BW Authorizations:
The
activities that you can carry out in SAP SEM-BPS are covered by the SAP
authorization concept. This means that you can assign different access
rights to planning functionality to the people who work with the SEM
System.
Integration
The
system checks the special authorization objects that SEM-BPS defines
and, if necessary, also those authorization objects that are defined for
reporting in the SAP Business Information Warehouse environment. In
this case, the SEM-BPS users must have both the SEM-BPS
application-specific authorizations and the general SAP BW reporting
authorizations. You manage the SEM-BPS authorizations using the system
administration tools and the BW reporting authorizations using the
relevant functions under Business Explorer ® Authorizations ® Reporting - Authorization Objects.
To
assign authorizations for changing and displaying plan data separately,
you must include the ACTVT (activity) field in the reporting
authorization object. In this field the value 02 represents the
authorization to change and 03 the authorization to display plan data.
If you do not include the field, then this corresponds to an
authorization to change plan data.
In
addition to that, because of internal dependencies, you need
authorization for the following authorization objects for data entry
using planning layouts:
· S_BDS_DS: This authorization object controls access to documents, which belong to a document set of the Business Document Service (BDS).
· S_TRANSLAT: This authorization object controls access to the translation functions of the SAP System.
Features
The following authorization objects exist for the SEM Business Planning and Simulation component:
· R_AREA:
You use this authorization object to control access to planning areas
and all subordinate objects. You must set up read access to planning
areas for people who will work with the SEM-BPS component. Otherwise,
they will not be able to access any of the subordinate planning
elements.
· R_PLEVEL:
You use this authorization object to control access to planning levels
and all subordinate objects. This authorization object is also relevant
to access documents of the SEM-BIC component.
· R_PACKAGE: You use this authorization object to control access to planning packages (including ad hoc packages).
· R_METHOD: You use this authorization object to control access to planning functions and the appropriate parameter groups.
· R_PARAM: You use this authorization group to control access to individual parameter groups of a certain planning function.
· R_BUNDLE:
You use this authorization object to control access to global planning
sequences (you control authorizations for planning sequences, which you
create for a planning level, with the authorization objects R_METHOD, R_PLEVEL, or R_AREA).
No
separate authorization for execution is defined for this authorization
object. Whether a global planning sequence can be executed or not,
depends on the authorization objects for the planning functions
contained in it.
· R_PROFILE: You
use this authorization object to control access to planning profiles. A
planning profile restricts the objects that can be viewed. If you wish
to view the planning objects, you must have at least display
authorization for the appropriate planning profile.
· R_PM_NAME:
You use this authorization object to control access to planning
folders. In order to be able to work with planning folders, you also
require the necessary authorizations for the planning objects combined
in the folder.
· R_WEBITF: You
use this authorization object to control access to Web interfaces that
you create and edit with the Web Interface Builder, and from which you
can generate Web-enabled BSP applications.
· R_STS_PT:
You use this authorization object to control access to the Status and
Tracking System. The object enables a check to be carried out whether a
user is allowed access to a certain subplan or a version of it with the
Status and Tracking System.
· R_STS_CUST:
You use this authorization object to control access to Customizing for
the Status and Tracking System. The object enables or forbids a user to
execute Customizing.
· R_STS_SUP:
This authorization object provides the assigned users with the status
of a super user in relation to the Status and Tracking System. The
object enables changing access to all plan data, independent of whether
and where a user of the cost center hierarchy it is based on is
assigned. The authorization object is intended
for members of a staff controller group, who are not part of the line
organization of the company, but who nevertheless must be able to
intervene in the planning process.
In
accordance with the hierarchical relationships that exist between the
various types of planning objects, authorizations that are assigned to
an object on a higher level are passed on to its subordinate objects. An
authorization that has been passed on can be enhanced but not
restricted on a lower level. The following table presents the
combination possibilities using the example of a change authorization
for planning area and level:
Change Planning Area
|
Change Planning Level
|
Authorization Available for Level
|
yes
|
no
|
yes
|
yes
|
yes
|
yes
|
no
|
no
|
no
|
no
|
yes
|
yes
|
In practice this behavior means that you can proceed according to two different strategies when setting up authorizations:
· Minimization of Customizing Effort:
You assign authorizations for planning objects on as high a level as
possible, and thereby enable access to the planning objects without
further authorization assignment on lower levels.
· Optimization of Delimitation of Access Rights:
You assign authorizations for planning objects on as low a level as
possible, and therefore make sure that access to a planning object is
only possible for the person responsible for this.
Activities
Create
the user profiles you require and then assign authorization objects to
these profiles. Then assign the newly created user profiles to possible
users.
You can
find further information on the activities associated with the different
authorization objects in the online documentation on the authorization
objects themselves. You can call this up in the maintenance transaction
"Role maintenance" (PFCG).
No comments:
Post a Comment