Change documents
Structural authorizations
Adapting business processes to legal requirements requires control of users and authorizations. Manage your compliance control permanently without risks. Manage users and their authorizations in all SAP systems centrally and efficiently with our solution for your SAP authorization management: Automatically generate authorization roles for users and assign them.
The implementation of the time-space validation checks is carried out as an additional time-space filter. For selection criteria outside the valid time period, the message "Not authorised to display data from this time period" appears. However, if the selection criteria are partially within the valid time period, the documents that are outside the time period will be filtered out by the system without the user receiving a notice. In the example shown in the above figure, users of the BP-NRW Verifier Group would be left without comment when calling the vendor list for the period 01.01.2010 to 31.12.2014. This system behaviour can be somewhat irritating.
Limit character set for user ID
The context-dependent authorizations combine the general and structural authorizations and avoid situations like in the example above. The context-dependent authorizations can be separated so finely that a separation of functions can be made possible without any gaps. Basically, with context-dependent authorizations, the authorization objects are supplemented by structural authorization profiles. This means that authorizations are no longer assigned generally, but only for the objects in the authorization profile. The use of context-dependent authorizations means that the familiar P_ORGIN authorization objects are replaced by P_ORGINCON and P_ORGXX by P_ORGXXCON. The new authorization objects then contain a parameter for the authorization profile.
In SAP systems you always have the possibility to integrate custom developments. In such extensions or your own programmes, you must implement permission checks and may also create your own authorization objects. You can also supplement authorisation checks in standard transactions if the existing checks do not cover your requirements.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
Are you already using BAPIs in user care? For example, you can use them to set up a password reset self service.
The user is assigned to the person as an attribute and therefore not visible in the organisational model.