In this IMG activity, you define authorization objects which the system protects in planning. Each authorization object can consist of up to 10 fields, which you can define and group together as you wish (you can also use the characteristics of the operating concern or a free variable for the value field). All other characteristics which you do not specify in the object are regarded as allowed.

By choosing up to 10 fields more than once, you can create different authorization objects that are linked with one another. However, it is recommended that you only create one object. Otherwise the "AND" links between authorization objects could cause difficulties when you create the authorizations for individual users.
Before a user performs an action in planning, the system checks his or her authorization. If the authorization is lacking for just one of the objects, the system refuses the request. You can define the authorizations for individual users under Tools -> Administration -> Maintain users from the main menu.

If desired, you can activate characteristic derivation for the authorization check. In this case, the system checks the user's authorization for all the characteristics that can be derived. For the system to do this, the user must have authorization for the activity "B3" (Derive) in authorization object "K_KEPL_TC" (Sales and profit planning). In addition, the set/get parameter "RDA" must have the value "X" in the user parameters.

Possible authorizations for an object include:

• the individual values of a characteristic
• *

  This means that the user is authorized for all values of the characteristic.

• :

  This means that the user is not authorized at this level. He or she may only look at the total for the characteristic.

• #

  This means the user is not authorized for any value of the characteristic (only non-assigned values).

The following tables demonstrates how the system checks your entries against an authorization object:

    Field content   *           Y           #       does not exist

Authorization:

  *                 x           x           x           x

  (A,Z)             -           x           -           -

  X                 -           -           -           -

  #                 -           -           x           -

  :                 -           -           -           x

Examples of how authorization objects are used in planning

For planning, assume that the object Y_KEPL_X00 was defined with the fields "Customer", "Product range" and "Region".

User A needs to carry out single-segment planning for customer C01. Data exists for product ranges A1, A2 and A3. The value entered by the user for customer C01 is stored for product range SPACE, region SPACE.
Necessary authorization: Customer C01, Product range ":", Region ":".

User A needs to carry out multi-segment planning for customer C01 and all product ranges.
Necessary authorization: Customer C01, Product range "*", Region ":".

Actions

Define your authorization objects.