Show TOC Start of Content Area

Function documentation Authorizations for Master Data  Locate the document in its SAP Library structure

Use

In order to be able to change or display master data, authorization checks are possible.

You are able to define how authorization assignments and checks are to take place by characteristic, either:

·        By characteristic or

·        By characteristic value.

Features

Two authorization objects exist for this:

·        With authorization object S_RS_IOMAD a blanket authorization check takes place for a characteristic

·        With authorization object S_TABU_LIN (from the SAP Application Server) an authorization check takes place by characteristic value.

With authorization checks by characteristic value, the system generates an organization criterion for the characteristic. The organization criterion generates a connection between table key fields and the authorization fields for the authorization object S_TABU_LIN.

Using authorization object S_TABU_LIN you are able to enter characteristic values in each key field of the master data table for which the user is to have authorization. Do this in the profile generator in role maintenance. In this way you are able to use authorizations to protect the maintenance and display of master data/ texts for this characteristic at single record level.

Characteristic values for which the user has no authorization are then not displayed in the input helps either.

Activities

To grant authorizations for characteristics, proceed as follows:

In Characteristic Maintenance:

Activate authorization assignment by characteristic value by setting the Master Data Maintenance with Authorization Check indicator in the Master Data/Texts tab page. Activate the characteristic.

See Tab Page: Master Data/Texts.

In Role Maintenance (Transaction PFCG):

For more extensive documentation about this procedure, see Setting Up Standard Authorizations.

...

For blanket authorizations for characteristics, add authorization object S_RS_IOMAD to the role. You will find this authorization object under Business Information Warehouse  Data Warehousing Workbench – Maintain Master Data.

For authorizations for single characteristic values, add authorization object S_TABU_LIN to the role. You will find this authorization object under Basis Administration       Authorization for Organizational Units.

Example

For the characteristic 0COSTCENTER, you can assign authorization to display values 1000 - 1010 to user A , and authorization to display values 2000 – 2010 to user B.

 

End of Content Area