Show TOC

 Asymmetrical Double Verification Principle

Use

This process controls access to infotypes by stipulating that two users are always required to create or change infotype data. The users do not have the same authorizations, which is why the process is called asymmetrical.

Features

The process proceeds as follows:

  • User A is granted authorizations with the authorization level E (enqueue), R (read) and M (matchcode) for the P_ORGIN (or P_ORGXX) authorization object instead of complete write authorizations ( authorization level W or * ). These authorizations allow user B to create, change or delete locked records only.

  • User B is granted authorizations with the authorization level D (dequeue), R and M for the authorization object P_ORGIN (or P_ORGXX) instead of complete write authorizations. These authorizations allow user B to unlock locked records (or lock unlocked records) only.

Activities

  • User A enters new data and user B unlocks the new data.

  • Existing data can be changed in two ways:

  • User B locks the data, user A changes the data, and user B unlocks the data.

  • Alternatively, user A creates a locked copy from the unlocked data and changes this copy. User B then unlocks the data.

  • To delete unlocked data, user B locks the data which is then deleted by user A

In this process, user A is always responsible for entering and changing data and user B for approving the changes.