Monday, December 19
Define the users ,Authorizations and Data ownership authorizations in SAP business one
This topic tells us how to define the users ,authorizations and data ownership authorizations in SAP business one. At the conclusion of this topic you will be able to define users, define general authorizations for your users, and make the initial definitions required for working with the data ownership.
Defining users : in order to allow your employees to work in SAP business one, you first need to define corresponding users for each one of them . A user can be defined either as a super user or as a regular user . Super users are usually managers of a company . These users are not restricted and therefore , they have the full authorization to access all the windows in SAP business one . Other employees should be defined as regular users. You can create an authorization profile for these users according to the roles and positions in your company .
User defaults : you can define a profile of defaults containing special print preferences , G/L accounts , warehouses , etc . you can then assign these defaults to selected users according to your requirements .
General authorization : you need to grant functional authorization to the regular users in your company . These functional authorizations determine whether the regular user can open the documents, reports and various windows in Read only or Full mode or not at all. Note that only users defined as super users can access the general authorization window.
Lets see how we define users in SAP business one . Go to administration , then definitions , then general . Click on define users . Lets look at the name of the general manager of this company . Switch to find mode and type the general managers user code . On this screen you can see the name , the user code , the email address , mobile phone , fax , branch and department . You can see that the box super user is checked for the general manager . This means that the general manager is defined as a super user . In the password field you can see a details push button . If you click it you can change a certain users password or define a new password for a new user . Lets take a look at a regular user , for example Ruth Jefferson who is a sales employee . In this case you can see that the box super user is cleared . Therefore Ruth is defined as a regular user . Defaults – it is possible to define defaults for certain users . These defaults will certainly be used instead of the standard defaults defined by your company . You can define a different default warehouse , default G/L accounts , default print preferences . For example , for sales employees , you can define permanent remarks for printing which are special to them and default G/L accounts for credit cards if required . Now , lets take a look at the general authorization window . Under systems initialization , then under authorizations , click on general authorizations . This window displays a list of all the users defined in the define users window which we just saw . In this window , you can see all the majors in SAP business one . If you click on the expand push button , you can see the various entries , forms and windows under each major . For each one of these options you can define a different authorization . Lets take a look at the general manager , who is a super user . As you can see the general manager has full authorization for all the areas in SAP business one . You can also see that it is not possible to change the authorization of the super user . It will always remain a full authorization . Now lets see ruths authorizations . Ruth is a regular user . As you can see the columns here are active and it is possible for us to choose between a full authorization , a read only authorization or a no authorization at all . You can define a global authorization to certain category or in this case lets define several different authorizations for every option or window . Here under the general category you can see that Ruth has read only authorization in few places , full authorization in few places and no authorization for certain areas . In such a case you can see that ‘various authorizations’ is displayed next to the general . In addition it is possible to set a maximum discount that can be granted by regular users in documents . You can use the push buttons to give one authorization type to all the categories . For example you can click on ‘no authorization’ to cancel all authorizations to all the areas in SAP business one . Click read only or full authorization as needed . It is also possible to copy authorizations from one to another . For example , you have worked hard to define various authorizations for Ruth . Now you need to define the same authorizations for another person named Sofie . This might have taken you a great deal of time . However , SAP business one allows you to copy authorizations from one user to another quickly and easily . In order to copy authorizations from Ruth to Sofie simply click and hold the mouse on Ruth’s user name until a rectangular frame appears . Now drag the frame and drop it on Sofie’s user name . the system message - copy authorizations from Ruth to Sofie is displayed . Click on copy to copy Ruth’s authorizations to Sofie . the authorizations are now fully copied from Ruth to Sofie . click on update to save your changes.
Data ownership authorizations : data ownership enables manager to determine which documents could be viewed and updated by the regular users in SAP business one . Data ownership is relevant only for the users who are not defined as the super users in the define users window . This way , managers , that is the super users get to control the data accessible to each of the employees . An authorization can be granted for every document type and even at the document row level . Note that only users defined as the super users can access the Data Ownerships Authorization window . Data ownership is maintained according to the data defined for your employees in the Human Resources module , therefore it is highly recommended to read the document dealing with the Human Resources prior to defining data ownership in your company .
Initial definitions : initialize data ownership in your company , define users , assign a license for every user , define employees in the human resources module , define general authorizations for every regular user , define relevant data ownership authorizations for every regular user linked to an employee , define data ownership exceptions if required .
Initializing data ownership in your company : In order to initialize data ownership in your company , go to the administration , then click system initialization , then authorizations, and then click data ownership exceptions . In this window check the box – owner filtering active and click on update . Then comes the steps of defining users and assigning licenses .
Defining employees in human resources and general administration : under defining employees , we can see that in order to work with data ownersip authorizations , it is necessary to create an employee master data record , in the human resources module , for each one of your users .
Lets take a look at the employee master data record window . Go to human resources , and click on employee master data . Lets take a look at Ruth Jefforsons employee master data . In order to work with data ownership authorizations , it is necessary to define the following data for relevant employees . Under user code you need to select the corresponding user code as defined in the define users window . Here you can see that Ruth Jeffersons code is linked to the employee master data of Ruth Jefferson . If an employee functions as a sales employee in your company , you need to specify his employee name as defined under definition – general – define sales employees . This window also opens when you select define new option in this field here . You can see that Ruth Jefferson is selected in the sales employee name . Thus you establish a connection between Ruth’s employee master data and the sales employee name which can be linked to sales and purchasing documents . Under manager , you need to select the manager of the current employee . In this case , Sofie Klogg id Ruth Jefferson’s manager . Note that you can select only existing employees as the managers . You can see that Sofie is indeed explained in a separate employee master data . In the department field you can specify a relevant department for the employee . Do the same in the branch field . Under the membership tab page , in the teams table , you can define employees as team members or team leaders , and assign them to a certain team . You can see here that Ruth is a member of the sales specialist team .
Defining data ownership authorizations : Data ownership is based on the relationship of the employees of the company . The ownership types are : peer – this ownership defines the relationship between all the employees who have the same direct manager . A peer authorization allows the employees to access the documents owned by one of his peers . Next is the manager . This ownership type can be defined for the employees’ direct manager . A manager authorization allows an employee to access documents owned by his direct manager . Next is the subordinate – this ownership type can be defined for all the employees who work directly under the same employee . A subordinate authorization allows an employee to access documents owned by all his subordinates . Department : this ownership type describes the relationships among all the employees that work in the same department . A department authorization allows the access to documents by all the employees owned by the department . Next is the branch – this ownership type describes the relationship among all the employees that work in the same branch . A branch authorization allows the employees to access all the documents owned by all the employees in his branch . Next is the team - this ownership type describes the relationships among all the employees who belong to the same team . A team authorization allows employee to access the documents owned by all the employees in his team . It is possible to define several ownership types for every employee , thus causing these ownerships to overlap . Therefore it is recommended to define the minimum number of data ownership authorizations . Use the data ownership authorizations window to define the types relevant for each of your employees .
Lets take a look at the data ownership authorization window . Go to administration , then system initialization , then authorizations and click on data ownership authorizations . You can use this window to define ownership types to each of your employees . In this example lets relate to the chart told about earlier . The employees list – this list consists of all the employees defined in the employee master data window and are linked to fields user code in that same window . Document – this column displays all the document types for which you can define data ownership authorization , peer , manager , subordinate , department , branch , and team . You can use these columns to define relevant data ownership authorizations according to the relationships described earlier . In order to define any user authorization , for a certain employee , click the corresponding employee name . Take Barbara Lee for example and click a field under the required column to get a dropdown menu . Select full to give full data authorization for the document in the current relationship . In this example , if you select full , Barbara would have full data authorization for the particular document selected ( let it be A/P invoice document ) ; select R/O which is the read only authorization for the document in the current relationship which is the A/R credit memo here . Select none to define that the user can update and modify such documents of this type owned by him . Full authorization – click this button to define full authorization in all the fields in the table . Read only - push this button in order to define a read only authorization in all the fields in the table and the same goes for no authorization . Here you can see that after you hit the push button , the user can only view and update documents owned by him since he has no authorization at all. Note that an employee , who is linked to a super user like a manager , is automatically granted full data ownership authorization for all the document types . In this case the option full will be displayed in all the columns in the table and you will not be able to select a different authorization manually . The default data ownership authorization for a regular user is none like in the case of Barbara . Data ownership authorizations apply to sales and purchasing documents , the sales opportunity and relevant sales opportunities reports and the open items list . Lets see an example of defining and using data ownership authorizations . We will relate to the relationships as seen earlier . Our general assumptions for this example are Ron Palmer , the general manager , is defined as a super user and therefore has a full data ownership authorization . Linda and Barbara belong to the same team – the social events team .According to their roles in the team Linda has full data ownership authorization for the documents owned by all her team members , meaning documents she owns and documents Barbara owns . On the other hand Barbara has the data ownership authorization to display only documents she owns . Note that Linda and Barbara may have additional data ownership authorizations such as manager , subordinate , etc . However in this example we will describe a situation in which there is only a team type data ownership authorization. Lets look at the data ownership authorizations of Ron , Linda and Barbara according to the general assumptions we have just made . Ron – since he is a super user , you can see that he has full data ownership authorization for all the documents in all the relationship types . The authorizations are displayed in grey and are blocked for changes . Linda- she has full data ownership authorization for all the documents owned by her team members . Therefore you can see that the option full is selected for all the document types under the column team . Barbara - since she is authorized to access only the documents that she owns , you can see that she has no data ownership authorization at all . All the fields under all the relationship types show none .
Lets take a look at the effect of the data ownership authorizations we have made on the sales quotation document for example . Lets just remind that Ron palmer ,who is a super user has full data ownership authorization to all the documents , Linda Carter who is the team leader has a full data ownership authorization in the team relationship type , and Barbara who is a member in the team of Linda Carter has no data ownership authorization at all . Lets open the sales quotation window . Lets take for example three sales quotations taken by these three users . Lets switch to find mode and take a look at the last three sales quotations created in SAP business one . For example , lets take sales quotation number 131 which is owned by Ron Palmer , Sales quotation 130 is owned by Linda Carter , and sales quotation number 129 is owned by Barbara Lee . As you can see Ron can display and update all the sales quotations in the company , which s 131 , 130 owned by Linda and 129 owned by Barbara . Now lets take a look at Linda . She can display and update only sales quotations she or Barbara own . As you can see SAP business one skips number 131 and displays 130 , since 131 is owned by Ron . This one is owned by Linda and 129 is owned by Barbara . Lets take a look at Barbara’s screen . Barbara cannot see sales quotations number 131 and 130 as they bare owned by Ron Palmer and Linda Carter . She can display and update sales quotations which she owns , like 129 . However , all these users can display and update sales quotations which are not linked to a certain owner , like take a sale quotation where the owner field is blank before it is accessible for all these three users .If Linda or Barbara try to find a specific sales quotation for which they are not authorized , like sales quotation number 131 , lets try to find it . The error message no matching records is found . This is since the sales quotation 131 is owned by Ron Palmer . Linda and Barbara cannot see documents for which they have no data ownership authorization in the open items list as well . In other reports and enquiries , Linda and Barbara will not be able to use any link arrows to documents to which they have no data ownership authorization . However , they can view the data displayed in the report or the query .
You are now able to define users , define general authorizations for your users and make the initial definitions required for working with data ownerships .
Defining users : in order to allow your employees to work in SAP business one, you first need to define corresponding users for each one of them . A user can be defined either as a super user or as a regular user . Super users are usually managers of a company . These users are not restricted and therefore , they have the full authorization to access all the windows in SAP business one . Other employees should be defined as regular users. You can create an authorization profile for these users according to the roles and positions in your company .
User defaults : you can define a profile of defaults containing special print preferences , G/L accounts , warehouses , etc . you can then assign these defaults to selected users according to your requirements .
General authorization : you need to grant functional authorization to the regular users in your company . These functional authorizations determine whether the regular user can open the documents, reports and various windows in Read only or Full mode or not at all. Note that only users defined as super users can access the general authorization window.
Lets see how we define users in SAP business one . Go to administration , then definitions , then general . Click on define users . Lets look at the name of the general manager of this company . Switch to find mode and type the general managers user code . On this screen you can see the name , the user code , the email address , mobile phone , fax , branch and department . You can see that the box super user is checked for the general manager . This means that the general manager is defined as a super user . In the password field you can see a details push button . If you click it you can change a certain users password or define a new password for a new user . Lets take a look at a regular user , for example Ruth Jefferson who is a sales employee . In this case you can see that the box super user is cleared . Therefore Ruth is defined as a regular user . Defaults – it is possible to define defaults for certain users . These defaults will certainly be used instead of the standard defaults defined by your company . You can define a different default warehouse , default G/L accounts , default print preferences . For example , for sales employees , you can define permanent remarks for printing which are special to them and default G/L accounts for credit cards if required . Now , lets take a look at the general authorization window . Under systems initialization , then under authorizations , click on general authorizations . This window displays a list of all the users defined in the define users window which we just saw . In this window , you can see all the majors in SAP business one . If you click on the expand push button , you can see the various entries , forms and windows under each major . For each one of these options you can define a different authorization . Lets take a look at the general manager , who is a super user . As you can see the general manager has full authorization for all the areas in SAP business one . You can also see that it is not possible to change the authorization of the super user . It will always remain a full authorization . Now lets see ruths authorizations . Ruth is a regular user . As you can see the columns here are active and it is possible for us to choose between a full authorization , a read only authorization or a no authorization at all . You can define a global authorization to certain category or in this case lets define several different authorizations for every option or window . Here under the general category you can see that Ruth has read only authorization in few places , full authorization in few places and no authorization for certain areas . In such a case you can see that ‘various authorizations’ is displayed next to the general . In addition it is possible to set a maximum discount that can be granted by regular users in documents . You can use the push buttons to give one authorization type to all the categories . For example you can click on ‘no authorization’ to cancel all authorizations to all the areas in SAP business one . Click read only or full authorization as needed . It is also possible to copy authorizations from one to another . For example , you have worked hard to define various authorizations for Ruth . Now you need to define the same authorizations for another person named Sofie . This might have taken you a great deal of time . However , SAP business one allows you to copy authorizations from one user to another quickly and easily . In order to copy authorizations from Ruth to Sofie simply click and hold the mouse on Ruth’s user name until a rectangular frame appears . Now drag the frame and drop it on Sofie’s user name . the system message - copy authorizations from Ruth to Sofie is displayed . Click on copy to copy Ruth’s authorizations to Sofie . the authorizations are now fully copied from Ruth to Sofie . click on update to save your changes.
Data ownership authorizations : data ownership enables manager to determine which documents could be viewed and updated by the regular users in SAP business one . Data ownership is relevant only for the users who are not defined as the super users in the define users window . This way , managers , that is the super users get to control the data accessible to each of the employees . An authorization can be granted for every document type and even at the document row level . Note that only users defined as the super users can access the Data Ownerships Authorization window . Data ownership is maintained according to the data defined for your employees in the Human Resources module , therefore it is highly recommended to read the document dealing with the Human Resources prior to defining data ownership in your company .
Initial definitions : initialize data ownership in your company , define users , assign a license for every user , define employees in the human resources module , define general authorizations for every regular user , define relevant data ownership authorizations for every regular user linked to an employee , define data ownership exceptions if required .
Initializing data ownership in your company : In order to initialize data ownership in your company , go to the administration , then click system initialization , then authorizations, and then click data ownership exceptions . In this window check the box – owner filtering active and click on update . Then comes the steps of defining users and assigning licenses .
Defining employees in human resources and general administration : under defining employees , we can see that in order to work with data ownersip authorizations , it is necessary to create an employee master data record , in the human resources module , for each one of your users .
Lets take a look at the employee master data record window . Go to human resources , and click on employee master data . Lets take a look at Ruth Jefforsons employee master data . In order to work with data ownership authorizations , it is necessary to define the following data for relevant employees . Under user code you need to select the corresponding user code as defined in the define users window . Here you can see that Ruth Jeffersons code is linked to the employee master data of Ruth Jefferson . If an employee functions as a sales employee in your company , you need to specify his employee name as defined under definition – general – define sales employees . This window also opens when you select define new option in this field here . You can see that Ruth Jefferson is selected in the sales employee name . Thus you establish a connection between Ruth’s employee master data and the sales employee name which can be linked to sales and purchasing documents . Under manager , you need to select the manager of the current employee . In this case , Sofie Klogg id Ruth Jefferson’s manager . Note that you can select only existing employees as the managers . You can see that Sofie is indeed explained in a separate employee master data . In the department field you can specify a relevant department for the employee . Do the same in the branch field . Under the membership tab page , in the teams table , you can define employees as team members or team leaders , and assign them to a certain team . You can see here that Ruth is a member of the sales specialist team .
Defining data ownership authorizations : Data ownership is based on the relationship of the employees of the company . The ownership types are : peer – this ownership defines the relationship between all the employees who have the same direct manager . A peer authorization allows the employees to access the documents owned by one of his peers . Next is the manager . This ownership type can be defined for the employees’ direct manager . A manager authorization allows an employee to access documents owned by his direct manager . Next is the subordinate – this ownership type can be defined for all the employees who work directly under the same employee . A subordinate authorization allows an employee to access documents owned by all his subordinates . Department : this ownership type describes the relationships among all the employees that work in the same department . A department authorization allows the access to documents by all the employees owned by the department . Next is the branch – this ownership type describes the relationship among all the employees that work in the same branch . A branch authorization allows the employees to access all the documents owned by all the employees in his branch . Next is the team - this ownership type describes the relationships among all the employees who belong to the same team . A team authorization allows employee to access the documents owned by all the employees in his team . It is possible to define several ownership types for every employee , thus causing these ownerships to overlap . Therefore it is recommended to define the minimum number of data ownership authorizations . Use the data ownership authorizations window to define the types relevant for each of your employees .
Lets take a look at the data ownership authorization window . Go to administration , then system initialization , then authorizations and click on data ownership authorizations . You can use this window to define ownership types to each of your employees . In this example lets relate to the chart told about earlier . The employees list – this list consists of all the employees defined in the employee master data window and are linked to fields user code in that same window . Document – this column displays all the document types for which you can define data ownership authorization , peer , manager , subordinate , department , branch , and team . You can use these columns to define relevant data ownership authorizations according to the relationships described earlier . In order to define any user authorization , for a certain employee , click the corresponding employee name . Take Barbara Lee for example and click a field under the required column to get a dropdown menu . Select full to give full data authorization for the document in the current relationship . In this example , if you select full , Barbara would have full data authorization for the particular document selected ( let it be A/P invoice document ) ; select R/O which is the read only authorization for the document in the current relationship which is the A/R credit memo here . Select none to define that the user can update and modify such documents of this type owned by him . Full authorization – click this button to define full authorization in all the fields in the table . Read only - push this button in order to define a read only authorization in all the fields in the table and the same goes for no authorization . Here you can see that after you hit the push button , the user can only view and update documents owned by him since he has no authorization at all. Note that an employee , who is linked to a super user like a manager , is automatically granted full data ownership authorization for all the document types . In this case the option full will be displayed in all the columns in the table and you will not be able to select a different authorization manually . The default data ownership authorization for a regular user is none like in the case of Barbara . Data ownership authorizations apply to sales and purchasing documents , the sales opportunity and relevant sales opportunities reports and the open items list . Lets see an example of defining and using data ownership authorizations . We will relate to the relationships as seen earlier . Our general assumptions for this example are Ron Palmer , the general manager , is defined as a super user and therefore has a full data ownership authorization . Linda and Barbara belong to the same team – the social events team .According to their roles in the team Linda has full data ownership authorization for the documents owned by all her team members , meaning documents she owns and documents Barbara owns . On the other hand Barbara has the data ownership authorization to display only documents she owns . Note that Linda and Barbara may have additional data ownership authorizations such as manager , subordinate , etc . However in this example we will describe a situation in which there is only a team type data ownership authorization. Lets look at the data ownership authorizations of Ron , Linda and Barbara according to the general assumptions we have just made . Ron – since he is a super user , you can see that he has full data ownership authorization for all the documents in all the relationship types . The authorizations are displayed in grey and are blocked for changes . Linda- she has full data ownership authorization for all the documents owned by her team members . Therefore you can see that the option full is selected for all the document types under the column team . Barbara - since she is authorized to access only the documents that she owns , you can see that she has no data ownership authorization at all . All the fields under all the relationship types show none .
Lets take a look at the effect of the data ownership authorizations we have made on the sales quotation document for example . Lets just remind that Ron palmer ,who is a super user has full data ownership authorization to all the documents , Linda Carter who is the team leader has a full data ownership authorization in the team relationship type , and Barbara who is a member in the team of Linda Carter has no data ownership authorization at all . Lets open the sales quotation window . Lets take for example three sales quotations taken by these three users . Lets switch to find mode and take a look at the last three sales quotations created in SAP business one . For example , lets take sales quotation number 131 which is owned by Ron Palmer , Sales quotation 130 is owned by Linda Carter , and sales quotation number 129 is owned by Barbara Lee . As you can see Ron can display and update all the sales quotations in the company , which s 131 , 130 owned by Linda and 129 owned by Barbara . Now lets take a look at Linda . She can display and update only sales quotations she or Barbara own . As you can see SAP business one skips number 131 and displays 130 , since 131 is owned by Ron . This one is owned by Linda and 129 is owned by Barbara . Lets take a look at Barbara’s screen . Barbara cannot see sales quotations number 131 and 130 as they bare owned by Ron Palmer and Linda Carter . She can display and update sales quotations which she owns , like 129 . However , all these users can display and update sales quotations which are not linked to a certain owner , like take a sale quotation where the owner field is blank before it is accessible for all these three users .If Linda or Barbara try to find a specific sales quotation for which they are not authorized , like sales quotation number 131 , lets try to find it . The error message no matching records is found . This is since the sales quotation 131 is owned by Ron Palmer . Linda and Barbara cannot see documents for which they have no data ownership authorization in the open items list as well . In other reports and enquiries , Linda and Barbara will not be able to use any link arrows to documents to which they have no data ownership authorization . However , they can view the data displayed in the report or the query .
You are now able to define users , define general authorizations for your users and make the initial definitions required for working with data ownerships .
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
You are welcome to express your views here...