Define authorization objects for planning

In this step you define

authorization objects which the system protects in planning. Each authorization object can consist of up to 10 fields, which you can define and group together as you wish. (You can also use the characteristics of the operating concern or a free variable for the value field.) All other characteristics which you do not specify in the object are regarded as allowed.

By choosing up to 10 fields more than once, you can create different authorization objects that are linked with one another. However, it is recommended that you only create one object. Otherwise the "AND" links between authorization objects could cause difficulties when you create the authorizations for individual users.
Before a user performs an action in planning, the system checks his or her authorization. If he or she is lacking authorization for just one of the objects, the system refuses the request. You can define the authorizations for individual users under "Tools -> Administration -> Maintain users" from the main menu.

Possible authorizations for an object include:

This means that the user is authorized for all values of the characteristic.
This means that the user is not authorized at this level. He or she may only look at the total for the characteristic
This means the user is not authorized for any value of the characteristic (only non-assigned values)

The following tables demonstrates how the system checks your entries against an authorization object:

	Field content   *		 Y		 #	 does not exist
  *				 x		 x		 x		 x
  (A,Z)			 -		 x		 -		 -
  X				 -		 -		 -		 -
  #				 -		 -		 x		 -
  :				 -		 -		 -		 x

Examples of how authorization objects are used in planning

For planning, assume that the object Y_KEPL_X00 was defined with the fields "Customer", "Product range" and "Region".

User A needs to carry out single-segment planning for customer C01. Data exists for product ranges A1, A2 and A3. The value entered by the user for customer C01 is stored for product range SPACE, region SPACE.
Necessary authorization: Customer C01, Product range ":", Region ":".

User A needs to carry out multi-segment planning for customer C01 and all product ranges.
Necessary authorization: Customer C01, Product range "*", Region ":".


Define your authorization objects.