0

SAP AG 2003
Authorization Concept
Working with Roles
Contents:
Authorization Management
SAP AG AC275 10-1
0.2
SAP AG 1999
Explain and maintain the authorizations for Travel
lanning
At the conclusion of this unit! "ou will #e a#le to:
Authorization Management: $nit %#&ectives
SAP AG AC275 10-2
0.3
SAP AG 2003
Course %verview
%verview of Travel lanning
Entr" and Approval of
Travel Re'uests and lans
(ntegration of Travel lanning and
Travel Expenses
R)C *estination
Travel lanning Master *ata
+tructure of Enterprise,+pecific
Travel olic"
Reproduction of Agreements with
Travel +ervice roviders
rocess Control
Authorization Management
Reporting
Conclusion
Course %verview *iagram
SAP AG AC275 10-3
0.4
SAP AG 1999
The travelers in "our enterprise can #ook the travel
services for their trips themselves #ut the" can not
approve travel plans- .ou have to assign the
relevant authorizations-
Authorization Management: /usiness +cenario
SAP AG AC275 10-4
0.5
SAP AG 2003
rofile
generator
Create! displa"
or change
roles
Authorizations
$ser,specific menu
Assignment to users
rofile 0enerator: Managing Authorizations
You use the profile generator to generate and anage roles! "hi#h #ontain spe#ifi# sets of
authori$ations% &oles are also lin'ed to role-spe#ifi# enus that #ontain onl( the fun#tions that the
users of this role re)uire% *his siplifies na+igation and a'es it easier to #all the enu options that
the user needs ost fre)uentl(%
You assign users to roles that ha+e alread( ,een set up% -hen users #all the s(ste! the appropriate
enu is offered and the( ha+e all the rele+ant authori$ations%
SAP AG AC275 10-5
0.6
SAP AG 2003
Roles: Authorization Concept
Call Maintain Role screen: Authorizations
Creating authorizations and authorization profiles
.sing the profile generator! (ou #an #reate authori$ations autoati#all( on the ,asis of the enu
fun#tions #hosen ,eforehand% /o"e+er! the profile generator #annot propose suita,le default +alues
for all authori$ations of all enterprises% *herefore! anual post-pro#essing ,( the authori$ations
adinistrator in #ooperation "ith the rele+ant departents and the re+ision departent is usuall(
ne#essar(% 0( using organi$ational le+els (ou #an aintain larger nu,ers of authori$ation fields at
one tie and siplif( anual pro#essing #onsidera,l(%
-hen the authori$ations ha+e ,een aintained a##ording to the #opan(1s re)uireents! the
authori$ation profile #an ,e generated% *he authori$ations do not ta'e effe#t until then% A profile #an
#ontain a a2iu of 150 authori$ations% 3f this nu,er is e2#eeded! the profile generator
autoati#all( #reates ore profiles for the role% *he profile nae 4note no% 154556 #onsists of 12
#hara#ters! of "hi#h the first 10 #an ,e #hanged during initial generation7 the reaining t"o
#hara#ters are used as #ounters% You #annot use an underline s(,ol 486 for the se#ond #hara#ter of
this nae%
0( #li#'ing a field that is #ir#led! (ou #an #all the s#reen sho"n on the ne2t slide%
SAP AG AC275 10-5
0.7
SAP AG 2003
Roles: Maintaining Authorizations
*he se#tion of the authori$ation profile sho"n a,o+e for the Travel Management Administrator role
is an e2aple of pregenerated SAP profiles%
You #an #hange these authori$ations to suit (our enterprise1s re)uireents%
SAP AG AC275 10-7
0.8
SAP AG 1999
)ield
1alues 2Examples3
AUTHC Authorization level
AUTHP Personnel number check
U!"S Com#an$ co%e
!&ST' Cost center
P("SA Personnel area
P("SG (m#lo$ee )rou#
P("S! (m#lo$ee sub)rou#
PT*U& (m#lo$ee )rou#in) +or Travel ,an-
./S!1 &r)anizational ke$
Meaning
R! W! /
%
4
4
4
4
4
4
4
)5TRA16
Authorization %#&ect for Travel lanning
2)5TRA163
*o #ontrol a##ess rights to o,9e#ts in *ra+el Planning (ou ha+e the authori$ation o,9e#t: Travel
Planning 4:8*&A;<6%
*he authori$ation o,9e#t Travel Planning #ontains = fields 4prote#ted s(ste eleents6! in "hi#h (ou
#an assign authori$ations 4+alues6% *he +alues "ithin a field are #he#'ed in an >& lin'% *he +alues
,et"een fields are #he#'ed in an A?@ lin'%
You #an define an( nu,er of authori$ations for ea#h authori$ation o,9e#t! ,( storing a set of
perissi,le +alues for the fields in an o,9e#t%
A user #an onl( #arr( out a#tions for *ra+el Planning if the authori$ation #he#' is su##essful for
hiAher for e+er( field stored in the o,9e#t%
*he +alues for authori$ation fields 0.B&S! B>S*<! PC&SA! PC&SG! PC&SB and ;@SB1 #oe
fro infot(pe 0001 4Organizational Assignment67 the +alue for field P*D.> is filled fro the
entries in infot(pe 0017 4Travel Privileges6%
*he fields A.*/P and A.*/C are e2plained on the ne2t slide%
SAP AG AC275 10-E
0.9
SAP AG 2003
ersonnel num#er check
%
E
4
%wn personnel num#er onl"
All personnel num#ers except own
All personnel num#ers
)ield A$T7 1alues
Authorization level
R
Read 2displa" travel plans3
W
A
/
C
8
Maintain R9: data
2create9change travel plans3
Approve travel plans
/ook in connected
reservation s"stem
/ook approved trips in the
connected reservation s"stem
0enerate example trips 28uicklan3
1alues )ield A$T7C
)ields A$T7 and A$T7C
4 All operations
*he A.*/C (authorization level6 field deterines the fun#tions in *ra+el Planning for "hi#h the
user has authori$ation% You ha+e to enter ea#h of the re)uired +alues indi+iduall(% ?one of the +alues
#ontain other +alues autoati#all(%
-hen *ra+el Planning is #alled! the s(ste first #he#'s to see if at least a read authori$ation e2ists
4authori$ation le+el &6% 3f so! ore detailed authori$ation #he#'s ta'e pla#e "ithin the transa#tions%
You #an use the A.*/P 4personnel number check6 field to #ontrol "hether a user a( onl( fulfill
tas's in *ra+el Planning for hisAher o"n personnel nu,er or for other spe#ifi# personnel nu,ers%
*he follo"ing +alues #an ,e assigned in this fieldF
> >nl( the user1s o"n personnel nu,er a( ,e aintained7
C2apleF de#entrali$ed #on#ept
C All personnel nu,ers apart fro the user1s o"n a( ,e aintained7
C2apleF
@epartent se#retar(
G All personnel nu,ers a( ,e aintained7
C2apleF #entral #on#ept
3f (ou "ant to define the #hara#teristi# O or E for a user in the Personnel number check authori$ation
field, (ou ust alread( ha+e entered the lin' ,et"een the personnel nu,er and the rele+ant user in
infot(pe Communication (!"#, su,t(pe $%&stem user name %AP %&stem$ (!#'
SAP AG AC275 10-=
0.10
SAP AG 2003
Roles: Assignment to $sers
Prerequisite 0efore (ou #an assign users! the( ha+e to alread( e2ist in the s(ste% :or ore
inforation! see Create and maintain user master records 4Push,uttonF (n)ormation6%
User: >n the *ser ta, page! (ou enter the users to "ho the roles or the rele+ant authori$ation
profiles are to ,e assigned%
Selection: You #an displa( a ultiple sele#tion list of the e2isting users in the s(ste ,(
#hoosing %election%
Caution ?e+er enter generated profiles dire#tl( in the user aster re#ord
4*ser maintenance *ransa#tion6%

User synchronization: You #an enter the profile autoati#all( in the respe#ti+e user aster re#ords
,( #hoosing *ser s&nchronization'
*he authori$ation data is alread( full( aintained for all user roles in the standard SAP S(ste% *he
+alue 1G1 has ,een entered in all #ustoer-spe#ifi# +alue fields! su#h as #opan( #ode! plant! and also
authori$ation groups and soe other authori$ation fields% *his ena,led us to pregenerate usa,le
authori$ation profiles%
SAP AG AC275 10-10
0.11
SAP AG 2003
,enu ,enu ,enu ,enu ,enu ,enu
0 Travel manager
0 7R master data
relevant
to Travel
lanning
0 7R master
data relevant to
Travel Expenses
0 Travel manager
0 7R master data
relevant
to Travel
lanning
0 7R master
data relevant to
Travel Expenses
0 lanning
manager
0 Travel
expenses
manager
0 7R master data
relevant
to Travel
lanning
0 7R master
data relevant to
Travel Expenses
0 Approval
of trips
0 (nformation
s"stem
0 All options
in Travel
Management
menu
Traveler Travel
Assistant
Travel Man-
Administrator
Approving
Manager
0 Trip
advances
Travel
Manager
Trip Advance
a"er
Travel Management Roles: Menus
.sers of the SAP S(ste ha+e to ,e assigned to a role +ia the profile generator to "or' "ith user!
spe"ifi" or #or$pla"e!related %enus%
*he *ra+el Hanageent roles sho"n a,o+e are pregenerated in the standard s(ste and #an ,e
#opied and odified% *hese roles in#lude the follo"ingF
*ra+eler SAP8:38*;8*&A;C<C&
*ra+el assistant SAP8:38*;8*&A;C<8ASS3S*A?*
*ra+el adinistrator SAP8:38*;8A@H3?3S*&A*>&
Appro+ing anager SAP8:38*;8HA?AGC&8GC?C&3C
Pa(er of trip ad+an#es SAP8:38*;8A@;A?CC8PAYC&
*ra+el anager SAP8:38*;8*&A;C<8HA?AGC&
*he role-spe#ifi# enus for the roles are sho"n a,o+e% You #an sho" the role-spe#ifi# enu on the
initial s#reen of the SAP S(ste ,( #hoosing *ser menu if the role has ,een assigned to (our user%
SAP AG AC275 10-11
0.12
SAP AG 1999
Explain and maintain the authorizations for Travel
lanning
.ou are now a#le to:
Authorization Management: $nit +ummar"
SAP AG AC275 10-12