Define Authorization Groups (SAP Library

Define Authorization Groups

In this IMG activity, you define the authorization groups for digital signatures.

You can use authorization groups to restrict the authorization to execute digital signatures in the PI sheet as follows:

You define different authorization groups for users with different areas of responsibility.

In the user master record, you assign the authorization for the authorization group that corresponds to the user's area of responsibility (authorization object C_SIGN_BGR).

You define individual signatures that users of a specific authorization group must execute, and use them in signature strategies for the PI sheet.

Authorization groups are not taken into account for control recipe destinations or PI sheets:

For which you use signatures without password check or signatures with simple password check (see Types of signature)

In which processing steps or values are signed by executing only one signature without a signature strategy

Example

The line operator and shift manager in your company must approve invalid input values. You make the following settings:

You define authorization groups OPER (line operator) and MANA (shift manager) .

You assign the authorization for group OPER to the line operators and the authorization for group MANA to the shift managers.

You define two individual signatures for the PI sheet and assign authorization group OPER to the first signature and authorization group MANA to the second signature.

Activities

1. Decide on the different authorization groups or areas of responsibility you require in your company.

2. Define an authorization group for every user group.

Further Notes

Authorization groups are valid for all areas that use the digital signature. Before changing authorization groups or using them for your requirements, make sure that there is no clash of interests with other areas.