An app is assigned to a business catalog. This means, a business catalog is a set of applications that usually belong together semantically.
SAP delivers predefined business catalogs that can be used as they are or extended by adding custom apps.
All available business catalogs and the apps that they contain can be displayed in the Business Catalogs app. In this app, you can also see whether business catalogs are deprecated. If custom applications need to be added to business catalogs, you can do this in the Custom Catalog Extension app.
A business catalog also contains access restrictions that apply to the value help, and read and write access of the apps. An overview of all restrictions and their use in business catalogs can be displayed in the Display Restrictions app.
Identifying the Elements in the Authorization Concept
The authorization concept can be broken down into the following elements:
- A business role is assigned to a business user to provide access to applications.
- One or more business catalogs are assigned to the business role. Administrators control write and read access by maintaining restrictions contained in the assigned catalogs within the business role.
- Catalogs contain apps, access to data, or access to configuration steps. Catalogs carry restriction types with different access categories (write, display, or value help) that can be maintained to control access within the apps and accesses within the catalog.
David: "I just had a short call with Sarah to ask her a few questions after reviewing the elements of the Authorization Concept. Here is her answer, and it is quite useful for my future job!"
- A Business role (for example, sales manager) is assigned to a business user to grant permission to access applications in SAP S/4HANA Cloud, public edition.
- A business role can include one or more business catalogs (for example, sales order processing).
- Business catalogs provide access to one or more apps, dashboards, displays of data, or functionality.
- Administrators can control write and read access to the data and functionality granted through the assignment of a business catalog by maintaining the restrictions (for example sales organization).
- Restrictions allow you to define what a business user can view (read) or edit (write) with the information/functionality granted per each business catalog within the assigned business role.
Summary
You are now familiar with the authorization concept and its key principles.
You are able to briefly respond if a new employee asks you basic questions.