SAP S/4HANA Cloud, public edition, is a comprehensive cloud-based ERP solution that assists businesses in streamlining their operations and making informed decisions. It offers various features and functionalities to help manage multiple aspects of business operations.
Authorization Concept
Authorization within SAP S/4HANA Cloud, public edition, refers to controlling access to specific functionalities, data, and applications. This ensures that only authorized users can access relevant information and processes, safeguarding against unauthorized access and maintaining data security. The authorization concept is based on the principle of least privilege, wherein users are granted the minimum access rights.
The authorization concept encompasses role-based access control, user management, and segregation of duties, thus forming the foundation of a secure and compliant ERP environment.
Elements of the Authorization Concept
The following graphic illustrates the elements of the authorization concept:
- A Business User is an employee, contractor, administrator or anyone who can log on to the SAP S/4HANA Cloud, public edition, and needs to complete relevant business tasks. This person needs access to data to fulfill their tasks, but only the necessary data access is required for these specific tasks.
- A Business Role is a collection of access rights that can be assigned to Business Users.
- Business Apps are designed to streamline various business processes, such as financial management, procurement, sales, and human resources.
- A Business Catalog is a set of applications that usually belong together semantically.
Administrators Actions
The administrator role within SAP S/4HANA Cloud is pivotal in overseeing the system's configuration, security, and overall functionality. Administrators are crucial in managing user access, defining business roles, and configuring system settings, among other responsibilities.
The administrator assigns business roles to Business Users. In addition to this action, administrators use restrictions to define what a Business User can view (read) or edit (write) with the information/functionality granted per each business catalog within the assigned business role.
Summary
You are now familiar with authorization and its fundamental components: Business Users, business roles, business catalogs, and apps. You can also list administrator high-level actions: assigning and restricting.