Show TOC

Procedure documentationCentral Delegation Locate this document in the navigation structure

 

You authorize users to perform tasks and exercise access rights on behalf of other users. The system administrator must grant you authorization to perform central delegation.

  • You can authorize a user (the delegate) to perform the tasks and to exercise the access rights of another user (the delegator).

  • You delegate access rights by creating a new delegation in which you designate one user as the delegator and another as the delegate. The delegator’s access rights and tasks become accessible to the delegate for the validity period that you specify.

Recommendation Recommendation

Companies limit access to Central Delegation because it authorizes users to access all delegations and to delegate on another user’s behalf.

End of the recommendation.

Caution Caution

Authorization granted to power users through the role SAP_GRC_FN_ALL cannot be delegated to business users. If a power user needs to delegate his or her authorization to others, he or she must ask the IT department to assign the PFCG role SAP_GRC_FN_ALL to that user. This delegation is not entity-dependent. For more information, see Standard Roles and Authorization Objects.

End of the caution.

Prerequisites

You have authorization for central delegation. For more information, see the SAP Access Control 10.1/ Process Control 10.1/ Risk Management 10.1 Security Guide at http://help.sap.com/grc.

Procedure

To delegate the access rights of one user to another, follow the steps below.

To create a new delegation

  1. Select Access Management work center, choose   GRC Role Assignments   Central Delegation  

    The Central Delegation screen displays all existing delegations. From here, you can create a new delegation, open and edit an existing delegation, or delete a delegation.

  2. To create a new delegation, choose Create.

    The Central Delegation screen displays.

  3. Enter the information as follows:

    1. In the Delegator User field, select the value help to display the User List dialog box.

    2. Enter, or search for, the user name. Select a user name and choose OK.

      The Delegator and User ID fields are automatically filled when you select a user.

      Note Note

      You can use wildcards (*) in a search.

      End of the note.

    3. In the Delegate User field, select the delegate in the same manner as you selected a delegator.

      The system fills in the Full Name field when you select a user.

    4. In the Delegation Period field, adjust the defaults as needed.

      • The Start Date defaults to the date the delegation is created.

        Enter the date you want the delegation to begin.

      • The End Date defaults to unlimited (December 31, 9999).

        Enter the date you want the delegation to end. If you accept the default of an unlimited End Date, you can change the date later, or delete the delegation when it is no longer needed.

To edit an existing delegation

  1. To edit an existing delegation, choose a delegation assignment and then Open.

    The Central Delegation screen appears. You can change only the End Date.

  2. Choose Save to save your changes.

To delete an existing delegation

  1. Choose the delegation assignment and then Delete.

    You are prompted to confirm the deletion.

  2. Choose Yes.