Displaying and Editing Predefined Authorizations (BC Users and Authorizations)

 Displaying and Editing Predefined Authorizations

Suppose you have created an activity group based on a selection of menu functions.

You can generate authorizations for this activity group automatically, whose fields are predefined to a great extent by SAP.

You can then add missing values afterwards, change predefined values and also add additional authorizations from SAP templates or profiles.

Generating Authorization Profiles

You generate authorizations by choosing Authorizations on the activity group maintenance screen.

  1. You can maintain missing values for organizational levels by choosing Org. levels.
  2. Organization levels are plants, company codes and business areas, for example. For each field that displays an organization level, you determine the global values for these activity groups.

    Save these entries.

  3. The system displays a browser view.

The following example of a browser view contains the various levels and their processing status.

The key explains the various hierarchy levels and the symbols used (Utilities ® Key).

Choose Open and Modified and Maintained to display open, changed or modified authorizations.

Choose Org. levels to maintain the organization levels. Organization levels are plants, company codes and business areas, for example.

The status line shows the status of the authorization profile: Unchanged, Saved, Changed or Generated.

The highest levels of the hierarchy represent the authorization object classes. Underneath are the associated authorization objects, authorizations and authorization fields. Their field contents are largely predefined by the system.

If you click on the plus sign next to a hierarchy level, the subordinate levels are displayed and the plus sign changes to a minus sign. If you then click on the minus sign, the browser view is compressed.

You can edit the display elements using icons in the hierarchy level and icons in the toolbar. The stoplights display the maintenance status of authorizations.

The Status Text for Authorizations displays their maintenance status.

You can choose any of the following display functions by choosing the Utilities menu:

Editing Authorizations

You can edit the predefined authorization values from the browser view. You can edit the display elements using icons in the hierarchy level and icons in the toolbar.

The current status of the organization units and authorizations is shown in the status (header) line and at the various levels of the tree structure with red, yellow and green stoplights.

You should also check the values of the authorization fields that are marked with a green stoplight.

You should maintain the organizational levels before editing field values.

  1. Maintaining Organizational Levels
  2. Missing organizational levels are indicated by a red stoplight. Each authorization field that represents an organizational level is filled with a maintained organizational level. Organization levels are plants, company codes and business areas, for example.

    You can maintain missing values for organizational levels by choosing Org. levels.

    Determine the global value for each field that displays an organization level. If, for example, the organizational level PLANT appears in several authorizations, you only need to maintain the value for the plant once on the organizational levels screen.

    You can display a list of all existing organizational levels using Transaction SUPO.

  3. Editing Authorizations and Organizational Levels

Authorization objects and authorizations have associated texts. As a rule, the authorization text is the same as the object text. It is possible that changes to texts can be lost if you delete, recreate or compare them.

If you double click on an authorization object or an authorization field, the system displays a help text.

If you double-click on the contents of an authorization field, you can change the authorization text (Edit ® Authorization text).

Maintaining Authorization Field Values

You maintain authorization field values by double-clicking on the contents of an authorization field, by clicking on an empty field, or by choosing Maintain.

Maintain the values in the input window.

You can assign full authorization (*) as follows:

Check the browser view for errors in the authorization assignment, and correct these. You should enter a value in the Authorization Groups field that is appropriate to the context, for example. If you are unsure as to the correct value, assign full authorization (*) for the fields where no value has been entered. You can change this value later.

Adding Authorizations

You can add the following authorizations by choosing Edit ® Add authorization. This gives you the option to:

Copy Authorizations for SAP Templates

Authorizations from composite profiles cannot be added.

Deactivating Authorization Objects

To deactivate an authorization object, choose:
Deactivated authorizations are ignored when profiles are generated.

Deactivating and Deleting Authorizations

To deactivate an authorization object, choose:
Deactivated authorizations are ignored when profiles are generated.

To delete an authorization object, choose:

This deletes the authorization and it is no longer displayed. To enable / disable the security prompt, choose Utilities ® Confirmation prompt on / off.

You can reactivate the inactive authorization by double-clicking on Inactive.

Summarizing Authorization Field Contents

You can summarize any identical field contents in the authorization fields of an authorization object by choosing Utilities ® Summarize auths.

Reorganizing Technical Names of Authorizations

The technical names of authorizations within each object are made up of the name of the activity profile plus two final digits in the number range 00...99: T_<Activity_group>nn, example: T_5002995604.

You can display the technical names by choosing Utilities ® Technical names on.

To avoid problems with number assignment, from time to time you should reorganize the numbers nn.

Choose Utilities ® Reorganize.

This starts the number assignment again from 00.

Whenever you generate a new authorization profile, this reorganization is automatically taken into account.