7-Authorization Concept for SAP Student Lifecycle Management

Authorization Concept for SAP Student Lifecycle Management

Applies to: SAP Student Lifecycle Management EHP 3

Summary This document provides a basic overview on the Authorization Management in Student Lifecycle Management. It should be used as additional document to the relevant implementation guideline for Student Lifecycle Management. Author(s): Jeroen Boeracker Company: SAP AG Created on: 03 March 2008

Author Bio Jeroen Boeracker works as a developer for Student Lifecycle Management at SAP AG.

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 1

Authorization Concept for SAP Student Lifecycle Management

Table of Contents Introduction .........................................................................................................................................................3 Overview .............................................................................................................................................................3 1. Roles...............................................................................................................................................................4 2. Basic Authorizations .......................................................................................................................................5 3. Context Sensitive Authorizations....................................................................................................................5 4. Structural Authorizations.................................................................................................................................6 4. 1 Evaluation Paths ......................................................................................................................................6 4. 2 Organizational Structure ..........................................................................................................................7 5. Customizing ....................................................................................................................................................8 5.1 Required step (general): ........................................................................................................................................8 5.2 Required steps within the maintenance of structural authorizations: .....................................................................8

6. Creation of Contract Account Data.................................................................................................................9 7. Customer Enhancements ...............................................................................................................................9 8. Examples ......................................................................................................................................................10 Example 1 ..................................................................................................................................................................10 Example 2 ..................................................................................................................................................................11 Example 3 ..................................................................................................................................................................11

9. Frequently Asked Questions ........................................................................................................................12 10. Authorization Objects..................................................................................................................................12 10.1 Important Authorization Objects.........................................................................................................................12 10.2 Authorization Trace ............................................................................................................................................13 10.3 Additional Information for developers.................................................................................................................13

11. Additional Information .................................................................................................................................14 11.1 Student File ...........................................................................................................................................14 11.2 Student Master Data .............................................................................................................................15 11.2.1 Automatic creation of contract account and contract object master records ...................................................16

11.3 Function Modules for structural authorizations .....................................................................................16 11.4 Tables relevant for authorization...........................................................................................................16 Related Content................................................................................................................................................16 Copyright...........................................................................................................................................................17

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 2

Authorization Concept for SAP Student Lifecycle Management

Introduction The intention of this document is to provide a reference for consultants to set up and verify roles and authorizations for Student Lifecycle Management. Readers of this document need to be familiar with the SAP Authorization Concept and also with the Student Lifecycle Management Product

Overview Authorizations checks in Student Lifecycle Management are based on HCM Basic Authorization and Structural Authorization. •

Basic authorization determines whether a user is allowed to execute a certain function.

•

Structural authorization determines the objects for which the user is allowed to execute this function.

In other words, the basic authorization defines what function the user is allowed to use, and the structural authorization defines for which objects the user is allowed to use this function. Examples: •

With basic authorization you can allow a user to perform the activity to create a module booking

•

With structural authorization you can restrict this activity to modules that are offered by the faculty of Mathematics (The user can then access these modules whenever required

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 3

Authorization Concept for SAP Student Lifecycle Management

1. Roles The following roles delivered in the SAP Standard are relevant for Student Lifecycle Management. The roles can be maintained using transaction PFCG.

Student Lifecycle Management specific roles Composite role

Description

SAP_CM_ADM_COORDINATOR

Admission Coordinator

SAP_CM_ADM_OFFICER

Admission Officer

SAP_CM_ASM_COORDINATOR

Assessment Coordinator

SAP_CM_ASM_OFFICER

Assessment Officer

SAP_CM_STREC_COORDINATOR

Student Records Coordinator

SAP_CM_STREC_OFFICER

Student Records Officer

Single role

Description

SAP_CM_ADMOFF_STUDYDATA

Activities for the Admission Officer

SAP_CM_ADMREGDATA_DISP

Display Study Data

SAP_CM_ASMCO_ADDACT

Additional Activities for the Assessment Coordinator

SAP_CM_ASMDATA_DISP

Display Progression and Grades

SAP_CM_ASMOFF_ACT

Activities for the Assessment Officer

SAP_CM_STMASTERDATA_DISP

Display Student Master Data

SAP_CM_STMASTERDATA_MAINT

Edit Student Master Data

SAP_CM_STRCO_ADDACT

Additional Activities for the Student Records Coordinator

SAP_CM_STROFF_ACT

Activities for the Student Records Officer

SAP_CM_APLIC_ADM_ACT_US

Activities for the Application Administrator (US)

SAP_CM_ALL

Student Lifecycle Management

SAP_CM_REGIST

Activities in the Registration Environment

SAP_CM_STUDENTMASTER

Student Master Data Maintenance

SAP_CM_MODULEBOOK

Module Booking

SAP_CM_ADMIN_ACAD_STRUCTURE

Academic Structure Administrator (internal)

SAP_CA_NO_NOTIFVIAWEB_EXT

General Notification Creation on Web

SAP_CA_NO_NOTIFVIAWEB_INT

Creation of General Notifications on the Web – Link

SAP_CA_NO_NOTIF_GENERAL

General Notification Processing

SAP_CA_NO_NOTIF_ISR

Creation of an Internal Service Request

SAP_FI_CA_ACCOUNT_MAIN_REVERS

Account maintenance

SAP_FI_CA_ADMIN_POSTING

Administrative Postings

SAP_FI_CA_BUSINESS_PARTNER

Master Data for Contract Partner

SAP_FI_CA_CONTRACT_ACCOUNT

Master Data Contract Account

SAP_FI_CA_MANUAL_POSTINGS

Manual Postings

SAP_FI_CA_MASTER_DATA_ADMINIST

Master Data Administration

SAP_FI_CA_PARTNER_ACCOUNT_INFO

Information for Business Partner Account

SAP_FI_CA_PAYMENTS_AT_CASHDESK

Cash at desk

SAP_FI_CA*

Further FI-CA Roles

SAP_FMCA_CA_ALL

Basic Role for IS-PS-CA with all transactions and general authorizations.

Other relevant roles

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 4

Authorization Concept for SAP Student Lifecycle Management

SAP_HR_PE_TRAININGMANAGER

Training Manager

SAP_HR_PE_TRAININGADMIN

Training Administrator

SAP_BC_ENDUSER:

Uncritical basis authorizations for all users

2. Basic Authorizations There are three important authorization objects within Student Lifecycle Management: •

S_TCODE

•

PLOG

•

P_CM_PROC

S_TCODE checks whether a user is allowed to start a given transaction. Every time the user starts a menu command or a transaction code using the command line, the roles assigned to the user are checked to see whether the user has the authority to execute this transaction. PLOG checks whether a user is allowed to read, write or insert specific HR Infotypes. P_CM_PROC checks whether a user has the authority for a specific Student Lifecycle Management process. The Student Lifecycle Management authorization concept has the following advantages: •

Simplified authorization assignment

•

Distinctions between read, change and create operations

3. Context Sensitive Authorizations Context sensitive authorizations for Student Lifecycle Management include the following ones: P_CM_PROC: Field

Value

PIQPROCESS PIQPROFL

AD* Not relevant

PLOG_CON – F1 Help: •

NOTE: Do NOT use this authorization object. It does not work.

•

This object is used by the authorization check for personnel planning data.

P_ORGINCON – F1 Help: •

HR Master Data with context authorization object (P_ORGINCON) is used in the authorization check for personnel data. This check takes place when HR Infotypes are edited or read.

•

This authorization object consists of the same fields as the P_ORGIN authorization object and now includes the new PROFL field (structural profile). A check using this object enables customer-specific contexts to be mapped in HR Master Data.

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 5

Authorization Concept for SAP Student Lifecycle Management

4. Structural Authorizations Structural authorization enables you to define the set of objects the user is authorized to process. You determine these objects using evaluation paths. You can define whether the user should only be given a display authorization for these objects or a maintenance authorization as well.

When basic and structural authorizations are used, the user profile is an intersection of the structural profile and the basic profile. 4. 1 Evaluation Paths An evaluation path is an instruction for the system which determines which object types and relationship(s) are to be included in an evaluation of the organizational plan.

It describes the chain of relationships that exist between objects in a hierarchical structure. The report takes into account only the objects that lie along the specified evaluation path.

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 6

Authorization Concept for SAP Student Lifecycle Management

4. 2 Organizational Structure One or more relationships are then used as “navigation paths" for evaluating structural information in your organizational plan (relating to the organizational or reporting structures) or matrix organization. The sequence of the relationships included in the evaluation path is decisive in how the results of the evaluation are displayed.

Diagram of an organizational structure using objects and relationships

Note: As functions of other applications areas (Training and Event Management, Notification Processing) as well as Student Accounting are integrated into Student Lifecycle Management, users also need authorizations for these areas.

Note: Student Lifecycle Management contains a number of single roles which you can combine with the roles of other application areas to create composite roles. You can either assign a composite role or individual roles to users.

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 7

Authorization Concept for SAP Student Lifecycle Management

5. Customizing The following customizing activities are relevant for setting up authorizations in Student Lifecycle Management: •

Cross Application -> SAP Business Partner -> Business Partner -> Basic Settings -> Authorization Management

•

Financial Accounting -> Contract Accounting -> Basic Functions -> Contract Accounts -> Field Modifications -> Define Field Groups for Authorization Check

•

Financial Accounting -> Contract Accounting -> Basic Functions -> Contract Object -> Authorization Management

•

Student Lifecycle Management -> Basic Settings -> Authorizations

5.1 Required step (general): 1. Analysis of required roles in the university 2. Analysis of the authorizations needed for these roles o

Selection of the required authorization objects

o

Selection of the required transactions

o

Selection of the required Infotypes

o

Creation of Contract Account Data

3. Compare the roles delivered by SAP and see how they fit the defined requirements 4. Customize the roles using transaction PFCG 5. Assign the roles to the users 5.2 Required steps within the maintenance of structural authorizations: 1. Analysis of the organizational assignment of the members in the university 2. Analysis of structural authorizations needed for these members a.

Selection of the required restriction within the organization

b.

Selection of the required evaluation paths

3. Compare the paths delivered by SAP and see how they fit the institution’s requirements 4. Customize the paths using transaction OOAW 5. Customize the structural profiles using transaction OOSP 6. Assign the customized structural profiles to the user

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 8

Authorization Concept for SAP Student Lifecycle Management

6. Creation of Contract Account Data Contract Account and Contract Object Master records can be created automatically after creating a Student Master Record Role SAP_CM_ACCOUNT_DATA_UPDATE is provided for automatic creation of account data. There are two ways to create account data that is customized in T7PIQSWITCH with key STUDACCT+ UPDRFCDEST. • •

If no value is maintained, the user will be used to create account data If a RFC destination is specified for this value, the user maintained in this RFC destination (called technical user) is used: o

No Technical User: The user itself should have role SAP_CM_ACCOUNT_DATA_UPDATE.

o

Technical User: The user itself doesn’t need role SAP_CM_ACCOUNT_DATA_UPDATE but the technical user needs it.

Please check role SAP_CM_ACCOUNT_DATA_UPDATE for the authorization objects.

7. Customer Enhancements BAdIs for additional authorization checks •

HRPIQ00_ST00_TAB: Additional authority checks for tab page in student file

•

HRPIQ00AUTHORITY: Additional authority checks for Student Lifecycle Management activities

•

HRBAS00_STRUAUTH: Additional authority checks for structural authorizations

•

HRBAS00_GET_PROFL: Determine user profile for structural authorizations

Authority Checks for BDT Objects: •

For the BP, Contract Account and Contract Object Master Records additional authorization checks can be implemented using the event AUTH1 of the BDT Toolset. Further information can be found in the developer guide for the BDT toolset in the SAP online documentation.

Function Modules for Authorization Checks •

HRIQ_PROCESS_AUTHORITY_CHECK: Checks authority object P_CM_PROC

•

HRIQ_BASE_AUTHORITY_CHECK: Checks authority object PLOG

•

HRIQ_STRU_AUTHORITY_CHECK: Checks Structural authorization, optional PLOG

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 9

Authorization Concept for SAP Student Lifecycle Management

8. Examples The organizational and academic structure described here is the basis for the following examples •

Organizational Structure with several hierarchies

•

University (academic top org unit) -> School -> Department -> Faculty

•

HR Positions are linked to the organizational units, the position of the Employees (P) are assigned to HR positions (S)

•

User (US) is linked with the employee (P) by maintaining Infotype Communication (0105), Subtype System user name (0001) for the employee (P) in transaction PA30.

•

Departments offer Programs of Study (SC) and specializations (CG)

•

Faculties offer modules (SM)

•

Advisors are assigned to student records directly.

Example 1 A faculty administrator is allowed to view personal data and address data, but not allowed to view fee calculation data, bank details and payment cards. An accounting clerk is allowed to see all from above and additional fee calculation data, bank and payment card details. Configuration: To enable correct authorizations the corresponding authorization profiles can be created with the profile generator (TCode PFCG). For the faculty administrator following authorizations objects are relevant: •

S_TCODE, Transaction code PIQST00

•

PLOG, Infotype Personal data (1702)

•

B_BUPA_FDG, Address data (BP fields groups 0062 – 0080, 0092 – 0095, 0115, 0120, 0122 – 0128, 0139 – 0149)

For the accounting clerk, the same authorizations as above are needed. Additional following authorizations objects are relevant: •

PLOG, Infotype Fee calculation data (1706)

•

B_BUPA_FDG, Bank data (BP field group 0009)

•

B_BUPA_FDG, Payment cards (BP field group 0020)

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 10

Authorization Concept for SAP Student Lifecycle Management

Example 2 A faculty member needs to maintain module data for all modules offered by the department. Additionally s/he needs to display all modules for students that are enrolled to a program offered by his/her department. Configuration: To determine the root object of the structural authorization, function module RH_GET_ORG_ASSIGNMENT is used. In this case, the function module determines the root organizational unit of the faculty member. This is done by evaluating the infotype Communication (0105), Subtype System user name (0001) of the user. Via this infotype the personnel number is derived. With the personnel number, you have the object Person (P) which you can use to derive the Position (S) and the Organizational Unit (O). From the organizational unit, you can use two evaluation paths to derive the objects described in the case. Two new authorization profiles (TCode OOSP) are required: • •

One for maintaining the modules offered by the department of the faculty member One for displaying all modules for students that are enrolled to a program offered by the department of the faculty member.

Example 3 Each of the profiles needs an evaluation path (TCode OOAW) to find the correct objects. Alternatively the choice could be made to integrate the two entries into one profile. The best solution can only be determined when all requirements for authorizations are known. Evaluation Path O-SM

Evaluation Path O-ST-SM

After this has been done, the user has to be assigned to the profiles (TCode OOSB).

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 11

Authorization Concept for SAP Student Lifecycle Management

9. Frequently Asked Questions If a registrar is taking a class at the university, how do you prevent him from accessing his own record? Create a new profile for structural authorization (TCode OOSP):

Use the function module HRIQ_GET_STUDENT_FROM_USER to retrieve the object ID of the registrar. Assign this profile to the registrar (TCodeOOSB):

By checking the checkbox, the statement is inversed. This means the Registrar would not be able to see a student with the object ID determined in the first step. Beware! If you assign this profile to SAP*, no one would be able to see his own data!

10. Authorization Objects 10.1 Important Authorization Objects Authorization Object

Description

Area

Comment

S_TCODE

Transaction Code Check at transaction Start

Basis

SLCM transactions follow name convention PIQ* .

PLOG

Personnel Planning, Infotypes

SLCM, Organizational Management, Training and Event Management

SLCM Infotypes are in the area 1700 – 1799.

P_CM_PROC

Student Lifecycle Management Activities

Student Lifecycle Management

SLCM activities are defined in system table T7PIQPROCESS (descriptions in table T7PIQPROCESST)

B_BUPA_RLT

Business Partner: BP Roles

Business Partner Master Record

SLCM uses BP Roles PSCM10 (Student), MKK (Contract Partner), PSCI10 (Related Person)

B_BUPA_FDG

Business Partner: Field Groups

Business Partner Master Record

Field Groups relevant for authorizations must be maintained in Customizing

B_BUPA_GRP

Business Partner: Authorization Groups

Business Partner Master Record

Refers to field Authorization Group in BP Master

B_BUPA_ATT

Business Partner: Authorization Types

Business Partner Master Record

B_CCARD

Payment Cards

Business Partner Master Record

B_CARD_SEC

Encryption Card Master

Business Partner Master Record

F_KKVK_VKT

Contract Account Category

Contract Account Master Record

F_KKVK_FDG

Contract Account Field Groups

Contract Account Master Record

F_KKVK_BEG

Contract Account Authorization Group

Contract Account Master Record

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

Field Groups relevant for authorizations must be maintained in Customizing

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 12

Authorization Concept for SAP Student Lifecycle Management

F_KKVK_BUK

Contract Account: Company Code

Contract Account Master Record

F_KK_LOCK

Business Locks

Contract Account Master Record

F_KK_FCODE

GUI functions in Contract Account Master Data

Contract Account Master Record

F_KK*

Several authority objects

Contract Accounting

F_PSOB_ATT

Contract Object Authorization Types

Contract Object Master Record

F_PSOB_BEG

Contract Object Authorization Group

Contract Object Master Record

F_PSOB_FDG

Contract Object Field Groups

Contract Object Master Record

F_PSOB_VGT

Contract Object Type

Contract Object Master Record

P_CM_AUDIT

Audits

Degree Audit

P_CM_AUDCT

Requirement Catalogs

Degree Audit

P_PRWBENCH

Print Workbench

Correspondence

G_GB90_

Validation/Substitution/Rules: Rules

VSR

G_GB92_

Validation/Substitution/Rules: Substitution

VSR

G_GB93_

Validation/Substitution/Rules: Validation

VSR

S_APPL_LOG

Application Log

Basis

Field Groups relevant for authorizations must be maintained in Customizing

Includes Authorization field PIQAUDRTY which represents the execution modes which have to be chosen before executing an audit

The application log is used for many SLCM reports

10.2 Authorization Trace Transaction SU53 can be used to display the last failed authorization check Transaction ST01 can be used to run an authorization trace. 10.3 Additional Information for developers Transaction SU21 shows authorization classes and objects Transaction AUTH_DISPLAY_OBJECTS display objects in a hierarchy. Authorization objects that are created exclusively for Campus Management are grouped in the authorization object class CM. Authorization objects for the Business Partner are allocated to the authorization object class AAAB. Authorization objects for FI-CA and IS-PS-CA are allocated to the authorization object class FI. Roles are client-dependent and are therefore delivered from the customizing client.

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 13

Authorization Concept for SAP Student Lifecycle Management

11. Additional Information 11.1 Student File The following table gives an overview of the authorizations required for the tab page. Tab Page

Tab Page Description (Standard)

Required Authorizations for display (PLOG for Infotypes)

Required Authorizations for activities

ACTDOC

Activity Documents

Struct. Auth. on objects (SC etc).

Authority object P_CM_PROC

ADMIS

Admisson

Infotype 1001 / Subtype *530; 1001 / *514; 1001 / *517

Activities AD*

APPLICS

Requests

Infotype 1001 / Subtype *504

Not applicable

CATALOGS

Catalogs

Infotype 1778

Function Codes for Infotype 1778

CONFERQ

Qualifications

Infotype 1001/ Subtype *532

Activities CQ*

CORR

Correspondence

Authority object P_CM_CORRRC

Authority object P_CM_CORRRC

GENERAL

General Data

Infotype 1770, 1780; 1001 / Subtype *515;

Function Codes for Infotype 1780

HOLDS

Blocking Notes

Infotype 1728

Function Codes for Infotype 1728

MAJMIN

Specializations

Infotype 1001 / Subtype *516;

Activities CB*

PROG_GR

Program Type Progression

Infotype 1737

Activities PG*

PROG_PR

Program Progression

Infotype 1772

Not applicable

REGIST

Registration

Infotype 1769, 1770,1771, 1001 / *513; 1001 / *514; 1001 / *517

Activities R*

STATUS

Status

Infotype 1728

Function Codes for Infotype 1728

Navigation to Function

Required Authorizations

Student -> Create/Change/Display

Transaction Code PIQSTD/M/C

Student -> Death

Object P_CM_PROC / Act. DE01 – DE03

Edit -> Change Maintenance Dialog

Transaction Code PIQST10

Goto -> Account Balance

Not applicable

Goto -> Payment at Cash Desk

Transaction Code PFCJ

Goto -> Fee Calculation

Transaction Code PQ_FEE_CALC

Goto -> Program Content

Activity MB04

Goto -> Equivalency Determination

Transaction Code PIQED

Goto -> Ac. Work Overview

Object P_CM_PROC / Activity AW04

Goto -> Note Overview

Display Infotype 1707

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 14

Authorization Concept for SAP Student Lifecycle Management

11.2 Student Master Data The following table gives an overview of the authorizations required for the tab pages. Tab Page

Tab Page Description(Standard)

Required Authorities

PIQ1702

Personal Data

Infotype 1702

PIQ1703

Challenge

Infotype 1703

PIQ1704

Additional Data

Infotype 1704, 1701

PIQ1706

Fee Calculation Data

Infotype 1706

PIQ1718

Jobs

Infotype 1718

PIQALUMN

Alumnus

Infotype 1001/ Subtype *541

PIQBANK

Bank Data

BP Field Group 0009

PIQBPADD

Standard Address

BP Field Groups 0062-0089, 00920095, 0115, 0120, 0122-0128, 0139 – 0149

PIQBPADO

Address Overview

BP Field Groups 0060

PIQBPADU

Address Usage

BP Field Groups 0061

PIQBPIDN

Identification No.

BP Field Groups 0016, 0021

PIQCTOBJ

Contract Objects

BP Field Group 1532

PIQEXGR

Ext. Achievements

Infotypes 1719, 1721

PIQGRANT

Sponsor Data

BP Field Group 1324

PIQPAYMC

Payment Cards

BP Field Group 0020

PIQRELP

Related Persons

Infotype 1001/ Subtype *521

PIQSTUDY

Ind. Study Data

Infotypes 1705, 1001/*502, 1001 / *515

PIQVISA Visa/Residence Data Infotypes 1711/ 1712 Tab pages are hidden if the user is not authorized to display any field or Infotype on the tab page.

Navigation to Function

Required Authorizations

Student -> Student File

Transaction Code PIQST00

Goto -> Enhanced Object Description

Transaction Code PP01

Goto -> Maintain Business Partner

Transaction BP is not checked

Goto -> Note Overview

Infotype 1707

Goto -> Account Balance

Not applicable

Goto -> Account Data

Transaction Code CAA*

Utilities -> Change Student Number

Transaction Code PIQSTU1

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 15

Authorization Concept for SAP Student Lifecycle Management

11.2.1 Automatic creation of contract account and contract object master records The role SAP_CM_ACCOUNT_DATA_UPDATE is provided for automatic creation of account data. There are two ways of creating account data that is customized in T7PIQSWITCH with key STUDACCT + UPDRFCDEST. • If no value is maintained, the user itself will be used to create account data; • If a RFC destination is specified for this value, the user maintained in this RFC destination is used, we call it Technical User: o No Technical User: The user itself should have role SAP_CM_ACCOUNT_DATA_UPDATE. o Technical User: The user itself doesn’t need role SAP_CM_ACCOUNT_DATA_UPDATE. But the technical user needs it. • Please check role SAP_CM_ACCOUNT_DATA_UPDATE for the auth. Objects. 11.3 Function Modules for structural authorizations Function group RHGO contains function modules that are useful for the maintenance of structural profiles Function Module

Description

RH_GET_ORG_ASSIGNMENT

Get organizational assignment of user (via employee, position)

RH_GET_PERSON_FROM_USER

Assignment of a User to a Personnel Number

11.4 Tables relevant for authorization Table

Comment

T7PIQPROCESS

System table. Contains CM activities. Used in authorization object P_CM_PROC

TB031

Customizing table. Authorization relevant field groups for BDT objects

Related Content Please also visit the BPX discussion forum for general questions on Student Lifecycle Management •

https://www.sdn.sap.com/irj/sdn/forum?forumID=258

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 16

Authorization Concept for SAP Student Lifecycle Management

Copyright © Copyright 2008 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. These materials are provided “as is” without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages. Any software coding and/or code lines/strings (“Code”) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent.

SAP DEVELOPER NETWORK | sdn.sap.com © 2008 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 17