Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization strudture

Former Member
0 Kudos

Is this Authorization structure is right?

Authorization values

Authorization fields

Authoirzation group

Authoirzation objects

object class

profile

role

user

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi,

I have the following way of working. In my view I have to deal with the Presentation, activities and restrictions, information and organization.

When you use the PCFG transaction(profile generator) you use the menu tab for the presentation, the autorisation tab gives the activities, restrictions and information(data) and in case of organizational fields the organization. If you use the sap portal is that your presentation and what remains is in the backend that can be changed with the authorization group in the portal and the composite role in the backend. In case of BI the information is in the info provider and the organization in the info objects that are made authorization relevant. This is the technical side.

The functional side should be have its roots in the organization, functions and processes(transactions). In sap terms composite roles and roles and an overview of organizational aspects.

have fun and a nice xmas

Jan van Roest

3 REPLIES 3

Former Member
0 Kudos

Hi Venkata

What do you exactly mean by this ?

Do you want to know in what order you need to create the mentioned objects or ?

If that' the case, then as per my current understanding, you can see the hierarchy in terms of creation as per your requirement but to order all of them in one hierarchy order doesn't seems feasible to me:

1) Role creation: create the below in order

Auth. object

Auth fields

Auth Values

Then create a role via pfcg and manully insert the above menioned objects into that role and then generate the profiles using generate button.

Then assign that role to the user. This explains the hierarchy order for auth.objects,auth fields,auth.values, role, profile and users.

2) Authorization groups are mostly related to tables for further information user link below:

http://help.sap.com/saphelp_nw70/helpdata/en/a7/5134df407a11d1893b0000e8323c4f/frameset.htm

3) Object classes: I hope you meant auth. object classes,

they are not always necessary but in terms of the hierarchy you can create auth. object classes in Su21 and can then create and assign the auth. objects at the same time to these classes.

As such combining all of your mentioned objects into one hierachy could be difficult but i think the hierarchy order is dependent on your requirement as all of them might not be required at same time.

If I can help some other way then, kindly let me know and if this answer helped you little bit then assign the points.

Thanks & Cheers

V2

Former Member
0 Kudos

Hi Venkat,

This gives a reasonable depiction of auths in a linear form. I would leave out auth group as it is not relevant in that context.

It's a difficult one to show (and even harder to teach!) as you can separate structure and data e.g. Values, Authorizations, Profiles, User on one side and Fields, Auth Objects, Object Class on another. Not forgetting role represented as a virtual container under the user.

Former Member
0 Kudos

Hi,

I have the following way of working. In my view I have to deal with the Presentation, activities and restrictions, information and organization.

When you use the PCFG transaction(profile generator) you use the menu tab for the presentation, the autorisation tab gives the activities, restrictions and information(data) and in case of organizational fields the organization. If you use the sap portal is that your presentation and what remains is in the backend that can be changed with the authorization group in the portal and the composite role in the backend. In case of BI the information is in the info provider and the organization in the info objects that are made authorization relevant. This is the technical side.

The functional side should be have its roots in the organization, functions and processes(transactions). In sap terms composite roles and roles and an overview of organizational aspects.

have fun and a nice xmas

Jan van Roest