Defining Access to Information in M3

This document explains how to define the user access to information in M3 by working with groups of users.


User access to specific components and financial information is defined by having connected user groups to object access groups. The object access groups are connected to specific components and accounting identities.

Furthermore, financial programs are selected and included in the automatic authorization check routine.

The access definitions are used to ensure that the users can retrieve the information and work with the components relevant to their respective role within the company. When a user tries to access information from these components - or accounting identities - there is an automatic check that the user is connected to the valid user group.

Consequently, it is also used to prevent unauthorized persons from monitoring or maintaining specific data in M3.

See the respective settings instruction for further information.

Before you start

See the respective settings instruction for further information on starting conditions.

Follow these steps

  1. Create user group

    Begin by creating an empty user group by giving it an identity in 'User Group. Open' (CRS004). The group can be accessed from every company and division.

  2. Connect user to user group

    Connect each user to a user group in 'User. Access per Company Division' (MNS151); the program is called via 'User. Open' (MNS150).

    A user does not have to be a member of a user group. Note, however, that a single user cannot be connected to more than one group if user groups are used.

  3. Create object access group

    Create an empty group by giving it an identity in 'Object Access Group. Open' (CRS006). The group can be accessed from every company and division.

  4. Connect user group to object access group

    Connect the user group to the object access group in 'Object Access Group. Connect User Group' (CRS007); the program is called via (CRS006). If the user group for a user is not connected to an object access group this way, the user does not have access authorization to components or accounting identities with connected object access groups.

  5. Connect components to object access group

    Define who should be permitted to work with specific objects or components by connecting the respective component to the desired object access group. Examples of such components are facility, sales price list, and sales statistics.

    To limit the user access to specific accounting identities in the financial system, connect the object access groups to any number of such identities in 'Accounting Identity. Open' (CRS630).

    Note: If no object access group is connected to the component or accounting identity, it has no access security and can be accessed by all users.

    For a list of programs where an object access group can be entered, see Connect User Group to Object Access Group.

  6. Define check of information access for financial programs and accounting dimensions

    Specify the financial programs and the accounting dimensions that should be included in the authorization check in 'Settings - Access Authority Check' (GLS005).

    When the affected accounting dimensions are identified, the accounting identity used for the respective dimension is automatically checked against 'Accounting Identity. Open' (CRS630). See above.

Related topics