Authorisation (Roles design)
The authorisation concept and approach varies considerable between different organisations.
Promenta provides the information below as a guide only – the organisation must review their specific approach and adapt as required.
Below are a set of “user-types” that would be required in a typical implementation. Some groups may be combined depending on specific requirements
For more information on individual transactions please search via transaction code.
NOTE : Along with the mentioned Promenta transactions some SAP transactions may also be required such as SM30, SE16 etc depending on the use-case.
Requesters/Initiators
User Type description : These users start requests via the web interface (only). The enter data and submit requests for approval. SAPGui access is not required
SAPGui access : not required
Transactions : none
Approvers/Validators
User Type description : These users approve or validate a request. They access the request via their Inbox or email links. They only see request that have been specifically to routed to them. They cannot check the status of other requests.
SAPGui access : not required
Transactions : none
Team Leaders/Process owners
User Type description : These users need to monitor the requests that are in the system. They may be monitoring for their team or for all requests. They may want to check status of requests.
The team leader may want to cancel requests, redirect requests to other approvers or open requests to view content.
The team leader is able to assign users to the approval hierarchy
SAPGui access : Yes
Transactions :
/PROMENTA/WS_AGE_REP | Ageing report | This report shows the current and historic requests and the corresponding status. No changes are possible. Detail about each request is also available |
/PROMENTA/WFRM_ANYSR | Analyser | This report shows current status and enables changes such as request cancellation, request forwarding and opening requests in display-mode. This is a powerful transaction and should be assigned with caution. |
/PROMENTA/WF_RESP_01 | Workflow responsibility | Several detail transactions are available – please refer to detailed documentation This transaction enables the user to attach users (approvers) into the approval matrix. Changes to the matrix structure are not possible. |
Configuration team
User Type description : These users make settings changes to the solution and also configure the approval matrix. These changes are only made in development systems.
SAPGui access : Yes
Transactions :
/PROMENTA/DEC_TREEV3 | Decision Tree | This tool is used to configure the settings for most Promenta solutions. Additional SAP authorisations such as ability to save to a transport are required |
/PROMENTA/WFCP | Promenta workbench | This tool allows testing of requests and some changes of parameters. |
Support team (Level 2 )
User type description : These users are in second line support and receive problem tickets and incidents to resolve.
They would use a range of standard SAP transactions for checking aspects of the SAP system such as workflow, basis etc
SAPGui access : Yes
Transactions :
/PROMENTA/DEC_TREEV3 | Decision Tree | This tool is used to configure the settings for most Promenta solutions. In production it would be used in a display-only way. |
/PROMENTA/WFCP | Promenta workbench | This tool allows testing of requests and some changes of parameters. |
/PROMENTA/WFRM_ANYSR | Analyser | This report shows current status and enables changes such as request cancellation, request forwarding and opening requests in display-mode. This is a powerful transaction and should be assigned with caution. |
/PROMENTA/WF_RESP_01 | Workflow responsibility | Several detail transactions are available – please refer to detailed documentation This transaction enables the user to attach users (approvers) into the approval matrix. Changes to the matrix structure are not possible. |
/PROMENTA/WSFI_BDCER | Update error analysis | This tool enables the user to view the data used to update SAP in the case of update issue. |
System/Service users
Some solutions use a service SAP account to perform updates (post journals, update vendors etc). This enables the underlying transactions such as FB01, XK01 etc to be removed from end-users
If your scenario requires a service user then that use will need to be setup with all the authorisations to perform the update tasks – for example in the Journals process the user would need access to FB01 and all company codes etc.
Basis team for Installation process
Please review the install guide. All required transactions are mentioned there. The installation guide is updated regularly.