7-authorization concept for sap student lifecycle management
TRANSCRIPT
Authorization Concept for SAP Student Lifecycle Management
Applies to: SAP Student Lifecycle Management EHP 3
Summary This document provides a basic overview on the Authorization Management in Student Lifecycle Management. It should be used as additional document to the relevant implementation guideline for Student Lifecycle Management.
Author(s): Jeroen Boeracker
Company: SAP AG
Created on: 03 March 2008
Author Bio Jeroen Boeracker works as a developer for Student Lifecycle Management at SAP AG.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 1
Authorization Concept for SAP Student Lifecycle Management
Table of Contents Introduction .........................................................................................................................................................3 Overview.............................................................................................................................................................3 1. Roles...............................................................................................................................................................4 2. Basic Authorizations .......................................................................................................................................5 3. Context Sensitive Authorizations....................................................................................................................5 4. Structural Authorizations.................................................................................................................................6
4. 1 Evaluation Paths ......................................................................................................................................6 4. 2 Organizational Structure ..........................................................................................................................7
5. Customizing ....................................................................................................................................................8 5.1 Required step (general): ........................................................................................................................................8 5.2 Required steps within the maintenance of structural authorizations: .....................................................................8
6. Creation of Contract Account Data.................................................................................................................9 7. Customer Enhancements ...............................................................................................................................9 8. Examples ......................................................................................................................................................10
Example 1 ..................................................................................................................................................................10 Example 2 ..................................................................................................................................................................11 Example 3 ..................................................................................................................................................................11
9. Frequently Asked Questions ........................................................................................................................12 10. Authorization Objects..................................................................................................................................12
10.1 Important Authorization Objects.........................................................................................................................12 10.2 Authorization Trace............................................................................................................................................13 10.3 Additional Information for developers.................................................................................................................13
11. Additional Information.................................................................................................................................14 11.1 Student File ...........................................................................................................................................14 11.2 Student Master Data .............................................................................................................................15
11.2.1 Automatic creation of contract account and contract object master records ...................................................16 11.3 Function Modules for structural authorizations .....................................................................................16 11.4 Tables relevant for authorization...........................................................................................................16
Related Content................................................................................................................................................16 Copyright...........................................................................................................................................................17
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 2
Authorization Concept for SAP Student Lifecycle Management
Introduction The intention of this document is to provide a reference for consultants to set up and verify roles and authorizations for Student Lifecycle Management. Readers of this document need to be familiar with the SAP Authorization Concept and also with the Student Lifecycle Management Product
Overview Authorizations checks in Student Lifecycle Management are based on HCM Basic Authorization and Structural Authorization.
• Basic authorization determines whether a user is allowed to execute a certain function.
• Structural authorization determines the objects for which the user is allowed to execute this function.
In other words, the basic authorization defines what function the user is allowed to use, and the structural authorization defines for which objects the user is allowed to use this function.
Examples:
• With basic authorization you can allow a user to perform the activity to create a module booking
• With structural authorization you can restrict this activity to modules that are offered by the faculty of Mathematics (The user can then access these modules whenever required
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 3
Authorization Concept for SAP Student Lifecycle Management
1. Roles The following roles delivered in the SAP Standard are relevant for Student Lifecycle Management. The roles can be maintained using transaction PFCG.
Student Lifecycle Management specific roles
Composite role Description
SAP_CM_ADM_COORDINATOR Admission Coordinator
SAP_CM_ADM_OFFICER Admission Officer
SAP_CM_ASM_COORDINATOR Assessment Coordinator
SAP_CM_ASM_OFFICER Assessment Officer
SAP_CM_STREC_COORDINATOR Student Records Coordinator
SAP_CM_STREC_OFFICER Student Records Officer
Single role Description
SAP_CM_ADMOFF_STUDYDATA Activities for the Admission Officer
SAP_CM_ADMREGDATA_DISP Display Study Data
SAP_CM_ASMCO_ADDACT Additional Activities for the Assessment Coordinator
SAP_CM_ASMDATA_DISP Display Progression and Grades
SAP_CM_ASMOFF_ACT Activities for the Assessment Officer
SAP_CM_STMASTERDATA_DISP Display Student Master Data
SAP_CM_STMASTERDATA_MAINT Edit Student Master Data
SAP_CM_STRCO_ADDACT Additional Activities for the Student Records Coordinator
SAP_CM_STROFF_ACT Activities for the Student Records Officer
SAP_CM_APLIC_ADM_ACT_US Activities for the Application Administrator (US)
SAP_CM_ALL Student Lifecycle Management
SAP_CM_REGIST Activities in the Registration Environment
SAP_CM_STUDENTMASTER Student Master Data Maintenance
SAP_CM_MODULEBOOK Module Booking
SAP_CM_ADMIN_ACAD_STRUCTURE Academic Structure Administrator (internal)
Other relevant roles
SAP_CA_NO_NOTIFVIAWEB_EXT General Notification Creation on Web
SAP_CA_NO_NOTIFVIAWEB_INT Creation of General Notifications on the Web – Link
SAP_CA_NO_NOTIF_GENERAL General Notification Processing
SAP_CA_NO_NOTIF_ISR Creation of an Internal Service Request
SAP_FI_CA_ACCOUNT_MAIN_REVERS Account maintenance
SAP_FI_CA_ADMIN_POSTING Administrative Postings
SAP_FI_CA_BUSINESS_PARTNER Master Data for Contract Partner
SAP_FI_CA_CONTRACT_ACCOUNT Master Data Contract Account
SAP_FI_CA_MANUAL_POSTINGS Manual Postings
SAP_FI_CA_MASTER_DATA_ADMINIST Master Data Administration
SAP_FI_CA_PARTNER_ACCOUNT_INFO Information for Business Partner Account
SAP_FI_CA_PAYMENTS_AT_CASHDESK Cash at desk
SAP_FI_CA* Further FI-CA Roles
SAP_FMCA_CA_ALL Basic Role for IS-PS-CA with all transactions and general authorizations.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 4
Authorization Concept for SAP Student Lifecycle Management
SAP_HR_PE_TRAININGMANAGER Training Manager
SAP_HR_PE_TRAININGADMIN Training Administrator
SAP_BC_ENDUSER: Uncritical basis authorizations for all users
2. Basic Authorizations There are three important authorization objects within Student Lifecycle Management:
• S_TCODE
• PLOG
• P_CM_PROC
S_TCODE checks whether a user is allowed to start a given transaction. Every time the user starts a menu command or a transaction code using the command line, the roles assigned to the user are checked to see whether the user has the authority to execute this transaction.
PLOG checks whether a user is allowed to read, write or insert specific HR Infotypes.
P_CM_PROC checks whether a user has the authority for a specific Student Lifecycle Management process.
The Student Lifecycle Management authorization concept has the following advantages:
• Simplified authorization assignment
• Distinctions between read, change and create operations
3. Context Sensitive Authorizations Context sensitive authorizations for Student Lifecycle Management include the following ones:
P_CM_PROC: Field Value
PIQPROCESS AD* PIQPROFL Not relevant
PLOG_CON – F1 Help:
• NOTE: Do NOT use this authorization object. It does not work.
• This object is used by the authorization check for personnel planning data.
P_ORGINCON – F1 Help:
• HR Master Data with context authorization object (P_ORGINCON) is used in the authorization check for personnel data. This check takes place when HR Infotypes are edited or read.
• This authorization object consists of the same fields as the P_ORGIN authorization object and now includes the new PROFL field (structural profile). A check using this object enables customer-specific contexts to be mapped in HR Master Data.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 5
Authorization Concept for SAP Student Lifecycle Management
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 6
4. Structural Authorizations Structural authorization enables you to define the set of objects the user is authorized to process. You determine these objects using evaluation paths. You can define whether the user should only be given a display authorization for these objects or a maintenance authorization as well.
When basic and structural authorizations are used, the user profile is an intersection of the structural profile and the basic profile.
4. 1 Evaluation Paths
An evaluation path is an instruction for the system which determines which object types and relationship(s) are to be included in an evaluation of the organizational plan.
It describes the chain of relationships that exist between objects in a hierarchical structure. The report takes into account only the objects that lie along the specified evaluation path.
Authorization Concept for SAP Student Lifecycle Management
4. 2 Organizational Structure
One or more relationships are then used as “navigation paths" for evaluating structural information in your organizational plan (relating to the organizational or reporting structures) or matrix organization.
The sequence of the relationships included in the evaluation path is decisive in how the results of the evaluation are displayed.
Diagram of an organizational structure using objects and relationships
Note: As functions of other applications areas (Training and Event Management, Notification Processing) as well as Student Accounting are integrated into Student Lifecycle Management, users also need authorizations for these areas.
Note: Student Lifecycle Management contains a number of single roles which you can combine with the roles of other application areas to create composite roles. You can either assign a composite role or individual roles to users.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 7
Authorization Concept for SAP Student Lifecycle Management
5. Customizing The following customizing activities are relevant for setting up authorizations in Student Lifecycle Management:
• Cross Application -> SAP Business Partner -> Business Partner -> Basic Settings -> Authorization Management
• Financial Accounting -> Contract Accounting -> Basic Functions -> Contract Accounts -> Field Modifications -> Define Field Groups for Authorization Check
• Financial Accounting -> Contract Accounting -> Basic Functions -> Contract Object -> Authorization Management
• Student Lifecycle Management -> Basic Settings -> Authorizations
5.1 Required step (general):
1. Analysis of required roles in the university
2. Analysis of the authorizations needed for these roles
o Selection of the required authorization objects
o Selection of the required transactions
o Selection of the required Infotypes
o Creation of Contract Account Data
3. Compare the roles delivered by SAP and see how they fit the defined requirements
4. Customize the roles using transaction PFCG
5. Assign the roles to the users
5.2 Required steps within the maintenance of structural authorizations:
1. Analysis of the organizational assignment of the members in the university
2. Analysis of structural authorizations needed for these members
a. Selection of the required restriction within the organization
b. Selection of the required evaluation paths
3. Compare the paths delivered by SAP and see how they fit the institution’s requirements
4. Customize the paths using transaction OOAW
5. Customize the structural profiles using transaction OOSP
6. Assign the customized structural profiles to the user
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 8
Authorization Concept for SAP Student Lifecycle Management
6. Creation of Contract Account Data Contract Account and Contract Object Master records can be created automatically after creating a Student Master Record
Role SAP_CM_ACCOUNT_DATA_UPDATE is provided for automatic creation of account data. There are two ways to create account data that is customized in T7PIQSWITCH with key STUDACCT+ UPDRFCDEST.
• If no value is maintained, the user will be used to create account data
• If a RFC destination is specified for this value, the user maintained in this RFC destination (called technical user) is used:
o No Technical User: The user itself should have role SAP_CM_ACCOUNT_DATA_UPDATE.
o Technical User: The user itself doesn’t need role SAP_CM_ACCOUNT_DATA_UPDATE but the technical user needs it.
Please check role SAP_CM_ACCOUNT_DATA_UPDATE for the authorization objects.
7. Customer Enhancements BAdIs for additional authorization checks
• HRPIQ00_ST00_TAB: Additional authority checks for tab page in student file
• HRPIQ00AUTHORITY: Additional authority checks for Student Lifecycle Management activities
• HRBAS00_STRUAUTH: Additional authority checks for structural authorizations
• HRBAS00_GET_PROFL: Determine user profile for structural authorizations
Authority Checks for BDT Objects:
• For the BP, Contract Account and Contract Object Master Records additional authorization checks can be implemented using the event AUTH1 of the BDT Toolset. Further information can be found in the developer guide for the BDT toolset in the SAP online documentation.
Function Modules for Authorization Checks
• HRIQ_PROCESS_AUTHORITY_CHECK: Checks authority object P_CM_PROC
• HRIQ_BASE_AUTHORITY_CHECK: Checks authority object PLOG
• HRIQ_STRU_AUTHORITY_CHECK: Checks Structural authorization, optional PLOG
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 9
Authorization Concept for SAP Student Lifecycle Management
8. Examples The organizational and academic structure described here is the basis for the following examples
• Organizational Structure with several hierarchies
• University (academic top org unit) -> School -> Department -> Faculty
• HR Positions are linked to the organizational units, the position of the Employees (P) are assigned to HR positions (S)
• User (US) is linked with the employee (P) by maintaining Infotype Communication (0105), Subtype System user name (0001) for the employee (P) in transaction PA30.
• Departments offer Programs of Study (SC) and specializations (CG)
• Faculties offer modules (SM)
• Advisors are assigned to student records directly.
Example 1
A faculty administrator is allowed to view personal data and address data, but not allowed to view fee calculation data, bank details and payment cards.
An accounting clerk is allowed to see all from above and additional fee calculation data, bank and payment card details.
Configuration:
To enable correct authorizations the corresponding authorization profiles can be created with the profile generator (TCode PFCG).
For the faculty administrator following authorizations objects are relevant:
• S_TCODE, Transaction code PIQST00
• PLOG, Infotype Personal data (1702)
• B_BUPA_FDG, Address data (BP fields groups 0062 – 0080, 0092 – 0095, 0115, 0120, 0122 – 0128, 0139 – 0149)
For the accounting clerk, the same authorizations as above are needed. Additional following authorizations objects are relevant:
• PLOG, Infotype Fee calculation data (1706)
• B_BUPA_FDG, Bank data (BP field group 0009)
• B_BUPA_FDG, Payment cards (BP field group 0020)
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 10
Authorization Concept for SAP Student Lifecycle Management
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 11
Example 2
A faculty member needs to maintain module data for all modules offered by the department. Additionally s/he needs to display all modules for students that are enrolled to a program offered by his/her department.
Configuration:
To determine the root object of the structural authorization, function module RH_GET_ORG_ASSIGNMENT is used. In this case, the function module determines the root organizational unit of the faculty member.
This is done by evaluating the infotype Communication (0105), Subtype System user name (0001) of the user. Via this infotype the personnel number is derived.
With the personnel number, you have the object Person (P) which you can use to derive the Position (S) and the Organizational Unit (O).
From the organizational unit, you can use two evaluation paths to derive the objects described in the case.
Two new authorization profiles (TCode OOSP) are required:
• One for maintaining the modules offered by the department of the faculty member
• One for displaying all modules for students that are enrolled to a program offered by the department of the faculty member.
Example 3
Each of the profiles needs an evaluation path (TCode OOAW) to find the correct objects. Alternatively the choice could be made to integrate the two entries into one profile. The best solution can only be determined when all requirements for authorizations are known.
Evaluation Path O-SM
Evaluation Path O-ST-SM
After this has been done, the user has to be assigned to the profiles (TCode OOSB).
Authorization Concept for SAP Student Lifecycle Management
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 12
9. Frequently Asked Questions If a registrar is taking a class at the university, how do you prevent him from accessing his own record?
Create a new profile for structural authorization (TCode OOSP):
Use the function module HRIQ_GET_STUDENT_FROM_USER to retrieve the object ID of the registrar. Assign this profile to the registrar (TCodeOOSB):
By checking the checkbox, the statement is inversed. This means the Registrar would not be able to see a student with the object ID determined in the first step. Beware! If you assign this profile to SAP*, no one would be able to see his own data!
10. Authorization Objects
10.1 Important Authorization Objects Authorization Object Description Area Comment
S_TCODE Transaction Code Check at transaction Start
Basis SLCM transactions follow name convention PIQ* .
PLOG Personnel Planning, Infotypes SLCM, Organizational Management, Training and Event Management
SLCM Infotypes are in the area 1700 – 1799.
P_CM_PROC Student Lifecycle Management Activities
Student Lifecycle Management
SLCM activities are defined in system table T7PIQPROCESS (descriptions in table T7PIQPROCESST)
B_BUPA_RLT Business Partner: BP Roles Business Partner Master Record
SLCM uses BP Roles PSCM10 (Student), MKK (Contract Partner), PSCI10 (Related Person)
B_BUPA_FDG Business Partner: Field Groups Business Partner Master Record
Field Groups relevant for authorizations must be maintained in Customizing
B_BUPA_GRP Business Partner: Authorization Groups
Business Partner Master Record
Refers to field Authorization Group in BP Master
B_BUPA_ATT Business Partner: Authorization Types
Business Partner Master Record
B_CCARD Payment Cards Business Partner Master Record
B_CARD_SEC Encryption Card Master Business Partner Master Record
F_KKVK_VKT Contract Account Category Contract Account Master Record
F_KKVK_FDG Contract Account Field Groups Contract Account Master Record
Field Groups relevant for authorizations must be maintained in Customizing
F_KKVK_BEG Contract Account Authorization Group
Contract Account Master Record
Authorization Concept for SAP Student Lifecycle Management
F_KKVK_BUK Contract Account: Company Code Contract Account Master Record
F_KK_LOCK Business Locks Contract Account Master Record
F_KK_FCODE GUI functions in Contract Account Master Data
Contract Account Master Record
F_KK* Several authority objects Contract Accounting
F_PSOB_ATT Contract Object Authorization Types Contract Object Master Record
F_PSOB_BEG Contract Object Authorization Group Contract Object Master Record
F_PSOB_FDG Contract Object Field Groups Contract Object Master Record
Field Groups relevant for authorizations must be maintained in Customizing
F_PSOB_VGT Contract Object Type Contract Object Master Record
P_CM_AUDIT Audits Degree Audit Includes Authorization field PIQAUDRTY which represents the execution modes which have to be chosen before executing an audit
P_CM_AUDCT Requirement Catalogs Degree Audit
P_PRWBENCH Print Workbench Correspondence
G_GB90_ Validation/Substitution/Rules: Rules VSR
G_GB92_ Validation/Substitution/Rules: Substitution
VSR
G_GB93_ Validation/Substitution/Rules: Validation
VSR
S_APPL_LOG Application Log Basis The application log is used for many SLCM reports
10.2 Authorization Trace
Transaction SU53 can be used to display the last failed authorization check
Transaction ST01 can be used to run an authorization trace.
10.3 Additional Information for developers
Transaction SU21 shows authorization classes and objects
Transaction AUTH_DISPLAY_OBJECTS display objects in a hierarchy.
Authorization objects that are created exclusively for Campus Management are grouped in the authorization object class CM.
Authorization objects for the Business Partner are allocated to the authorization object class AAAB.
Authorization objects for FI-CA and IS-PS-CA are allocated to the authorization object class FI.
Roles are client-dependent and are therefore delivered from the customizing client.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 13
Authorization Concept for SAP Student Lifecycle Management
11. Additional Information
11.1 Student File
The following table gives an overview of the authorizations required for the tab page.
Tab Page Tab Page Description (Standard) Required Authorizations for display
(PLOG for Infotypes)
Required Authorizations for activities
ACTDOC Activity Documents Struct. Auth. on objects (SC etc).
Authority object P_CM_PROC
ADMIS Admisson Infotype 1001 / Subtype *530; 1001 / *514; 1001 / *517
Activities AD*
APPLICS Requests Infotype 1001 / Subtype *504 Not applicable
CATALOGS Catalogs Infotype 1778 Function Codes for Infotype 1778
CONFERQ Qualifications Infotype 1001/ Subtype *532 Activities CQ*
CORR Correspondence Authority object P_CM_CORRRC
Authority object P_CM_CORRRC
GENERAL General Data Infotype 1770, 1780; 1001 / Subtype *515;
Function Codes for Infotype 1780
HOLDS Blocking Notes Infotype 1728 Function Codes for Infotype 1728
MAJMIN Specializations Infotype 1001 / Subtype *516; Activities CB*
PROG_GR Program Type Progression Infotype 1737 Activities PG*
PROG_PR Program Progression Infotype 1772 Not applicable
REGIST Registration Infotype 1769, 1770,1771, 1001 / *513; 1001 / *514; 1001 / *517
Activities R*
STATUS Status Infotype 1728 Function Codes for Infotype 1728
Navigation to Function Required Authorizations
Student -> Create/Change/Display Transaction Code PIQSTD/M/C
Student -> Death Object P_CM_PROC / Act. DE01 – DE03
Edit -> Change Maintenance Dialog Transaction Code PIQST10
Goto -> Account Balance Not applicable
Goto -> Payment at Cash Desk Transaction Code PFCJ
Goto -> Fee Calculation Transaction Code PQ_FEE_CALC
Goto -> Program Content Activity MB04
Goto -> Equivalency Determination Transaction Code PIQED
Goto -> Ac. Work Overview Object P_CM_PROC / Activity AW04
Goto -> Note Overview Display Infotype 1707
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 14
Authorization Concept for SAP Student Lifecycle Management
11.2 Student Master Data
The following table gives an overview of the authorizations required for the tab pages. Tab Page Tab Page Description(Standard) Required Authorities
PIQ1702 Personal Data Infotype 1702
PIQ1703 Challenge Infotype 1703
PIQ1704 Additional Data Infotype 1704, 1701
PIQ1706 Fee Calculation Data Infotype 1706
PIQ1718 Jobs Infotype 1718
PIQALUMN Alumnus Infotype 1001/ Subtype *541
PIQBANK Bank Data BP Field Group 0009
PIQBPADD Standard Address BP Field Groups 0062-0089, 0092-0095, 0115, 0120, 0122-0128, 0139 – 0149
PIQBPADO Address Overview BP Field Groups 0060
PIQBPADU Address Usage BP Field Groups 0061
PIQBPIDN Identification No. BP Field Groups 0016, 0021
PIQCTOBJ Contract Objects BP Field Group 1532
PIQEXGR Ext. Achievements Infotypes 1719, 1721
PIQGRANT Sponsor Data BP Field Group 1324
PIQPAYMC Payment Cards BP Field Group 0020
PIQRELP Related Persons Infotype 1001/ Subtype *521
PIQSTUDY Ind. Study Data Infotypes 1705, 1001/*502, 1001 / *515
PIQVISA Visa/Residence Data Infotypes 1711/ 1712 Tab pages are hidden if the user is not authorized to display any field or Infotype on the tab page.
Navigation to Function Required Authorizations
Student -> Student File Transaction Code PIQST00
Goto -> Enhanced Object Description Transaction Code PP01
Goto -> Maintain Business Partner Transaction BP is not checked
Goto -> Note Overview Infotype 1707
Goto -> Account Balance Not applicable
Goto -> Account Data Transaction Code CAA*
Utilities -> Change Student Number Transaction Code PIQSTU1
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 15
Authorization Concept for SAP Student Lifecycle Management
11.2.1 Automatic creation of contract account and contract object master records The role SAP_CM_ACCOUNT_DATA_UPDATE is provided for automatic creation of account data. There are two ways of creating account data that is customized in T7PIQSWITCH with key STUDACCT + UPDRFCDEST.
• If no value is maintained, the user itself will be used to create account data; • If a RFC destination is specified for this value, the user maintained in this RFC destination is used,
we call it Technical User: o No Technical User: The user itself should have role SAP_CM_ACCOUNT_DATA_UPDATE. o Technical User: The user itself doesn’t need role SAP_CM_ACCOUNT_DATA_UPDATE.
But the technical user needs it. • Please check role SAP_CM_ACCOUNT_DATA_UPDATE for the auth. Objects.
11.3 Function Modules for structural authorizations
Function group RHGO contains function modules that are useful for the maintenance of structural profiles
Function Module Description
RH_GET_ORG_ASSIGNMENT Get organizational assignment of user (via employee, position)
RH_GET_PERSON_FROM_USER Assignment of a User to a Personnel Number
11.4 Tables relevant for authorization
Table Comment
T7PIQPROCESS System table. Contains CM activities. Used in authorization object P_CM_PROC
TB031 Customizing table. Authorization relevant field groups for BDT objects
Related Content Please also visit the BPX discussion forum for general questions on Student Lifecycle Management
• https://www.sdn.sap.com/irj/sdn/forum?forumID=258
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 16
Authorization Concept for SAP Student Lifecycle Management
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 17
Copyright © Copyright 2008 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
These materials are provided “as is” without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials.
SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages.
Any software coding and/or code lines/strings (“Code”) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent.