sapconnector:authorization_objects
Table of Contents
ASPTAX SAP Integration Kit Authorization Framework
Authorization Objects
ASPTAX SAP Integration Kit default comes with the below set of authorization objects which enables the flexibility for the organizations to restrict the access & data display as per user permissions.
Company Code
- Company code authorization object will be checked in all the places wherever data specific to a company code is getting displayed like ASPTAX Dashboard, ASP Monitor etc…
- Users can view the data specific to the company codes for which user has the authorization to access.
- By default standard authorization object J_B_BUKRS is used for this authorization check.
- Customers can change the authorization object (which has similar set of parameters of J_B_BUKRS) as per their choice in the configuration
erp_gstAuthObjects → AO_BUKRS
Business Place
- Business Place authorization object will be checked in all the places wherever data specific to a Business Place is getting displayed like ASPTAX Dashboard, ASP Monitor etc…
- Users can view the data specific to the Business Place for which user has the authorization to access.
- By default standard authorization object J_1IEWTMIS is used for this authorization check.
- Customers can change the authorization object (which has similar set of parameters of J_1IEWTMIS) as per their choice in the configuration
erp_gstAuthObjects → AO_BUPLA
Plant (Only for E-Way Bill)
- Plant authorization object will be checked in all the places wherever data specific to a plant is getting displayed in E-Way Bill Monitor
- Users can view the data specific to the Plant for which user has the authorization to access.
- By default standard authorization object M_MSEG_WA is used for this authorization check.
- Customers can change the authorization object (which has similar set of parameters of M_MSEG_WA) as per their choice in the configuration erp_gstAuthObjects → AO_PLANT Plant Activity
Sales User
- Sales User authorization object will be checked in all the places wherever data specific to Outward Supplies is getting displayed like ASP Monitor, Modification History, Counter Party Summary etc…
- Users with the authorization of Sales User can only view the Outward Supplies related data.
- By default this authorization is disabled.
- Customer requires creating a custom authorization object and assign in the configuration to enable this authorization check.
- This authorization object is controlled through the configuration
erp_gstAuthObjects → AO_SALES
Procurement User
- Procurement User authorization object will be checked in all the places wherever data specific to Inward Supplies is getting displayed like ASP Monitor, Modification History, Counter Party Summary etc…
- Users with the authorization of Procurement User can only view the Inward Supplies related data.
- By default this authorization is disabled.
- Customer requires creating a custom authorization object and assign in the configuration to enable this authorization check.
- This authorization object is controlled through the configuration
erp_gstAuthObjects → AO_PURCHASE
Data Synchronization User
- Data Synchronization User authorization object will be checked in all the places wherever Data Extraction, Data Upload to / Download from ASPTAX Cloud, Reprocessing of Data, Deletion of Data like ASP Monitor, Data Extractor, Data Upload to ASPTAX, Batch Status Download etc…
- Users with the authorization of Data Synchronization User can only perform the extraction and data exchange activities with ASPTAX cloud.
- By default this authorization is disabled.
- Customer requires creating a custom authorization object and assign in the configuration to enable this authorization check.
- This authorization object is controlled through the configuration
erp_gstAuthObjects → AO_DATA_SYNC
Configuration Admin
- Configuration Admin authorization object will be checked in all the places wherever integration kit configurations are made available for maintenance, log settings, log verification, scheduling of background jobs etc…
- Users with the authorization of Configuration Admin can only maintain the configurations, view logs, and schedule jobs.
- By default this authorization is disabled.
- Customer requires creating a custom authorization object and assign in the configuration to enable this authorization check.
- This authorization object is controlled through the configuration
erp_gstAuthObjects → AO_ADMIN
Enable or Disbale Authorizations
- All the ASPTAX SAP Integration Kit Authorizations can be controlled through the configuration manager.
- Config group for authorization objects is erp_gstAuthObjects. Navigation to this configuration is enabled from
ASPTAX Cockpit → Configuration → Authorization.
- By selecting the active/inactive toggle, these authorizations can be enabled or disabled.
Controlling the Tabs Display in ASPTAX Cockpit
- It is possible to configure the display restrictions to the tabs based on the above-mentioned authorization objects.
- Following are the list of display control configuration parameters specific to each authorization object
- Sales User → SALES_TAB
- Data Sync User → DATA_SYNC_TAB
- Procurement User → PURCH_TAB
- Admin User → ADMIN_TAB
- Following are the list of Tab Indicators that can be used in comma separated against the above parameters to enable or disable the tabs display.
- AD - ASP Dashboard
- AC - ASP Cockpit
- CF - Configurations
- AL - Audit Logs
- SJ - Scheduled Jobs
- Refer the below screen for sample configuration
Authorization Matrix
Below authorization matrix gives a quick overview of the impact of each authorization object on the access of different features made available in the SAP Integration Kit. This will help the customer security team to plan the roles as per the organization & user hierarchy applicable to their organization.
| Applicability of Authorization Object | ||||||||
|---|---|---|---|---|---|---|---|---|
| Report | Company Code | Business Place | Sales | Purchases | Admin | Data_sync | EWB Plant | |
| ASPTAX Cockpit (Landing Screen) | Yes | Yes | Yes | Yes | Yes | Yes | ||
| Dashboard | X | X | X | X | X | X | ||
| ASP Cockpit | X | X | X | X | ||||
| Configuration | X | |||||||
| Audit Log | X | |||||||
| Schedule Jobs | X | |||||||
| ASP Monitor | Yes | Yes | Yes | Yes | No | Yes | ||
| Company Code Node | X | |||||||
| Business Place Node | X | X | ||||||
| Outward Supplies Node | X | |||||||
| Inward Supplies Node | X | |||||||
| Process Data | X | |||||||
| Get Status | X | |||||||
| Get Batch Status | X | |||||||
| Mismatch Summary Report | X | X | X | |||||
| Download Data | X | |||||||
| Delete Data | X | |||||||
| E-Way Bill Monitor | Yes | Yes | Yes | |||||
| Company Code Node | X | X | ||||||
| Business Place Node | X | X | ||||||
| Outward Node | Yes | |||||||
| Supply | X | |||||||
| Export | X | |||||||
| SKD/CKD | X | |||||||
| Job Work | X | |||||||
| Recipient not known | X | |||||||
| For own use | X | |||||||
| Exhibition or Fairs | X | |||||||
| Line Sales | X | |||||||
| Others | X | |||||||
| Inward Node | Yes | |||||||
| Supply | X | |||||||
| Import | X | |||||||
| SKD/CKD | X | |||||||
| Job Work Returns | X | |||||||
| Sales Return | X | |||||||
| Exhibition or Fairs | X | |||||||
| For own use | X | |||||||
| Others | X | |||||||
| Generate e-Way Bill | X | |||||||
| Data Extraction | Yes | Yes | No | No | No | Yes | ||
| Upload Data to ASP | Yes | Yes | No | No | No | Yes | ||
| Download Batch Status | Yes | Yes | No | No | No | Yes | ||
| Download ASP Doc. Status | Yes | Yes | No | No | No | Yes | ||
| Download Return Status | Yes | Yes | No | No | No | Yes | ||
| Download ASP Modif. Summary | Yes | Yes | No | No | No | Yes | ||
| Download Filing Summary | Yes | Yes | No | No | No | Yes | ||
| ASP Document Status Report | Yes | Yes | Yes | Yes | No | No | ||
| Mismatch Summary Report | Yes | Yes | Yes | Yes | No | No | ||
| Modification History & Process | Yes | Yes | Yes | Yes | No | No | ||
| Counterparty Summary | Yes | Yes | Yes | Yes | No | No | ||
| Statewise Summary | Yes | Yes | Yes | Yes | No | No | ||
| GST Tax Ledger | Yes | Yes | Yes | Yes | No | No | ||
| Batch Summary | No | No | No | No | No | Yes | ||
| ODN Numbering series | Yes | Yes | Yes | Yes | No | No | ||
| Update Counter Party Data | No | No | No | No | No | Yes | ||
| Nil Summary | Yes | Yes | Yes | Yes | No | No | ||
| B2CS Summary | Yes | Yes | Yes | Yes | No | No | ||
| HSN Summary | Yes | Yes | Yes | Yes | No | No | ||
| GSTR1 Summary | Yes | Yes | Yes | No | No | No | ||
| GSTR2 Summary | Yes | Yes | No | Yes | No | No | ||
| Configurations | No | No | No | No | Yes | No | ||
| Audit Log Reports | No | No | No | No | Yes | No | ||
| Schedule Jobs | No | No | No | No | Yes | No | ||
| Schedule Jobs Summary Report | No | No | No | No | Yes | No | ||
Defining Authorization Objects
- Go to TCode SU21
- Create Auth. Object Class “YATH”. This is just an example name and can be given any as per the customer naming standards
- Create the authorization objects as below. The names are illustrative only and the customer can give any name as per their standards. These authorization objects to be configured in the authorization configurations mentioned above.
Example Role Definitions
For easy understanding of defining the roles in your organization related to ASPTAX, you can refer the below sample roles by grouping the relevant Auth. Objects.
- ASPTAX Admin - Add the authorization objects as below
- Sales Auth. Object
- Purchase Auth. Object
- Data Sync. Auth. Object
- Admin Auth. Object
- Data Sync. Admin - Add the authorization objects as below
- Sales Auth. Object
- Purchase Auth. Object
- Data Sync. Auth. Object
- Sales Admin
- Sales Auth. Object
- Procurement Admin
- Purchase Auth. Object
- Plant Authorization
- Plant Auth. Object
In addition to the above roles, you need to assign the company code and business place authorization objects by configuring the required Company Codes / Business Places as per your organization needs.
Last modified: 2018/07/18 13:16 by chekri