Docstoc

6-7-users-authorization

Document Sample
6-7-users-authorization Powered By Docstoc
					Users & Authorization
     Users must be setup and roles assigned to user
      master records before you can use the SAP
      System.
     A user can only log on to the system if he or she
      has a user master record. A user menu and
      authorizations are also assigned to the user
      master record via one or more roles.
      Users in the R/3 Environment
Present.



                                     Operating System   OS User
 Server




                                                        R/3 User
Application




                                     Operating System   OS User
  Server




                  Dispatcher


              D    B    V      ...
                                                        Admin. User
 Database Server
Database




                                     Operating System   OS User
 Server




                                                        DB User
The User Master Record



                 All user data required for
                R/3 System access is stored
                 in the user master record
                     in eight categories
Types of users
Authorization Concept
     User master record                      User master record

          Profile                                  Profile

        Authorization                           Authorization
         for Task A                              for Task B



     Action                                                  Action


                        Transaction permitted?

                    Authorizations assigned?

                    Objects needing protection

              Vendor              Material
        Company code                                 Plant
Authorization Check
       SAP GUI
                  Dynpro



                 Authority     User
                  Check       Context



                   OK?          No



                              Message
                    Yes



                 Processing
   Authorization Objects
                                       Authorization

                                    Customer company code:
             Authorization object       Authorization A
  Object
  class          Object: Customer          0001-0009
                  company code
 Financial                              display, change
                   Company Code
Accounting
                      Activity      Customer company code:
                                        Authorization B

                                               *


                                            display
User Administration Authorizations

    Object         Fields     Value   Meaning
   User Master                01      Create
                   ACTIVITY
  Maintenance:                02      Change
  Authorizations              03      Display
 (S_USER_AUT)                 06      Delete
                              07      Activate
                              08      Display change documents
                              22      Assign authorization profiles
                              24      Archive



                   AUTH               Limited name space
                                      for the assignment
                                      of authorization names



                   OBJECT             Authorization objects
Central User Administration
With central user administration, the
creation and maintenance of all user
master data is performed in a single
R/3 System
                                        Client 100   QAS System
                                        Client 200




       Client 100
       Client 200
       Client 300




                                                     PRD System
     DEV System                         Client 100
Information System

				
DOCUMENT INFO