Authorisation on documents – Data Ownership Authorisation and Exception
Hi to all…
I write this little blog post about how to define permissions for viewing documents of sale / purchase by users.
I use this blog post as a notepad (my memory is leaving 😉 ) and hoping that it will be useful to other users of the forum.
First of all my system configuration (test and production env):
sap b1 8.82 PL05
mssql 2005 no istance name
23 sap users
then, the prerequisites:
- Each BP MUST have the sales agent defined and selected
- Each SAP users MUST have:
- an active user (obviously…)
- a record in the master Human Resource
- a sales agent set.
set up the system so that the USER_A can only see the sale/purchase documents of customers/suppliers assigned to him. In other words:
- BP_1 with sales agent USER_A
- BP_2 with sales agent USER_B
USER_A can only see the sales/purchase document of the BP_1. If USER_A select Eg a sales document (search by docnum..) of BP_2 => Error message.
My procedure, actually working in production env:
Ok.. . .
- I created for each sap user a sales agent
- Moreover, for each sap user , I created a record in the Human Resource Master Data.
- From Huma Resource Master Data, for each record of the sap user, we must set the User Code = Sap User Name and set the Sales Employee = Sales agent
- E.g. Mr. Franco Rossi have:
- SAP USER NAME => franco
- SAP SALES AGENT => franco rossi
- SAP HR record => rossi franco
- In Huma Resource Master Data, the record of rossi franco must have set the user code => franco and the sales employes => franco rossi.
- E.g. Mr. Franco Rossi have:
Ok. Now a little explanation about the Data Authoriations Ownership and Data Ownership Exception.
Super User can see everthing (obviously..). The other user will see the docuemnts for wich they are Header Owner and / or rows owner, depending on settings in the Data Ownership Exception.
Well.. In data Ownership Exception => Objects Panel, for each document you must set the filter type:
- No filtering => all users can see all documents
- By Header and row owner => The document can be viewed only by the header owner and / or the row owner
- By Header Only => The document can be viewed only by the header owner.
After that, If you enable the flag “ENABLE OWNERSHIP FILTRATION” in Data Ownership Exception, users will be able to see (for documents for which the rules have been set in the previous step) only the documents for which they are the owners.
A small clarification. if you need to have a user who can see other users’ documents, but can not be a super user (eg: the secretary who enter sales orders for the agent etc etc) , well you can reach the goal with the TEAM section in Human Resource Master Data. (HR Master data =>Membership Panel => on teh right.. team selection).
I do it in this way. For each Sales Agent, I created a “SALES_TEAM” with sales agent name and the sales agent is the Leader of that team.
For the… “Secretary… 😐 ” I created a “SALES_SECRETARY _TEAM” and the secretary is:
- the leader for the SALES_SECRETARY_TEAM
- She is a member of each SALES_TEAM for which she must be able to view documents
- In the Data Ownership Authorisation, under the TEAM COLUMN, set FULL for the document you want to share
And that’s all…
If you need more explanation or help… You can post a comment here o write me a message..
Sorry for my english… it’s so bad….
have a nice day