Start of Content Area

Function documentation Authorization Analysis  Locate the document in its SAP Library structure

Use

You can use authorization analysis to analyze the assignments in the MIC-specific roles and authorizations concept from different starting points (such as role, task person, user, or object). You can use the analysis to answer the following types of question:

·        Which roles is person/user XY assigned to?

·        Which persons are assigned to role XY and for which objects?

·        Which role does task XY belong to?

·        Who has authorization to perform task XY for object YZ?

·        Who is allowed to perform which task in which role for object XY?

Prerequisites

You have authorization for the task Display Authorization Analysis (DISP-SCREP).

Features

You start authorization analysis in the navigation area.

You can use the standard search function or the various tab pages to enter the analysis. When you have made a selection in a tab page, the result is transferred to the other tab pages so that the analysis can be continued on the other tab pages. Each tab page allows you to perform a specific type of search.

The search result always displays the following:

·        The source objects for which tasks are performed, such as an organizational unit for which process assignment is performed.

·        All roles that are relevant for a source object

·        The person who is assigned to the given role for the given object

For the combination of source object, role, and person, all tasks for which the combination is relevant are displayed in the second detail area. You can also display the target objects for each task. For the task Perform Process Design Assessment, for example, all processes for the organizational unit are displayed as target objects. You can also set a filter for a specific target object.

Filter

On the different tab pages, you can use different filters to restrict all of the search results further. On the Result tab page, all filters are available. From here, you can also reset all of the filters applied.

You set a filter by selecting a line containing the object to which you want to restrict the result, and then you choose the required pushbutton.

Not only can you set filters on the tab pages, but you can also set them in the dialog box containing the target objects. If you set a filter on a specific target object and then reset all other filters, the system displays all source objects, roles, persons, and tasks that are allowed for this target object.

Example

You are the control owner for a control and would like to determine who is allowed to perform which task with that control (such as who documents it, who tests it, and so on).

To do this, you first need to search for the control as a target object. One way of doing this is by entering your user and then restricting the selection to the role Control Owner on the Search by Role/Task tab page. Choose a task that you are allowed to perform for the control, and then set a filter for the control under Display Target Object. Switch to the Result tab page and set the filter back to the role and the person. The system then displays all roles and assigned persons who have to perform a task for the control.

 

End of Content Area