The definition and allocation of roles and permissions is an important core of professional ERP systemssuch as SAP Business One. With their help, access authorisations can not only be granted formally, but can also be firmly integrated into operational processes and workflows. This means a high degree of transparency and legal certainty for organisations and employees.
The user in SAP Business One
The basis for controlling authorisations in SAP Business One is logically the user. Every person working with SAP Business One must be defined as a user. The user is recognised as such in SAP Business One and has the ability to log on to the system and execute functions. For this purpose, the user receives a user code and a password. This requires the acquisition of Named User Licenses licence. This means that each individual user licence corresponds to an employee of your own company.
User groups for controlling permissions
The user groups in SAP Business One have a superordinate character for authorisation control. The purpose of these is to assign authorisations to users with similar content using a common denominator. Based on this, the authorisations can then be defined differently for each individual user. However, the authorisation groups can also be used to control UI configuration templates, alarms or forms. It is also possible to transfer the rights of one group to the rights of any number of other groups
Authorisation concept
It is advisable for every company to create an authorisation concept. An authorisation concept is a precisely defined set of rules. It defines the access rights to the data and functions of an IT system. The individual processes for implementing the authorisation concept are also usually described. This applies, for example, to the creation and deletion of users and the requirements for password creation.
Basically, an authorisation concept is the result of individual consideration. If the rules are defined too strictly, this inevitably leads to a reduction in work efficiency. However, if the specifications of the concept are not strict enough, data security suffers. It is also important to bear in mind that, according to the GDPR, employees may only have access to the data that they absolutely need to carry out their work and for the purpose of the original data collection.
The general authorisations in SAP Business One
The authorisations of individual users can not only be managed from here, they can also be transferred to other users. The definition of user authorisations is largely based on the menu items in SAP Business One. SAP B1 distinguishes between three levels of authorisation:
- No authorisation (neither display nor editing)
- Full authorisation (display and editing)
- Authorisation to display
User authorisations can also be assigned recursively via a complete directory tree. In this way, the authorisation for a user can be defined on the basis of the module, such as Sales. All underlying authorisations for the functions of the module then adopt the set authorisation assignment.
Additional functions for assigning authorisations in SAP B1
If a user already has the corresponding rights, these can also be applied to other users who have the same area of responsibility, for example.
If you work with user-defined tables or objects on the system, for example, SAP Business One also offers the option of assigning them separate authorisations.