In this step you define
authorization objects which the system protects in planning. Each authorization object can consist of up to 10 fields, which you can define and group together as you wish. (You can also use the characteristics of the operating concern or a free variable for the value field.) All other characteristics which you do not specify in the object are regarded as allowed.
By choosing up to 10 fields more than once, you can create
different authorization objects that are linked with one another.
However, it is recommended that you only create one object.
Otherwise the "AND" links between authorization objects could cause
difficulties when you create the authorizations for individual
Before a user performs an action in planning, the system checks his or her authorization. If he or she is lacking authorization for just one of the objects, the system refuses the request. You can define the authorizations for individual users under "Tools -> Administration -> Maintain users" from the main menu.
Possible authorizations for an object include:
The following tables demonstrates how the system checks your entries against an authorization object:
Field content * Y # does not exist
* x x x x
(A,Z) - x - -
X - - - -
# - - x -
: - - - x
Examples of how authorization objects are used in planning
For planning, assume that the object Y_KEPL_X00 was defined with the fields "Customer", "Product range" and "Region".
User A needs to carry out single-segment planning for customer
C01. Data exists for product ranges A1, A2 and A3. The value
entered by the user for customer C01 is stored for product range
SPACE, region SPACE.
Necessary authorization: Customer C01, Product range ":", Region ":".
User A needs to carry out multi-segment planning for customer
C01 and all product ranges.
Necessary authorization: Customer C01, Product range "*", Region ":".
Define your authorization objects.