Site Tools

User Tools


sapconnector:authorization_objects

ASPTAX SAP Integration Kit Authorization Framework

Authorization Objects

ASPTAX SAP Integration Kit default comes with the below set of authorization objects which enables the flexibility for the organizations to restrict the access & data display as per user permissions.

Company Code

  • Company code authorization object will be checked in all the places wherever data specific to a company code is getting displayed like ASPTAX Dashboard, ASP Monitor etc…
  • Users can view the data specific to the company codes for which user has the authorization to access.
  • By default standard authorization object J_B_BUKRS is used for this authorization check.
  • Customers can change the authorization object (which has similar set of parameters of J_B_BUKRS) as per their choice in the configuration erp_gstAuthObjects → AO_BUKRS

Business Place

  • Business Place authorization object will be checked in all the places wherever data specific to a Business Place is getting displayed like ASPTAX Dashboard, ASP Monitor etc…
  • Users can view the data specific to the Business Place for which user has the authorization to access.
  • By default standard authorization object J_1IEWTMIS is used for this authorization check.
  • Customers can change the authorization object (which has similar set of parameters of J_1IEWTMIS) as per their choice in the configuration erp_gstAuthObjects → AO_BUPLA

Plant (Only for E-Way Bill)

  • Plant authorization object will be checked in all the places wherever data specific to a plant is getting displayed in E-Way Bill Monitor
  • Users can view the data specific to the Plant for which user has the authorization to access.
  • By default standard authorization object M_MSEG_WA is used for this authorization check.
  • Customers can change the authorization object (which has similar set of parameters of M_MSEG_WA) as per their choice in the configuration erp_gstAuthObjects → AO_PLANT Plant Activity

Sales User

  • Sales User authorization object will be checked in all the places wherever data specific to Outward Supplies is getting displayed like ASP Monitor, Modification History, Counter Party Summary etc…
  • Users with the authorization of Sales User can only view the Outward Supplies related data.
  • By default this authorization is disabled.
  • Customer requires creating a custom authorization object and assign in the configuration to enable this authorization check.
  • This authorization object is controlled through the configuration erp_gstAuthObjects → AO_SALES

Procurement User

  • Procurement User authorization object will be checked in all the places wherever data specific to Inward Supplies is getting displayed like ASP Monitor, Modification History, Counter Party Summary etc…
  • Users with the authorization of Procurement User can only view the Inward Supplies related data.
  • By default this authorization is disabled.
  • Customer requires creating a custom authorization object and assign in the configuration to enable this authorization check.
  • This authorization object is controlled through the configuration erp_gstAuthObjects → AO_PURCHASE

Data Synchronization User

  • Data Synchronization User authorization object will be checked in all the places wherever Data Extraction, Data Upload to / Download from ASPTAX Cloud, Reprocessing of Data, Deletion of Data like ASP Monitor, Data Extractor, Data Upload to ASPTAX, Batch Status Download etc…
  • Users with the authorization of Data Synchronization User can only perform the extraction and data exchange activities with ASPTAX cloud.
  • By default this authorization is disabled.
  • Customer requires creating a custom authorization object and assign in the configuration to enable this authorization check.
  • This authorization object is controlled through the configuration erp_gstAuthObjects → AO_DATA_SYNC

Configuration Admin

  • Configuration Admin authorization object will be checked in all the places wherever integration kit configurations are made available for maintenance, log settings, log verification, scheduling of background jobs etc…
  • Users with the authorization of Configuration Admin can only maintain the configurations, view logs, and schedule jobs.
  • By default this authorization is disabled.
  • Customer requires creating a custom authorization object and assign in the configuration to enable this authorization check.
  • This authorization object is controlled through the configuration erp_gstAuthObjects → AO_ADMIN

Enable or Disbale Authorizations

  • All the ASPTAX SAP Integration Kit Authorizations can be controlled through the configuration manager.
  • Config group for authorization objects is erp_gstAuthObjects. Navigation to this configuration is enabled from ASPTAX Cockpit → Configuration → Authorization.

  • By selecting the active/inactive toggle, these authorizations can be enabled or disabled.

Controlling the Tabs Display in ASPTAX Cockpit

  • It is possible to configure the display restrictions to the tabs based on the above-mentioned authorization objects.
  • Following are the list of display control configuration parameters specific to each authorization object
    • Sales User → SALES_TAB
    • Data Sync User → DATA_SYNC_TAB
    • Procurement User → PURCH_TAB
    • Admin User → ADMIN_TAB
  • Following are the list of Tab Indicators that can be used in comma separated against the above parameters to enable or disable the tabs display.
    • AD - ASP Dashboard
    • AC - ASP Cockpit
    • CF - Configurations
    • AL - Audit Logs
    • SJ - Scheduled Jobs
  • Refer the below screen for sample configuration

Authorization Matrix

Below authorization matrix gives a quick overview of the impact of each authorization object on the access of different features made available in the SAP Integration Kit. This will help the customer security team to plan the roles as per the organization & user hierarchy applicable to their organization.

Applicability of Authorization Object
Report Company Code Business Place Sales Purchases Admin Data_sync EWB Plant
ASPTAX Cockpit (Landing Screen) Yes Yes Yes Yes Yes Yes
Dashboard X X X X X X
ASP Cockpit X X X X
Configuration X
Audit Log X
Schedule Jobs X
ASP Monitor Yes Yes Yes Yes No Yes
Company Code Node X
Business Place Node X X
Outward Supplies Node X
Inward Supplies Node X
Process Data X
Get Status X
Get Batch Status X
Mismatch Summary Report X X X
Download Data X
Delete Data X
E-Way Bill Monitor Yes Yes Yes
Company Code Node X X
Business Place Node X X
Outward Node Yes
Supply X
Export X
SKD/CKD X
Job Work X
Recipient not known X
For own use X
Exhibition or Fairs X
Line Sales X
Others X
Inward Node Yes
Supply X
Import X
SKD/CKD X
Job Work Returns X
Sales Return X
Exhibition or Fairs X
For own use X
Others X
Generate e-Way Bill X
Data Extraction Yes Yes No No No Yes
Upload Data to ASP Yes Yes No No No Yes
Download Batch Status Yes Yes No No No Yes
Download ASP Doc. Status Yes Yes No No No Yes
Download Return Status Yes Yes No No No Yes
Download ASP Modif. Summary Yes Yes No No No Yes
Download Filing Summary Yes Yes No No No Yes
ASP Document Status Report Yes Yes Yes Yes No No
Mismatch Summary Report Yes Yes Yes Yes No No
Modification History & Process Yes Yes Yes Yes No No
Counterparty Summary Yes Yes Yes Yes No No
Statewise Summary Yes Yes Yes Yes No No
GST Tax Ledger Yes Yes Yes Yes No No
Batch Summary No No No No No Yes
ODN Numbering series Yes Yes Yes Yes No No
Update Counter Party Data No No No No No Yes
Nil Summary Yes Yes Yes Yes No No
B2CS Summary Yes Yes Yes Yes No No
HSN Summary Yes Yes Yes Yes No No
GSTR1 Summary Yes Yes Yes No No No
GSTR2 Summary Yes Yes No Yes No No
Configurations No No No No Yes No
Audit Log Reports No No No No Yes No
Schedule Jobs No No No No Yes No
Schedule Jobs Summary Report No No No No Yes No

Defining Authorization Objects

  • Go to TCode SU21
  • Create Auth. Object Class “YATH”. This is just an example name and can be given any as per the customer naming standards

  • Create the authorization objects as below. The names are illustrative only and the customer can give any name as per their standards. These authorization objects to be configured in the authorization configurations mentioned above.

Example Role Definitions

For easy understanding of defining the roles in your organization related to ASPTAX, you can refer the below sample roles by grouping the relevant Auth. Objects.

  • ASPTAX Admin - Add the authorization objects as below
    • Sales Auth. Object
    • Purchase Auth. Object
    • Data Sync. Auth. Object
    • Admin Auth. Object
  • Data Sync. Admin - Add the authorization objects as below
    • Sales Auth. Object
    • Purchase Auth. Object
    • Data Sync. Auth. Object
  • Sales Admin
    • Sales Auth. Object
  • Procurement Admin
    • Purchase Auth. Object
  • Plant Authorization
    • Plant Auth. Object

In addition to the above roles, you need to assign the company code and business place authorization objects by configuring the required Company Codes / Business Places as per your organization needs.

Last modified: 2018/07/18 13:16 by chekri