Ansicht
Dokumentation
Changes to the Authorization Check (Changed) ( RELNEBP_50_AUTHORIZATION )
Fill RESBD Structure from EBP Component Structure TXBHW - Original Tax Base Amount in Local CurrencyThis documentation is copyright by SAP AG.
Short text
Changes to the Authorization Check (Changed)
Use
As of Supplier Relationship Management (SRM) 4.0, the authorization
check has been refined. Authorization objects used in previous releases have been replaced by new ones that include authorization parameters and authorization fields.
The objects responsible
purchasing organization (PORG), responsible
purchasing group (PGR)
and business transaction type have been added to the authorization object activity.
Document checks in combination are possible: This allows control of the permitted function per document type and also a differentiation on organizational level.
Example:
- A purchaser in purchasing group PGR123 is assigned to the role SAP_EC_BBP_PURCHASER and has the authorization object BBP_PD_PO - SRM: Process Purchase Orders, allowing the purchaser to create, change, display, print, and delete purchase orders (in the standard system). If the purchasing group object is restricted to PG123, the purchaser can only process purchase orders that belong to this group and not all purchase orders without restriction. The purchaser might have less extensive authorization (for example display authorization) for other purchasing groups.
- 1. Document check
- Checks whether a user can access a document (shopping cart, purchase order, and so on) with a particular function (change, delete, and so on).
- Check fields:
- PORG
- PGR
- Transaction type
- Activity (prior to SRM 4.0 the only check field)
New object | Old object | SRM document |
---|---|---|
BBP_PD_AUC | M_BBP_AUC | Live auction |
BBP_PD_BID | M_BBP_BID | Bid invitation |
BBP_PD_CNF | M_BBP_CONF | Confirmation |
BBP_PD_CTR | M_BBP_CTR | Contract |
BBP_PD_INV | M_BBP_I_IN | Invoice |
BBP_PD_PCO | Purchase order confirmation | |
BBP_PD_PO | M_BBP_PO | Purchase order |
BBP_PD_QUO | M_BBP_Q_IN | Bid |
BBP_PD_VL | Vendor list | |
BBP_PD_SC | Shopping cart |
- 2. Check of special functions
-
When a transaction is called, the system checks the check object S_TCODE.
If a transaction is included in a role, the appropriate authorization is automatically assigned during profile generation.
SRM contains several services/functions that are not checked using S_TCODE (but these should not be available for all users). The authorization object BBP_FUNCT provides a simple access authorization:
New object | Old object | Checked value in field BBP_FUNCT | Service/function |
---|---|---|---|
BBP_FUNCT | BBP_BUYER | CR_COMPANY | Create purchasing company |
BBP_FUNCT | M_BBP_ADM | MON_ALERTS | Access to monitors and alerts |
BBP_FUNCT | M_BBP_ASS | CR_ASSETS | Create assets |
BBP_FUNCT | M_BBP_SHLP | BE_F4_HELP | Call input help in R/3 |
BBP_FUNCT | M_BBP_VE | EVAL_VEND | Vendor evaluation |
- 3. Check during vendor access
-
When vendors access an EBP System directly (not via SUS) to create purchase order confirmations (transaction BBPCF01) and invoices BBPIV01) or to submit bids
(BBP_QUOT), these are not assigned to a purchasing organization
or a purchasing group. These authorization parameters are not used. Business object type and activity are used for checking.
New object | Old object | SRM document |
---|---|---|
BBP_VEND | M_BBP_I_EX | Invoice |
BBP_VEND | M_BBP_Q_EX | Bid |
BBP_VEND | M_BBP_SES | Purchase order confirmation |
Note:
- The authorization profiles have to be regenerated after a system update because of the new authorization objects (transaction PFCG - Role Maintenance).
- The new authorization check is used as standard.
If you do not want to use it, you can revert back to the previous authorization check:
IMG: Supplier Relationship Management → SRM Server → Master Data → Create User → Switch Back to Old Authorization Checks (SRM 3.0)
(If the indicator is set, the old authorization objects are used. If not, only the new ones are used for checking.)
- If required, you can enhance the standard checks.
You can use the BAdI BBP_PD_AUTH_CHECKFurther Authorization Check for SRM Documents to do this.
Effects on Existing Data
Effects on Data Transfer
Effects on System Administration
Effects on Customizing
Further Information
BAL Application Log Documentation ABAP Short Reference
This documentation is copyright by SAP AG.
Length: 9631 Date: 20240520 Time: 202709 sap01-206 ( 86 ms )