Wednesday, February 23, 2011

Global and Regional Authorization Concept

Concept:
- Global AA role (A)
- Global role (B)
- Global composite role (A+B+E)

- Regional AA role (C)
- Regional role (D)
- Regional composite role (C+D)(E)

Authorization can be inserted into roles that are used to determine what type of content is available to specific user groups.

Authorization Objects
Authorization objects enable you to define complex authorizations by grouping up to 10 authorization fields in an AND relationship to check whether a user is allowed to perform certain action. To pass an authorization test for an object, the user must satisfy the authorization check for each field in the object.

SU21 to maintain the authorization objects. Major one starts with RS.

Analysis Authorization (AA)
AA define semantic data slices a user is allowed to see in reporting, eg all data belonging to company code variable xxx that goes through user exit during query runtime. Infoobjects has to be defined as authorization relevant.

AA (Authorization Analysis)

No comments:

Post a Comment