Defining Authorizations
SAP Business One is equipped with a comprehensive authorization facility that can be tailored to every user. During the implementation phase, the system administrator should devise an authorization policy to prevent unauthorized access to the database. By assigning the correct authorization, changes to document fields can be restricted.
Certain precautions must be taken to ensure that access to the data is monitored. In the General Ledger, users who do not have authorization for the document journal, but are authorized for journal entries, can use the data record pushbuttons to scroll through the database and view documents. In this way, they can display other entries, even though they are not authorized to display lists, for example, in the document journal.
You should grant authorizations to each user according to the user's actual role and responsibilities. SAP Business One provides the following authorization options:
Full Authorization
: The user is able to display and modify data for that function.Read Only
: The user can only view, but not change data.This option targets only data, so it is not available for functions that require user operations (for example, removing business partners).
No Authorization
: The user has no access to that function.
Note
A superuser has full authorizations for all functions and these authorizations cannot be modified.
Each user's authorizations are displayed in the Authorizations
window. Various Authorizations
is displayed for modules with mixed authorizations, such as full authorization for some submodules and read-only for others.
Prerequisites
You are a superuser.
You have created regular users in the system.
You have assigned users to appropriate authorization groups. For more information, see Defining Authorization Groups.
Procedure
From the SAP Business One
Main Menu
, choose
Administration
System Initialization
Authorizations
General Authorizations
. The Authorizations
window opens.On the
Authorization Groups
tab of theAuthorizations
window, define authorizations for each authorization group.Each authorization group's authorizations are automatically applied to all users within the group.
On the
Users
tab, fine-tune each user's authorizations to ensure appropriate effective authorizations for all permission items.Choose the
Update
button to save the changes in theAuthorizations
window.
Note
If you grant a user full or read-only authorization for a certain function, make sure that you have assigned an appropriate license to the user. Otherwise, the authorization setting is not effective.