12-20-2007 10:46 AM
Is this Authorization structure is right?
Authorization values
Authorization fields
Authoirzation group
Authoirzation objects
object class
profile
role
user
12-20-2007 12:51 PM
Hi,
I have the following way of working. In my view I have to deal with the Presentation, activities and restrictions, information and organization.
When you use the PCFG transaction(profile generator) you use the menu tab for the presentation, the autorisation tab gives the activities, restrictions and information(data) and in case of organizational fields the organization. If you use the sap portal is that your presentation and what remains is in the backend that can be changed with the authorization group in the portal and the composite role in the backend. In case of BI the information is in the info provider and the organization in the info objects that are made authorization relevant. This is the technical side.
The functional side should be have its roots in the organization, functions and processes(transactions). In sap terms composite roles and roles and an overview of organizational aspects.
have fun and a nice xmas
Jan van Roest
12-20-2007 12:41 PM
Hi Venkata
What do you exactly mean by this ?
Do you want to know in what order you need to create the mentioned objects or ?
If that' the case, then as per my current understanding, you can see the hierarchy in terms of creation as per your requirement but to order all of them in one hierarchy order doesn't seems feasible to me:
1) Role creation: create the below in order
Auth. object
Auth fields
Auth Values
Then create a role via pfcg and manully insert the above menioned objects into that role and then generate the profiles using generate button.
Then assign that role to the user. This explains the hierarchy order for auth.objects,auth fields,auth.values, role, profile and users.
2) Authorization groups are mostly related to tables for further information user link below:
http://help.sap.com/saphelp_nw70/helpdata/en/a7/5134df407a11d1893b0000e8323c4f/frameset.htm
3) Object classes: I hope you meant auth. object classes,
they are not always necessary but in terms of the hierarchy you can create auth. object classes in Su21 and can then create and assign the auth. objects at the same time to these classes.
As such combining all of your mentioned objects into one hierachy could be difficult but i think the hierarchy order is dependent on your requirement as all of them might not be required at same time.
If I can help some other way then, kindly let me know and if this answer helped you little bit then assign the points.
Thanks & Cheers
V2
12-20-2007 12:43 PM
Hi Venkat,
This gives a reasonable depiction of auths in a linear form. I would leave out auth group as it is not relevant in that context.
It's a difficult one to show (and even harder to teach!) as you can separate structure and data e.g. Values, Authorizations, Profiles, User on one side and Fields, Auth Objects, Object Class on another. Not forgetting role represented as a virtual container under the user.
12-20-2007 12:51 PM
Hi,
I have the following way of working. In my view I have to deal with the Presentation, activities and restrictions, information and organization.
When you use the PCFG transaction(profile generator) you use the menu tab for the presentation, the autorisation tab gives the activities, restrictions and information(data) and in case of organizational fields the organization. If you use the sap portal is that your presentation and what remains is in the backend that can be changed with the authorization group in the portal and the composite role in the backend. In case of BI the information is in the info provider and the organization in the info objects that are made authorization relevant. This is the technical side.
The functional side should be have its roots in the organization, functions and processes(transactions). In sap terms composite roles and roles and an overview of organizational aspects.
have fun and a nice xmas
Jan van Roest