The definition and allocation of roles and permissions is an important core of professional ERP systemssuch as SAP Business One. With their help, access authorisations can not only be granted formally, but they can also be integrated into operational processes and procedures. This means a high degree of transparency and legal certainty for organisations and employees.
The user in SAP Business One
The basis for controlling authorisations in SAP Business One is logically the user. Every person working with SAP Business One is to be defined as a user. The user is recognised as such in SAP Business One and has the ability to log on to the system and execute functions. For this purpose, the user receives a user code and a password. This requires the acquisition of Named User Licenses presupposed. This means that each individual user licence corresponds to an employee of one's own company.
User groups for controlling permissions
The user groups in SAP Business One have a superordinate character for authorisation control. The purpose of these is to assign authorisations to users with similar content via a uniform denominator. Based on this, the authorisations for each individual user can be defined differently. However, the authorisation groups can also be used to control UI configuration templates, alarms or forms. It is also possible to transfer the rights of one group to the rights of any number of other groups.
Authorisation concept
It is advisable for every company to create an authorisation concept. An authorisation concept is a precisely defined set of rules. It defines the access rights to the data and functions of an IT system. Furthermore, the individual processes for implementing the authorisation concept are usually described. This applies, for example, to the creation and deletion of users and the requirements for password creation.
Basically, an authorisation concept is the result of an individual consideration. If the rules are defined too strictly, this inevitably leads to an impairment of work efficiency. However, if the specifications of the concept are not strict enough, data security suffers. Moreover, it must be taken into account that according to the GDPR, employees may only have access to the data that they absolutely need to perform their job and for the purpose of the original data collection.
The general authorisations in SAP Business One
The authorisations of the individual users can not only be managed from here, they can also be transferred to other users. The definition of user authorisations is largely based on the menu items of SAP Business One. SAP B1 distinguishes between three levels of authorisation:
- No authorisation (neither display nor editing)
- Full authorisation (display and editing)
- Authorisation to display
User permissions can also be assigned recursively over a complete directory tree. In this way, the authorisation for a user can be set based on the module, such as Sales. All underlying rights of the module's functions then take over the set rights assignment.
Additional functions for the assignment of authorisations in SAP B1
If a user already has appropriately set rights, these can also be adopted for other users who, for example, have the same task area.
If, for example, you operate with user-defined tables or objects on the system, SAP Business One also offers the option of providing these with separate authorisations.