Overcome Security Challenges with Customizations in mySAP SRM

  • by Maria Nikolova, SAP Senior Expert, National Electricity Company
  • March 15, 2007
Find out about the minimal authorization customizations that you must implement in mySAP Supplier Relationship Management (SRM) so employees can browse online catalogs, create a shopping cart, and check its status when procuring supplies. In addition, learn how to configure the system so SRM managers can approve or reject shopping carts.
Key Concept
mySAP SRM uses authorization objects and their respective authorization fields to enact data security. An authorization object groups together up to 10 authorization fields to check whether a user is allowed to perform an action. The authorization fields’ values ensure the user’s access to sensitive information in the system. An authorization class groups authorization objects logically. Some examples of authorization classes are AAAB for cross-application authorization objects, HR for Human Resources, and BC_A for grouping Basis administration objects. Authorization profiles contain authorizations, which the system identifies by using the name of an authorization object and the name of an authorization.
mySAP Supplier Relationship Management (SRM) facilitates the coordination of your business processes with your key suppliers. It enables you to work more effectively with your vendor pool to optimize your procurement strategy. However, SRM security can be a significant challenge to your enterprise. Security is not only a technical issue, but a business issue, too. Consequently, you must be sure that the right people have the right permissions in the application business systems.

I’ll explain which customizations you must implement in mySAP SRM to allow employees to shop online for business needs. Then I will detail the customizations you must implement to enable managers to review employee purchases and reject or approve them prior to finalizing the E-Procurement process. The authorization objects I’ll discuss include:

  • S_TCODE: Transaction code check at transaction start (authorization class AAAB)

  • PLOG: Personnel Planning (authorization class HR)

  • C_DML: Data Manipulation Language (DML) object type (authorization class BC_A)

My example scenario includes the minimum authorizations that the employee role requires for the rights to shop online, check the shopping cart status, and accept manager changes to the shopping cart. I’ll also discuss the minimum authorizations for the manager role. You must make all of these role changes in the development system.

Maria Nikolova

Maria Nikolova has worked as a senior SAP expert for the National Electricity Company (NEK) in Bulgaria since January 1999. Maria has a master’s degree in telecommunications as an engineer from the Technical University in Sofia, Bulgaria. She has experience with an MIS project implementation of SAP R/3 (headquarters and rollout), the authorization concept and user administration, SAP Customer Competence Center (SAP CCC) , SRM, and the SD, HR, CO, Asset Management (AM), MM, and PM modules. Prior to joining NEK, she worked as a manager of Equipment Engineering Ltd. for four years.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.