An app is assigned to a business catalog. This means, a business catalog is a set of applications that usually belong together semantically.
SAP delivers predefined business catalogs that can be used as they are or extended by adding custom apps.
All available business catalogs and the apps that they contain can be displayed in the Business Catalogs app. In this app, you can also see whether business catalogs are deprecated. If custom applications need to be added to business catalogs, you can do this in the Custom Catalog Extension app.
A business catalog also contains access restrictions that apply to the value help, and read and write access of the apps. An overview of all restrictions and their use in business catalogs can be displayed in the Display Restrictions app.
Identifying the Elements in the Authorization Concept
The authorization concept can be broken down into the following elements:
- A business role is assigned to a business user to provide access to business tasks.
- One or more business catalogs are assigned to the business role. Administrators control visibility to data by applying general restrictions to individual catalogs within the business role.
- One or more applications, displays, or other data access are assigned to each business catalog. Administrators can control visibility to data within granted apps or other data access.
David: "I just had a short call with Sarah to ask her a few questions after reviewing the elements of the Authorization Concept. Here is her answer, and it is quite useful for my future job!"
- A Business role (for example, sales manager) is assigned to a business user to grant permission to access applications in SAP S/4HANA Cloud, public edition.
- A business role can include one or more business catalogs (for example, sales order processing).
- Business catalogs provide access to one or more apps, dashboards, displays of data, or functionality.
- Administrators can control visibility to the information/functionality granted through a business catalog by applying restrictions (for example, based on sales organization).
- Restrictions allow you to define what a business user can view (read) or edit (write) with the information/functionality granted per each business catalog within the assigned business role.
You are now familiar with the authorization concept and its key principles.
You are able to briefly respond if a new employee asks you basic questions.