2.8. Authorisation objects

Note1: Each client will create its own roles and decide which authorization objects to assign to each User/Rol. In any case, it is recommended that the deployment team has the ZESI_ADM authorization object in the development environment. It is also recommended that in the production environment the ZESI_ADM authorization object is assigned to selected users, as it allows any action to be performed on the product. The other authorization object (ZESI_CONCI) can be assigned to users according to the tasks to be performed by each of them.

Solution B+Concilia has 2 authorization objects. They can be accessed via transaction SU21, folder ZESI.

Standard authorization objects for menu GOS: S_OC_ROLE.

View in B+SII:

Object Authorization

Description

Parameters

ZESI_ADM

Authorization object administrator. The user who is assigned a role with this authorization object will have all the necessary permissions to execute the complete Concilia product.

BUKRS: Company. In the role to which this authorization object is assigned, you must specify for which company codes you have authorization. Since it is an administrator object, it could have authorization for all company codes.

ZESI_CONCI

Object of Authorization for Conciliation. The user who has this object will have permissions to create and/or view reconciliations.

BUKRS: Company. When this object is added to a role, you must specify for which company codes you want to give authorization.
Activity: When a role has this object you must indicate which activities you want to authorize. The activities related to this authorization object are as follows:

Activity '03' - Display. With this activity the user is given authorization to read the reconciliation information of the company codes to which he has access.
Activity '02' - Change. This activity authorizes the user to create and resume reconciliation of the company codes to which he has access.