALL

    Users assigned to this role can run the following transactions:

    1. Default Settings
    2. Teams
  2. Modeling role /NXI/P1_MODELING_USER or /NXI/P1_MODELING_USER_ALL

    Users assigned to this role can run the following transactions:

    1. Modeling Overview
    2. My Environments
  3. Execution role /NXI/P1_EXECUTION_USER or /NXI/P1_EXECUTION_USER_ALL

    Users assigned to this role can run the following transactions:

    1. Execution Overview
    2. My Activities
    3. My Events
    4. My Reports
  4. Execution management role /NXI/P1_EXECUTION_MANAGER or /NXI/P1_EXECUTION_MANAGER_ALL

    Users assigned to this role can run the transaction Processes.

  5. Operations/system reports role /NXI/P1_SYSTEM_REPORT_USER or /NXI/P1_SYSTEM_REPORT_USER_ALL

    Users assigned to this role can run the following transactions:

    1. Application Monitor
    2. Process Monitor
    3. Modeling History

      By default, this role provides only display rights. To retrieve historic versions, the authorizations “Overwrite” and “Copy” are required (see below).

In addition, granular authorizations are maintained via authorization object /NXI/P1F using the following authorization fields:
  1. /NXI/P1ENV

    This attribute defines the environment, for which the authorization is maintained.

  2. /NXI/P1VER

    This attribute defines the environment version, for which the authorization is maintained.

  3. /NXI/P1PCU

    This attribute defines the calculation unit, for which the authorization is maintained.

  4. /NXI/P1FTY

    This attribute defines the function type, for which the authorization is maintained.

  5. /NXI/P1FID

    This attribute defines the function id, for which the authorization is maintained.

  6. /NXI/P1ACT
    This attribute defines, for which action the authorization is maintained. The following values are allowed:
    • “01” – Create
    • “03” – Display
    • “06” – Delete
    • “07” – Activate
    • “16” – Execute
    • “23” – Edit
    • “28” – Show Data
    • “30” – Edit Data
    • “46” – Merge
    • “51” – Delete Data
    • “71” – Analyze
    • “75” – Remove
    • “90” – Copy
    • “94” – Overwrite
    The following authorization activities have been updated to distinctively indicate authorizations on environment level:
    • “21” – Transport Environment Version
    • “81” – Create Environment Version
    • “82” – Edit Environment Version
    • “83” – Display Environment Version
    • “84” – Copy Environment Version
    • “85” – Merge Environment Version
    • “86” – Delete Environment Version

    See 2915996 Information published on SAP site for forther information.

To enable users to use the Processes Manage & Deploy application, you need to assign a SAP Profitability and Performance Management user group to individual users.