| Overview of data securityTo reduce the risk of fraud and errors, data authorization is
enabled for various business processes such as Project, Contract, Requisitions,
Procurement, Sales, and Warehousing and entities such as Item and Business
Partners. You can define roles for which the authorization level is set for a range of these entities using the associated
attributes, which ensure data security. Benefits of authorization: - Improves compliancy by allowing only responsible employees to
update the master data.
- Improves the efficiency of the application by avoiding
incorrect data to be used for transaction purpose (such as creating new
transactions).
- Reduces expenses on stock control and administrative costs
because less corrections are made.
Business scenarios - In order to achieve a profit margin, a global operating
customer has assigned designated buyers for items and suppliers. Buyers must
ensure that the master data of the assigned suppliers and items is correct.
These authorized buyers must, after negotiating the prices and conditions for
the assigned items with the suppliers (using Requests for Quotations) specify
these in contracts and/or price books.
- An organisation divides the sales operations into separate
sales offices. Each sales office is responsible for a particular line of
business or sales area. Employees working for a sales office that is
responsible for a particular line of business, are only allowed to sell the
items of that line of business.
When authorization objects are authorized as a primary
authorization object, only employees with the permission to modify that object
can create and maintain the assigned objects. So only an employee who has
modify permission for a certain Project can update the master data of that
project. When authorization objects are authorized as a secondary
authorization object, only employees with the permission to modify that object
can use these secondary authorization objects to create or maintain a primary
object. So only an employee with the permission to modify a range of purchase
orders and use or modify permission for an item can create purchase orders
within the authorized range and use only assigned items on the order lines.
However, if a purchase order within the assigned range contains lines with
items for which the employee is not authorized, this employee can still view
and maintain the order (primary object) but view the secondary object. Employee
can only view and use permissions for the assigned items while changing the
order line. Example An employee is authorized to modify all the purchase orders
linked to the assigned purchase office. This employee is also authorized to
only use business partner A and B. This employee can: - Create purchase orders only for business partners A and B.
- Approve or release to Warehousing, all the purchase orders of
this purchase office, also the purchase orders from business partners other
than A and B.
- View all the purchase orders (main authorization object) of
the linked purchase office, also the purchase orders from business partners
(secondary authorization object) other than A and B.
- Modify all the purchase orders of the linked purchase office,
also the purchase orders from business partners other than A and B.
- However when the employee tries to change the business
partner of the order:
- The employee can only view the master data of business
partner A and B.
- The employee can only change the business partner to
business partner A and B.
| |