In this section, you assign authorizations to the users of the QM application component.

Basic Information / How to Proceed

When functions are called, the system checks the
authorization objects contained in the programs to determine whether valid values are entered in the fields in these objects. If this is not the case, the system terminates processing. To give a user the required authorizations, you must carry out the following steps:

• You define the allowed values for the fields of an authorization object in the form of authorizations
• You then group the authorizations required to carry out a particular function together as authorization profiles
  You can also group together several profiles for a job description as composite profiles.
• You assign these profiles or composite profiles to a
  user master record.
• You must then activate the authorizations, profiles and composite profiles before they can be used.

Authorization administration

With the help of this multilevel concept, the administration of the authorizations can be distributed among several persons, to ensure that the authorizations will not be misused. For example, you can designate different persons to:

• Maintain the authorizations
• Maintain the profiles and composite profiles
• Activate the authorizations and profiles
• Maintain the user master records

Authorization levels

You can define various user authorization levels, depending on the project phase you are in and what requirements must be met in your company concerning data protection. The following levels may be appropriate:

1. At the beginning of the implementation phase, you can give your project team comprehensive authorizations. By doing this, you avoid the maintenance effort required to assign individual authorizations and you ensure that the testing of the system functions is not hindered by a lack of proper authorizations. For this purpose, the standard system contains predefined, comprehensive authorizations and profiles.
2. Before the transition to the productive phase, you define the tasks of the individual users or user groups on the basis of job descriptions and only assign profiles with which the users can perform the functions of their job. To do this, there are the following options and authorization levels:
1. You use the authorization generator. It generates the profiles on the basis of job descriptions that were previously defined in the standard system, with a minimum of maintenance effort. In most cases, this method of assigning authorizations is accurate enough for the system to be used productively. For more information, see the section Profile Generator in the Basis Implementation Guide.
2. You can create your own, detailed job descriptions and assign each job the exact authorizations that are needed. This procedure is described in more detail in the 'Environment' section, User Authorizations. For a general introduction to authorization maintenance see section Users and User Authorizations in the Basis IMG.

Note

You can find detailed information about using tools in the Basis section, subsection "Users and Authorizations" in the SAP library.

The OSS-System (SAP Online Software Service) also contains the following tips on authorizations:

• 82390 Generating the profile SAP_ALL
• 23342 Finding missing authorizations (SU53)
• 80210 Authorization generator

Standard settings

The profile SAP_ALL allows you to access all the functions of the SAP functions.
You use the profile Q_ALL contained in the standard system to give authorizations for numerous functions in the QM component.

You can use the following profiles to give comprehensive authorizations for Customizing:

• S_A.CUSTOMIZ Customizing (general)
• Z_CUSQM01 Customizing for the QM component
  Since the QM application component is closely integrated with the MM, PP, SD, PM and CO application components, settings made in Customizing also affect these components. To make the relevant settings, you can:
• Assign the comprehensive profile S_A.CUSTOMIZ to the person responsible for Customizing your system
• Assign the corresponding profile Z_CUSxx01 to the person responsible for the QM component (where xx = MM, PP, SD, PM or CO)
• Contact the person responsible for Customizing in the relevant components

Activities

1. Determine which type of authorization management is useful for your company in general and your quality management processes in particular.
2. Make sure that the system administration for the QM project team gives the required global authorizations.