Compiling General Information

Objective

After completing this lesson, you will be able to identify scope items and collect additional information

Access the Scope Items

How to Access Scope Item Process Flows and Test Scripts for SAP S/4HANA Cloud, Public Edition for Public Sector

  1. Navigate to SAP Process Navigator.
  2. Choose the Solution Scenario tile.
  3. For all released countries, select SAP Best Practices for SAP S/4HANA Cloud Public Edition. Under Solutions Process, select Solutions for Specific Industries, choose Public Sector.
  4. Select the relevant scope item to locate scope item test scripts and process flows.

Access to the Business Roles Required for a Scope Item

Identity and Access Management

Identity and Access Management (IAM) enables you to control user access to apps and specify what business users can do and see in the apps. The main elements of IAM are business catalogs, business roles, and business users. Access to business apps is controlled by a role-based authorization management. That means you assign business roles to users and these business roles provide access to certain business tasks.

Infographic depicting how to access the business roles required to perform a scope item as described in the following text.
A Business Role is assigned to a Business User to provide access to business tasks.

One or more Business Catalogs have been assigned to the Business Role.

Administrators control visibility to data by applying General Restrictions to individual catalogs withing the Business Role.

One or more applications, displays, or other data access has been assigned to each Business Catalog.

Administrators control visibility to data within granted apps or other data access.

Access to business applications is controlled by role-based authorization management. You assign business roles to business users, and the roles provide access to business tasks. Business users are defined as employees, contractors, or other individuals that need access to the SAP S/4HANA Cloud system.

How to Find Business Roles for a Scope Item

  1. Navigate to SAP Process Navigator.
  2. In the Solution Scope section, expand the relevant scope item group.
  3. Select a scope item.
  4. Download the test script.
  5. Navigate to the Roles section of the test script.

A business role is assigned to a business user to grant permission to access applications in SAP S/4HANA Cloud.

One or more business catalogs have been assigned to a business role. Business catalogs include access to one or more applications, dashboards, or displays of data.

Administrators can control visibility to the data granted through the catalog by applying General Restrictions to Business Catalogs. By maintaining access restrictions, you can define the subset of all existing business objects a user can view (read) or edit (write) when working with a particular business role.

The business catalog defines which access categories are available (Value Help, Read, Write), and for which fields restriction values can be maintained. The fields vary per catalog, as they are based on the fields within the apps in the catalog. The business role aggregates restrictions for all business catalogs.

Administrators define a restriction based on a supported field (for example, company code, country, controlling area, and so on). Supported restriction fields vary with each business catalog, because they are based on the fields within the apps in the catalog. You can restrict data access for the Value Help, Read, and Write separately. Read access always includes Value Help access, and Write access always includes Read access.

How to Identify the Business Catalog Mapped to a Business Role, and the SAP Fiori application Mapped to a Business Catalog

  1. Log into the SAP S/4HANA Cloud system.
  2. Choose the Manage Business Roles app from the SAP Fiori Launchpad.
  3. Choose a business role.
  4. Choose the Assigned Business Catalogs tab to view the standard business catalogs assigned to the standard business role.
  5. Choose a business catalog.
  6. Choose the Catalog Description tab to view the Functional Description, Authorization Criteria, and Associated Catalogs information.
  7. Choose the Applications tab to view the SAP Fiori apps mapped to the business catalog.

Note

Do not edit SAP standard business roles directly. To customize business roles, always make a copy of the SAP Standard business role or use the Create From Template option in the Maintain Business Roles app.

To apply General Restrictions, an administrator should first make a copy of the SAP Standard Business Role, or create a new role based on the SAP standard business role template. For example, if you need to restrict access in the Accounts Payable Accountant Business Role for some users to only Company Code 1710 (United States), and for some users to only Company Code 1010 (Germany), you will create two new Business Roles based on the SAP Standard Accounts Payable Accountant role. You should name the roles accordingly (for example, Accounts Payable Accountant_1710).

In the first business role, you will edit the role and maintain the restriction value, or values, for the entire business role (that is, define the Company Code field = 1710). Then, you may edit the individual business catalogs within the role and define the access category (that is, Value Help, Read, Write) as Restricted. When you create a new business role, the Read access is set to Unrestricted and the Write access is set to No Access by default. When an access category is Restricted, you must select a specific field value (for example, Company Code = 1710) or grant unrestricted access. If you leave fields empty within a business catalog, a user will be assigned No Access to the field in the business catalog's granted apps.

Additional Sources of Information

Links to Recommended Resources

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn