You authorize users to perform tasks and exercise access rights on behalf of other users. The system administrator must grant you authorization to perform central delegation.
You can authorize a user (the delegate) to perform the tasks and to exercise the access rights of another user (the delegator).
You delegate access rights by creating a new delegation in which you designate one user as the delegator and another as the delegate. The delegator’s access rights and tasks become accessible to the delegate for the validity period that you specify.
Recommendation
Companies limit access to Central Delegation because it authorizes users to access all delegations and to delegate on another user’s behalf.
Caution
Authorization granted to power users through the role SAP_GRC_FN_ALL cannot be delegated to business users. If a power user needs to delegate his or her authorization to others, he or she must ask the IT department to assign the PFCG role SAP_GRC_FN_ALL to that user. This delegation is not entity-dependent. For more information, see Standard Roles and Authorization Objects.
You have authorization for central delegation. For more information, see the SAP Access Control 10.1/ Process Control 10.1/ Risk Management 10.1 Security Guide at http://help.sap.com/grc.
To delegate the access rights of one user to another, follow the steps below.
Select Access Management work center, choose
The Central Delegation screen displays all existing delegations. From here, you can create a new delegation, open and edit an existing delegation, or delete a delegation.
To create a new delegation, choose Create.
The Central Delegation screen displays.
Enter the information as follows:
In the Delegator User field, select the value help to display the User List dialog box.
Enter, or search for, the user name. Select a user name and choose OK.
The Delegator and User ID fields are automatically filled when you select a user.
Note
You can use wildcards (*) in a search.
In the Delegate User field, select the delegate in the same manner as you selected a delegator.
The system fills in the Full Name field when you select a user.
In the Delegation Period field, adjust the defaults as needed.
The Start Date defaults to the date the delegation is created.
Enter the date you want the delegation to begin.
The End Date defaults to unlimited (December 31, 9999).
Enter the date you want the delegation to end. If you accept the default of an unlimited End Date, you can change the date later, or delete the delegation when it is no longer needed.
To edit an existing delegation, choose a delegation assignment and then Open.
The Central Delegation screen appears. You can change only the End Date.
Choose Save to save your changes.
Choose the delegation assignment and then Delete.
You are prompted to confirm the deletion.
Choose Yes.