In this section you define cross-client organizational criteria for line authorizations. These can be used for all customizing data display and maintenance transactions. You assign one or more table key fields, via which you can control the access authorization to one or more tables by business criteria, to an organizational criterion. You can assign business work areas, e.g. organizational units (country, plant, company code), to a user or user group. A user can only view the data for which there is an authorization.

Cross-table organizational criteria

An organizational criterion can be cross-table. No values are assigned to the key fields, but there are foreign key relationships to assigned check table fields.

Example

You want to restrict the access authorization of a user to the data for a particular country. Create a new organizational criterion and assign the country code LAND1 from the table T005 (Countries) to it. The new authorization object S_TABU_LIN defines the value range of the key field which the user can use.

Requirements

Standard settings

Recommendation

Activities

Define organizational criteria, if required.

To assign an organizational criterion to a user or a user group, assign an activity group whose authorization profile contains the authorization object S_TABU_LIN with the desired organizational criterion, to the user or user group. Define the activity which the user or user group can perform and the value range for which it can be performed. You can specify up to 8 attributes for the value range.

Further notes

The maintenance transaction authorization check first checks the existing authorization objects S_TABU_CLI and S_TABU_DIS. If this check is successful, it checks whether organizational criteria have been defined for the key fields of the table. If so it checks whether there is authorization for values or value ranges of these fields. Only those fields are displayed for which the entire authorization check is successful.