Hierarchy
BBPCRM (Software Component) BBPCRM⤷
CRM (Application Component) Customer Relationship Management⤷
CRM_APPLICATION (Package) All CRM Components Without Special Structure Packages⤷
QI (Package) QM IMG and area menu
IMG Activity
| ID | OLQU-B | Define User Authorizations |
| Transaction Code | S_ALR_87004728 | IMG Activity: OLQU-B |
| Created on | 19981222 | |
| Customizing Attributes | OLQU-B | Define user authorizations |
| Customizing Activity | OLQU-B | Define user authorizations |
Document
| Document Class | SIMG | Hypertext: Object Class - Class to which a document belongs. |
| Document Name | OLQU-B |
In this section, you assign detailed authorizations and authorization profiles to the users of the QM component.
These supplement or replace the general authorizations that you assigned to the project team in the Basic Settings at the start of the implementation project.
This description applies if you maintain the authorizations and profiles manually. There are three steps to this procedure:
- Maintaining the authorizations
- Maintaining the authorization profiles and collective profiles
- Maintaining the user master records
If you have opted to use the profile generator, use the relevant description.
Requirements
You must have defined a higher-level authorization administration for your company:
- You have designated a head administrator to manage the user authorizations.
- You have determined whether an authorization administration needs to be created for quality management.
If applicable, you have defined these positions and made sure the head administrator has assigned the necessary QM authorizations to these positions.
- You have determined whether you want to have separate administrators for:
- The maintenance of authorizations and profiles
- The activation of authorizations and profiles
- The maintenance of user masters
Recommendation
- Consolidate the authorization functions. Create decentralized responsibilities, only as far as is advisable for the size of your company and its security requirements.
First step: Maintaining the authorizations
Authorization objects
The authorization objects contained in the programs and the fields in these authorization objects (to which you assign values when maintaining the authorizations) provide the basis for defining the authorizations.
Comprehensive authorization objects:
Functions for... authorization object
Table maintenance authorization S_TABU_DIS
Transaction authorization Q_TCODE
Material authorization Q_MATERIAL
Authorization objects for maintaining the master data:
Functions for... authorization object
Catalog maintenance
- Code groups Q_CAT_GRP
- Selected sets Q_CAT_SSET
Insp. method based on status Q_STA_QMTB
Insp. charac. based on status Q_STA_QPMK
Inspection plan maintenance Q_ROUT
Plan characteristics according to
Task list type Q_PLN_FEAT
Access to QM master data Q_MASTERD
Authorizations for inspection processing:
Functions for... authorization object
Insp. type for insp. lot Q_INSPTYPE
Usage of codes from catalogs
- Group codes Q_GP_CODE
- Usage decision code Q_UD_CODE
Inventory postings Q_STCK_CHG
Results recording Q_CHAR_PRC
Inspection completion Q_INSP_FIN
Change control charts Q_SPC
Authorization objects for quality notifications:
Functions for... authorization object
Process quality notifications
- General Q_QMEL
- Business transactions Q_VORG_MEL
Authorization objects for quality certificates:
Functions for... authorization object
Certificate profile
- Edit Q_CERT_PRF
Standard settings
The SAP standard system contains an authorization'<Object name>_A' for each authorization object, which allows all functions for the relevant object.
Recommendation
- Use a set nomenclature for the authorizations.
- Bear in mind there may be users who are not a part of the quality department, but who may nevertheless require certain display or access authorizations for the quality management functions.
Activities
- Display the authorization objects for the quality management functions and observe what effects they have. These authorization objects are in the quality management object class and have the generic name Q_*.
If you want to give limited authorizations for Customizing functions, the following applies: Authorization groups are assigned to the tables in the QM component. You can find these authorization groups in the table TDDAT using the generic entry QM-*. In certain cases, you may also need authorization groups from other application areas. Examples of such authorization groups are:
- PMD and PMTD for the print control for quality notifications
- Make a distinction between the individual users or groups of users according to the tasks they perform. Create job descriptions that contain the applicable authorization objects. Create appropriate authorizations for these jobs and their respective functions.
- Maintain the necessary authorizations.
Additional information
Authorizations are transported manually.
Second step: Maintaining the profiles
You maintain the authorization profiles for the job areas that deal with the functions of the QM component.
Standard settings
The QM component contains standard profiles that include comprehensive authorizations for the various areas of activity within quality management. You can find these profiles using the entry Q_*.
The system also contains comprehensive profiles for the Customizing application.
- S_A.CUSTOMIZ: profile for Customizing functions for all applications
- Z_CUSxx01: profile for Customizing in component xx (for example, xx = QM)
Recommendation
- When you define the profiles, be sure to consider the user groups who are not directly involved in QM processes, but who still require information from the QM component.
- Use a set nomenclature for the profiles; use mnemonic descriptions.
Activities
- Display the authorization objects and authorization profiles contained in the standard system.
- Create your own profiles and collective profiles, according to your needs.
- Assign suitable profiles to all defined jobs.
- Activate the authorizations and profiles.
Additional information
Profiles are transported manually.
Third step: User maintenance
As a third step, maintain the user master records for all individual users who are familiar with the QM functions.
SAP Recommendation
In the test system, keep the authorizations of users down to the necessary number. Test the effectiveness of authorization administration for all user groups.
Activities
- Create the user master records.
- Assign the authorization profiles.
- Maintain the user parameters.
Further notes
The user maintenance does not have a transport link. However, you can copy all user masters into the target system using the function for copying the source client. The copy profile SAP_USER is available for this purpose in the standard system. For additional information about the function for copying the client, refer to the step set up client in the Customizing application.
Business Attributes
| ASAP Roadmap ID | 209 | Establish Authorization Management |
| Mandatory / Optional | 2 | Optional activity |
| Critical / Non-Critical | 1 | Critical |
| Country-Dependency | A | Valid for all countries |
Assigned Application Components
| Documentation Object Class | Documentation Object Name | Current line number | Application Component | Application Component Name |
|---|---|---|---|---|
| SIMG | OLQU-B | 0 | HLA0009540 | Quality Management |
Maintenance Objects
| Maintenance object type | C | Customizing Object |
| Assigned objects | ||||||
|---|---|---|---|---|---|---|
| Customizing Object | Object Type | Transaction Code | Sub-object | Do not Summarize | Skip Subset Dialog Box | Description for multiple selections |
| SU02 | T - Individual transaction object | SU02 | OLQU | Maintain Profiles | ||
| SU03 | T - Individual transaction object | SU03 | OLQU | Maintain authorizations |
History
| Last changed by/on | SAP | 19990212 |
| SAP Release Created in |
