New authorization concept in CO-OM


For Release 4.0 a new unified authorization concept for Overhead Cost Controlling is being introduced, which makes the maintenance and issuing of authorizations for users much easier.

Two new authorization fields have been created for the new concept:

The CO objects, cost center, order, profit center and business process are summarized in a standard hierarchy as a responsibility area. Each node and each component in a standard hierarchy is a responsibility area.
You enter the responsibility areas in authorization maintenance. The system then gives you a format with which you can work with familiar objects (cost center, order, business process, profit center). The objects you enter as responsibility areas are saved internally. You can easily build an authorization hierarchy, for example, using cost center nodes. The compilation and validation of the responsibility areas occurs in the background.
Using the responsibility areas means that you can summarize several authorization objects. Maintenance time is reduced due to the reduced number of objects.
Each transaction produces a CO ACTION, together with an activity. In this way, many transactions can be summarized, for example, if the first two figures for CO_ACTION are always "10" for all planning transactions. The next two figures characterize the activity (Ex.: CO_ACTION 1002 = Change planning 1003 = Display planning). There are a vast number of possible CO Actions that can help you to simplify the issuing of authorizations.
In the input you see each time only the CO_ACTIONs that are suitable for each authorization object. You can use the names of the CO_ACTION's (Ex. change master data, display planning...) to assign authorizations.

The following new authorization objects have been created:

The new authorization concept works according to the inheritance principle: If a user has authorization for a node in the standard hierarchy, they automatically have the same authorization for all nodes and components below. (Until now, you needed to have the explicit authorization for each individual object; it was not enough to have authorization for a node to which the object is assigned.)

In object K_ORDER you can enter cost centers and nodes for the cost center standard hierarchy, in addition to orders. If, for example, you have the authorization to make changes for node K1, then you can change all orders that hang under the K1 node in the hierarchy through your responsible cost center. If, however, you only have authorization for the K1 node in authorization object K_CCA, then you may not change the orders below. For order processing you would need the corresponding authorization for authorization obeject K_ORDER.

If you do not want to use the new logic, you do not need to do anything for the time being because the "All" authorization for the new objects is contained in the SAP_NEW_40A-Profile.

The old authorization objects are still valid. The new authorization objects are checked additionally by the system each time.

System administration changes

To convert to the new authorization objects: