Discovering Main Principles of User Maintenance

Objectives

After completing this lesson, you will be able to:

  • Describe the business user concept in SAP Identity Access Management (IAM) under SAP S/4HANA Cloud, public edition
  • Describe the authorization concept in depth

Business User Concept

Sarah: "I just sent an email to David before our meeting with background information about the User Master Record and Business User concepts. It's also time for him to dig into the authorization concept so that he can expand his understanding of his role as IAM Admin!"

User Master Record

Historically, access to an SAP system required that a user has a user master record. The user master record provided a place to define the basic context for a user, such as their user ID, first name, last name, phone number, email address, and so on. The user master record was also where an administrator assigned the user their security roles, which controlled the business actions that the user is authorized to perform, for example, creating a vendor or initiating a payment.

At the functional level, each user also interacted with applications in the context of one or more business processes. In sales, for example, a customer may be associated with a specific sales organization, distribution channel, and division. A business partner definition was used to provide a link to the application specific context required to perform a specific business function through an associated business partner role. However, the business partner and business partner role assignment were maintained separately from the user master record, in a different application.

Business User Concept

With the release of SAP S/4HANA, SAP introduced the business user concept. The business user represents a new identity model for the user in the SAP application, which integrates the business partner concept with the user master record. Specifically, a business user is defined as a natural person, who is represented in the application by a business partner, and who is linked to the SAP system by a user ID.

To support this new identity model, SAP S/4HANA Cloud, public edition comes with a simplified creation process for defining the business user and the worker. The new process provides the tools to manage the lifecycle of the user, as well as enhanced functionalities, such as the ability to create a worker without assigning a company code and cost center, or the possibility to create multiple work agreements. The overall aim is to ensure a faster and more unified SAP S/4HANA Cloud, public edition onboarding process.

For SAP S/4HANA Cloud, public edition, an end user is required to be registered as a worker in the organization. The worker is then linked to the system as a business user to log into the system to utilize the actual applications.

Authorization Concept In Detail

See the following video for more information on the authorization concept.

Summary

You just gained a basic understanding of the Authorization concept.

Now you are ready to explore IAM apps and will be able to link them to the Authorization concept from the perspective of your Admin role.

In the next lessons, you will learn about:

  • The Manage Workforce app and how to create the worker and edit your workforce
  • The Maintain Business User app and how to assign a business user to your worker
  • Other apps or sub-apps that are crucial to operate properly as IAM Administrator

Log in to track your progress & complete quizzes