In this IMG activity, you define authorization objects which the system protects in planning. Each authorization object can consist of up to 10 fields, which you can define and group together as you wish (you can also use the characteristics of the operating concern or a free variable for the value field). All other characteristics which you do not specify in the object are regarded as allowed.
By choosing up to 10 fields more than once, you
can create different authorization objects that are linked with one another.
However, it is recommended that you only create one object. Otherwise the
"AND" links between authorization objects could cause difficulties when you
create the authorizations for individual users.
Before a user performs an action in planning, the system checks his or her
authorization. If the authorization is lacking for just one of the objects,
the system refuses the request. You can define the authorizations for
individual users under Tools -> Administration -> Maintain
users from the main menu.
If desired, you can activate characteristic derivation for the authorization check. In this case, the system checks the user's authorization for all the characteristics that can be derived. For the system to do this, the user must have authorization for the activity "B3" (Derive) in authorization object "K_KEPL_TC" (Sales and profit planning). In addition, the set/get parameter "RDA" must have the value "X" in the user parameters.
Possible authorizations for an object include:
The following tables demonstrates how the system checks your entries against an authorization object:
Field content * Y # does not exist
Authorization:
* x x x x
(A,Z) - x - -
X - - - -
# - - x -
: - - - x
Examples of how authorization objects are used in planning
For planning, assume that the object Y_KEPL_X00 was defined with the fields "Customer", "Product range" and "Region".
User A needs to carry out single-segment
planning for customer C01. Data exists for product ranges A1, A2 and A3. The
value entered by the user for customer C01 is stored for product range SPACE,
region SPACE.
Necessary authorization: Customer C01, Product range ":", Region
":".
User A needs to carry out multi-segment
planning for customer C01 and all product ranges.
Necessary authorization: Customer C01, Product range "*", Region
":".
Define your authorization objects.