Hierarchy
⤷ CRM (Application Component) Customer Relationship Management
⤷ CRM_APPLICATION (Package) All CRM Components Without Special Structure Packages
⤷ KE (Package) Profitability Analysis
Basic Data
Data Element | RKE_OBJECT |
Short Description | Authorization object for combinations of characteristics |
Data Type
Category of Dictionary Type | D | Domain |
Type of Object Referenced | No Information | |
Domain / Name of Reference Type | XUOBJECT | |
Data Type | CHAR | Character String |
Length | 10 | |
Decimal Places | 0 | |
Output Length | 10 | |
Value Table | TOBJ |
Further Characteristics
Search Help: Name | ||
Search Help: Parameters | ||
Parameter ID | XUO | |
Default Component name | ||
Change document | ||
No Input History | ||
Basic direction is set to LTR | ||
No BIDI Filtering |
Field Label
Length | Field Label | |
Short | 10 | Object |
Medium | 15 | Authoriz. obj. |
Long | 20 | Authorization object |
Heading | 10 | Object |
Documentation
Definition
Authorization objects are used in this application to protect combinations of characteristics. You can choose a maximum of 10 characteristics for the authorization object. All other characteristics fall under the category "*" (= users have authorizations for all these characteristics).
By selecting up to 10 characteristics several times, you can create multiple authorization objects. Since authorization checks are carried out for all the authorization objects belonging to an application (e.g. CO-PA Information System, CO-PA planning, EC-EIS), all the objects are linked.
You therefore need to define authorizations for all the authorization objects in an application. If a user has no authorization for even one of these objects, he or she will be denied permission to perform the function.
Possible combinations of authorizations for an object:
- Normal characteristic values
- "*" - User is authorized for all values of a characteristic
- ":" - User can only access summarized values for this characteristic
- "&" - User is authorized for characteristic value 'SPACE', i.e. all unspecified characteristics
Examples
Let us assume that only object Y_KEB_X00 with the fields "Product range" and "Customer" has been defined for the information system.
User A is authorized for Customer C01. The authorization required is: Product range ":", Customer C01
User B is authorized for Customer C01 and Product range R01. The authorization required is: Product range R01, Customer C01
User C is authorized for Customer C01 and Product range SPACE (all unspecified characteristics). The authorization required is: Product range "&", Customer C01
User D is authorized for customer C01 and all product ranges. The authorization required is: Product range "*", Customer C01
Example - Planning
The object Y_KEPL_X00, with fields "Customer", "Product range" and "Region", was defined for planning.
User A needs to create a single-segment plan for Customer C01. Data is available for Product ranges R01, R02 and R03. The new values entered ba the user for Customer C01 are saved for Product range SPACE. The authorization required is Customer C01, Product range ":", Region ":".
User B must create a multi-segment plan for Customer C01 and all product ranges. The authorization required is Customer C01, Product range "*", Region ":".
Where are the authorization objects checked?
- Information system (CO-PA and EC-EIS)
- For the selected characteristics when the user defines a report
- For the selected characteristics when the user runs the report
- Planning (CO-PA)
- Before the user can plan.
History
Last changed by/on | SAP | 20110901 |
SAP Release Created in |