Today, I go back into uncharted territory for me, so it’s kind of fun. Today’s lesson talks about creating authorization keys for a user status. I haven’t actually done this, but now that I know it’s possible, I’m rather interested in the possibility. The short story is that you can define keys to manually check authorization on setting certain statuses. This can be especially useful if only certain groups are allowed to reverse a status, or set something back to in progress after it’s been completed. By default, when the system sets a user status as a reaction to business transaction, it does not perform an authorization check. When you set or delete a user status, the system checks whether the user is authorized for this action. In addition to the status profile and the object type, the system also checks the authorization key assigned to the user status in question.
Here’s where you can find the menu path.
Now remember, at this stage you are only defining the keys (see the previous lesson if you want to see where to assign them).
Now, courtesy of SAP, here’s a pretty good tutorial on how to set this up.
You want to define that certain user statuses can be changed only by a specified employee group.
To do this, create an authorization key and assign it to the relevant user statuses.
In the general authorization maintenance you can then assign authorizations for this key via the authorization object B_USERSTAT.
1. Check whether you want to define authorizations for your user statuses.
2. If necessary, create authorization keys as follows:
a) Choose “New entries”.
b) Enter a key and an explanatory text in the appropriate fields and choose “Save”.
You have now created the authorization key.
3. Assign the authorization key to one or more user statuses in your status profile.
4. Define corresponding authorizations and include them in the relevant authorization profiles.
Thanks for reading.
There is also a link to some SAP Easy Buttons =)
Thanks for reading,
CTO – JaveLLin Solutions, LLC