Show TOC

 Assignment of Authorizations

Purpose

The standard user administration functions in the SAP system are used to assign the required authorizations to users who operate the central and decentralized systems in the system group . With the Role Generator, the Defense Forces & Public Security component provides an additional administration tool.

The Role Generator automatically updates the authorizations for users in accordance with their current organizational assignment to persons, positions, and force elements.

Prerequisites

You are using user administration in the SAP system and are familiar with its functions. For more information, see SAP Library at Start of the navigation path SAP NetWeaver Library Next navigation step SAP NetWeaver by Key Capability Next navigation step Security Next navigation step Identity Management Next navigation step Users and Roles End of the navigation path .

You are using SAP NetWeaver 2004s SPS 10 or higher.

Process Flow

The system automatically starts to update authorizations when you activate a force element or structure.

  1. Upon activation, the system starts the follow-up action /ISDFPS/CL_RM_STATUS_FOLLOW_UP (see Checks and Follow-Up Actions for Status Change ).

  2. The follow-up action determines the following data for the activated area:

    • All assigned users

    • All start times of active assignments between force elements, positions, persons, or users, as well as the respective end times (in short, all active assignment periods ).

  3. The follow-up action starts an instance of workflow RM100UPD for each assignment period (see Workflow: Role Generator ).

  4. The follow-up action starts an initial authorization update using the Role Generator for the respective users in accordance with their current organizational assignments.

  5. At the respective start time, each workflow instance uses the Role Generator to trigger an authorization update for all determined users based on their current organizational assignment.

    • If an end time has been specified that is before December 31,1999, the system retains this workflow instance until the end time. Once the end time is reached, the workflow instance starts a new authorization update for all determined users. This means that users lose authorizations that should not be granted to them after the end of an organizational assignment.

    • If no end time is specified, the system terminates the workflow instance.

Alternatively, you can start the workflow or the Role Generator independently of the activation processes.