Data Ownership enables managers to determine which documents could be viewed and updated by regular users in SAP Business One.
Data ownership is relevant only for users who are not defined as Super Users in the Define Users window. This way, managers (i.e. super users) can control the data accessible to each of their employees.
An authorization can be granted for every document type and even at the document row level.
Data ownership is maintained according to the data defined for your employees in the Human Resources module, therefore it is highly recommended to read the document dealing with Human Resources prior to defining data ownership in your company.
Initial Definitions
1. Initializing Data Ownership in your company.
2. Defining users.
3. Assigning a license for every user.
4. Defining employees in the Human Resources module:
a. Defining employees in the Employee Master Data window.
b. Defining users which function as sales employees as Sales Employees
in the Human Resources module.
c. Defining a direct manager for every employee.
d. Linking employees to departments and branches.
e. Linking employees to teams if required.
5. Defining general authorizations for every regular user.
6. Defining relevant data ownership authorizations for every employee.
7. Defining data ownership exceptions if required.
Initializing Data Ownerships
In order to initialize data ownership in your company, go to Administration --> System
Initialization --> Authorizations --> Data Ownership Exceptions.
In this window, check the box Owner Filtering Active and click on Update.
Defining Employees
Contrary to general authorizations which can be granted at the functional level per user, data ownership authorizations are granted for employees defined in the Human Resources module.
Human Resources --> Employee Master Data
In order to work with data ownership authorizations, it is necessary to define the
following data for relevant employees:
u2022 User Code u2013 select a corresponding user code as defined under Definitions
General Define Users. Note that this field is mandatory for working with the
data ownership.
u2022 Sales Employee u2013 in case an employee functions as a sales employee in your
company, you need to specify his corresponding sales employee as defined
under Definitions General Define Sales Employees. Click the drop down
menu in this field and select the corresponding sales employee or select Define
New to define a new one. In the above example, the sales employee Ruth
Jefferson is selected in the Sales Employee field, thus establishing a
connection between Ruth's employee master data and her sales employee
name which can be linked to sales and purchasing documents.
u2022 Manager u2013 select the manager of the current employee. Note that only existing
employees will be available for selection.
u2022 Department
u2022 Branch
u2022 Teams u2013 you can define employees as team members or team leader under
the Membership tab page.
Authorizations
General Authorization Before you start defining data ownership authorizations, make sure to grant functional authorizations to the regular users in your company. These functional authorizations
determine whether a user can open documents, reports and various windows in Read Only or Full modes or not at all.
These authorizations can be defined under Administration --> System Initialization -->
Authorizations --> General Authorization
Ownership Types
Data ownership is based on the relationships among the employees in the company.
The ownership types are:
1. Peer u2013 this ownership type describes the relationships among all the employees who have the same direct manager. A Peer authorization allows an employee to access documents owned by one of his peers. In the above chart, Bill Levine and Sophie Klogg are peers.
2. Manager u2013 this ownership type can be defined for the employee's direct manager. A Manager authorization allows an employee to access documents owned by his direct manager. In the above chart, Daniel Jordan is the direct manager of Bill Levine and Sophie Klogg.
3. Subordinate - this ownership type can be defined for all the employees that work directly under the same employee. A Subordinate authorization allows an employee to access documents owned by all his subordinate employees. In the above chart, Bill Levine and Sophie Klogg are subordinates of Denial Jordan.
4. Department - this ownership type describes the relations among all the employees that work in the same department. A Department authorization allows an employee to access documents owned by all the employees in his department. In the above chart, Daniel, Bill, Sophie, Barbara, Peter, Ruth and Brad belong to the Sales department.
5. Branch - this ownership type describes the relationships among all the employees that work in the same branch. A Branch authorization allows an employee to access documents owned by all the employees in his branch. In the above chart, Ron Palmer, Daniel Jordan and Linda Carter belong to the Main branch.
6. Team - this ownership type describes the relationships among all the employees that belong to the same team. A Team authorization allows an employee to access documents owned by all the employees in his team.
Note! It is possible to define several ownership types for every employee, thus causing these ownerships to overlap. Therefore, it is recommended to define the minimal number of data ownership authorizations.
For example, if you would like Daniel Jordan to be able to access data owned by all of his subordinates (starting from Sophie and Bill and ending with Peter and Ruth) it is recommended to grant Daniel a Department authorization. It is not necessary to grant
Daniel an additional Subordinate authorization since a Department authorization
already allows him to access the documents owned by all his subordinates.
Data Ownership Authorizations
Administration --> System Initialization --> Authorizations --> Data Ownership Authorizations
Use this window to define the ownership types relevant for each of your employees.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.