Hierarchy
⤷ CRM (Application Component) Customer Relationship Management
⤷ CRM_APPLICATION (Package) All CRM Components Without Special Structure Packages
⤷ NBAS (Package) Appl. development Hospital System master data, catalogs
IMG Activity
ID | ISH_BERECHT_CUST | Maintain Authorizations with the Profile Generator |
Transaction Code | S_KK4_74000428 | IMG Activity: ISH_BERECHT_CUST |
Created on | 19990816 | |
Customizing Attributes | ISH_BERECHT_CUST | Maintain Authorizations with the Profile Generator |
Customizing Activity |
Document
Document Class | SIMG | Hypertext: Object Class - Class to which a document belongs. |
Document Name | ISH_BERECHT_CUST |
The profile generator enables you to efficiently create authorization profiles and assign them to users. To be able to use the profile generator, you must configure the SAP System accordingly. For a detailed description of how to do this, read the Implementation Guide Section entitled Maintain Authorizations and Profiles Using Profile Generator. For more information, choose Basis Components -> Computing Center Management System (BC-CCM) -> Center Management System -> Users and Roles (BC-CCM-USR) -> Role Maintenance.
Use
The profile generator enables you to choose menu options from the enterprise menu, thereby combining a variety of transactions that are required for a particular activity in the hospital. This forms the basis of a role. The profile generator then generates an authorization profile containing all of the authorizations required to execute the selected transactions. This profile is saved as part of the role.
The system administrator then assigns the role to users who are automatically granted all authorizations for the selected transactions.
To ensure optimum security, it is important that only those organizational units required by a particular user be 'released' for him or her. The system administrator must maintain the relevant values in the authorization fields. To a great extent, the profile generator assumes this task. It recognizes which authorization fields represent organizational units and makes it possible to maintain these fields with the same values in all authorizations of a role.
The profile generator automatically maintains all of the remaining authorization fields. You can, however, modify the default values to satisfy the requirements of your hospital.
You can add further authorizations to a generated profile in response to customer-specific scenarios.
A role can also have several specific instances, for example, nursing staff who are to be granted authorizations for different care units. Such a role is known as a role with responsibilities. This role comprises a number of profiles that contain the same authorizations but with different authorization field values.
The profile generator also enables the
management of authorization profile validity. Consequently, you can schedule and efficiently put into practice changes in authorization assignment.
After you have created a role, you can assign a number of users to it using the profile generator. The profile generator automatically adds the corresponding authorization profile to the user master records.
Authorization Templates
You create or enhance a role using authorization profile templates. To do this, choose Edit -> Insert Authorizations -> From Template.... A number of templates are at your disposal.
Example:
SAP_USER_B basis authorizations for users contains the technical authorizations for the SAO System that each SAP user should have.
Predefined Roles
You can import pre-defined roles into the SAP System. You can download the relevant files from the Internet at http://www.saplabs.com/auth. This site contains predefined roles for SAP Basis and the applications SD, MM and FI. You can use them as templates when creating roles for your own company.
Authorizations for Transactions that Call Other Transactions
If you include a menu option with a transaction that calls another transaction in a role, the profile generator normally only grants authorizations for the first transaction called. In this way, you can finely tune the granting of authorizations and avoid authorizations being created inadvertently.
Differentiate Application-Specific and SAP Technical Levels
To keep the created profiles as simple and clear as possible, it is recommended that you create different roles for the application-specific and the SAP technical transactions. You can assign a user to several roles.
Example:
You create the role application user on the basis of the predefined profile S_EndUsBasis - enduser basis authorizations. You also create the role nurse containing the authorizations for the work required on the care unit. You assign both roles to all nurses. You can also use the first role for all other application users who do not require special SAP technical authorizations.
Example
Requirements
Standard settings
Recommendation
Activities
Further notes
Business Attributes
ASAP Roadmap ID | 209 | Establish Authorization Management |
Mandatory / Optional | 3 | Nonrequired activity |
Critical / Non-Critical | 2 | Non-critical |
Country-Dependency | A | Valid for all countries |
Assigned Application Components
Documentation Object Class | Documentation Object Name | Current line number | Application Component | Application Component Name |
---|---|---|---|---|
SIMG | ISH_BERECHT_CUST | 0 | HLB0100102 O I041002051 |
Maintenance Objects
Maintenance object type |
History
Last changed by/on | SAP | 19990816 |
SAP Release Created in |