Access restrictions in SAP Business ByDesign

02.05.2017

Why are access restrictions advisable?

The access restriction is recommended in many cases when it comes to protecting sensitive data and processes in the company. In the same way, you can resolve conflicts arising after assigning access rights.

Nevertheless, an employee should not be thwarted in his daily work as a result of restrictive access rights. Ideally, the access rights are adapted so that a high level of security is ensured, with minimum disruption to work efficiency on the part of the application user at the same time.

Where can I view access rights?

Access rights are set in the “User and Access Management” view of the “Application and User Management” workcenter in SAP Business ByDesign.

In the window that appears, enter the name or technical code of the application user (e.g. Schmitz) and confirm with “Start”. The application user is now displayed to you a little further down in list form. If you have several application users with the same name, you need to select the one you require from the list. Click on “edit” and then “Access Rights”.

You can now edit the “Access Rights” view: Username”. Click on the “Access Restrictions” tab here.

Restrictions to read and write access

You can now see a list of all work centers. You can restrict the read and write access for each assigned work center view. By setting the read and write access, you also define the access rights for all activities that are assigned to the authorization concept of the work center view.

At the top of the list select the required work center in which you wish to restrict rights. In the right of the drop-down menu, select whether you wish to edit read access or write access. You can choose between the options: “Restricted”, “No Access” and “Unrestricted”.

In our example, we shall restrict the write access to the “Customers” view in the “Customer Management” work center, as can be seen in the screenshot. Here the application user Schmitz now no longer has any write access to the customer data and so can only view content, but not change it.

As sole exception, our application user has write access to the data of the customer Josef Janson and could change e.g. the name or email address here.

Checking the consistency of access rights

Finally, the consistency of the set read and write access should be checked. This ensures the effectiveness of the restrictions. An inconsistent rights assignment can typically result in the restrictions being ineffective and is thus useless or even dangerous.

Click on “Actions” via the tab and select “Check Access Rights Consistency” in the drop-down menu that appears.

Then select “All Inconsistencies” under displays and confirm by clicking on “Click here to execute the query”.

Inconsistent rights assignments will be displayed in the list below these selection fields. We recommend tidying up inconsistencies and performing the check again so as to ensure an adequate and effective rights assignment.