sap許可權管理技術架構分析

zhengnx發表於2013-07-07
架構
General Authorization Object for Internal Orders
Definition
The general authorization object for Internal Orders (K_ORDER), allows you to issue authorizations for CO-OM responsibility areas in the Internal Orders component CO-OM-OPA.
Use
This authorization object lets you issue authorizations for the following actions within a CO-OM responsibility area for Internal Orders:
Maintain order master data
Manual order planning
Budget orders
Actions in the information system
You can issue each of the authorizations for one CO-OM responsibility area. If the order has a responsible cost center, the CO-OM responsibility area can be the order, the responsible cost center or a node of the standard hierarchy for Cost Center Accounting. If the order does not have a responsible cost center, the CO-OM responsibility area covers only the order itself.
Structure
The authorization object consists of the following fields:
Actions for the CO-OM authorization check
Order type
Internal order authorization: Authorization phase
Cost element
CO-OM responsibility area for authorizations
You can protect one or more of the following actions:
0001: Create master data
0002: Change master data
0003: Display master data
0008: Display change documents
0011: Release
0012: Undo release
0013: Complete technically
0014: Close
0015: Lock
0016: Unlock
0017: Set deletion flag
0018: Undo deletion flag
0019: Set deletion indicator
0020: Change user status
0030: Maintain settlement rule
0031: Maintain settlement parameters
1002: Create/change planning data
1003: Display planning data
1502: Change budget
1503: Display budget
3027: Select totals records
3028: Select line items
3029: Display extracts
If required, you can use authorization object K_ORDER as well as the other authorization objects for Internal Orders.
For more information, see the system documentation for authorization object K_ORDER.
[@more@]
Authorizations
Use
In Work Clearance Management, various authorization objects and authorization profiles are required.
For more information on the SAP authorization concept, see Users and Roles (BC-SEC-USR).
Features
The following table shows you the authorization objects and authorization profiles that are used in Work Clearance Management.
Authorization Objects
Authorization Object
Description
Authorization Field
(see also Legend)
Use
S_TCODE
Transaction code
(TCODE)
All transactions
I_BEGRP
Authorization group
(TCODE, BEGRP)
All WCM objects
I_INGRP
Planner group
(TCODE, IWERK, INGRP)
All WCM objects
I_IWERK
Planning plant
(TCODE, IWERK)
All WCM objects
I_SOGEN
Approvals
(SWERK, PMSOG)
All WCM objects
I_CONFLICT
Checks/Simulations
(IWERK, WC_CONFTYP)
Operational WCDs
I_WCUSE
Uses
(IWERK, OBJART, OBJTYP, WCUSE, AKTTYP)
All WCM objects
I_FCODE
Function codes
(IWERK, OBJART, OBJTYP, WC_FCODE)
All WCM objects
I_VAL
Valuation
(IWERK, VAL)
Order
Legend for the Authorization Fields
Authorization Field
Description
AKTTYP
Activity type (Create, change, display)
BEGRP
Authorization group
INGRP
Planner group
IWERK
Planning plant
OBJART
Object type (Work approval, Application, Work clearance document)
OBJTY
Object category (Work clearance application, additional application, WCD template, Operational WCD)
PMSOG
Approval
TCODE
Transaction code
VAL
Valuation
WC_CONFTYP
Conflict category
WC_FCODE
Function code
WCUSE
Use of WCM objects
Authorization Profiles
Authorization Profile
Description
I_WCM_ALL
All authorizations for Work Clearance Management
I_CONF_ALL
All authorizations for checks and simulations
I_FCODE_ALL
All authorizations for function codes
I_WCUSE_ALL
All authorizations for uses
I_VAL_ALL
All authorizations for the valuation
I_PM_ALL
All authorizations for Plant Maintenance (PM)
See also:
Electronic Signature

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/7868752/viewspace-1060674/,如需轉載,請註明出處,否則將追究法律責任。

相關文章