Authorisation Plugin

Since SP28 a custom plugin point is available to enable some segregation of duties for workflow responsibility maintenance.

Note that the plugin is delivered OFF by default and must be activated to be effective.


The segregation of duties plugin enables you to specify subsets of workflow responsibility groupings which can be managed by specific teams. The segregation relies on the customer having a naming convention in place for their responsibility groups as it is patterns of the name that are used to define the segregation


All Journal approval groups in a company have a patter like : JOURNAL_<company code>_<level>      Example : JOURNAL_US01_1

All vendor approval groups in a company have  a pattern like VENDOR_<company_code>       Example : VENDOR_US01

To separate the management of these approval groups you define two patterns

Journal administrators : JOURNAL_*

Vendor administrators : VENDOR_*

You can then assign appropriate security authorisation to the administrators to ensure they only manage their groups.

Important Note : The Approval Group (APP_GROUP) is the value that is checked. 


Decision tree /PROMENTA/WF_RESP_MAINT should be copied and overridden to make changes



Result=ON to activate, OFF to deactivate

Group ID List


This node contains the list of administrator “groups”. In the previous example this would be as shown below

Group detail

Each group must then be assigned one (or more) patterns so the system can check if the user is allowed to manage a responsibility.

In the example below the group “JOURNAL” is assigned pattern JOURNAL_*


The authorisations objects below are used to assign groups and permission levels to administrator users via SAP roles

Object YZYWS00001



YZYWSKEY2=<Group ID>   The Group Id is taken from the group id in the decision tree above

ACTVT = 02   (for maintenance access)

Scroll to Top