Authorization Guide

Authorization Object

*Note* Please make sure FLM authorization object is defined (Refer to Section 6 FLM Installation Guide for details)  and an appropriate role is assigned to the Aquiller user.

Overview

Aquiller authorization object is used to define roles and profiles that you wish the Aquiller system to respect when letters are being processed. Frontend user access can be precisely controlled using this object based on Application Type, Correspondence Category, Letter Type, Customer code and Top Level hierarchy.

Five authorization fields are delivered as part of the Aquiller package:

  1. Aquiller Application (/FLMCG/APP) (Content Builder, Letter Assembler, Letter Writer, Letter Box)
  2. Aquiller Customer Code (/FLMCG/CUS)
  3. Aquiller Correspondence Category (/FLMCG/CCA)
  4. Aquiller Assembly Number (/FLMCG/CTY) (4 digit code automatically assigned to letters)
  5. Aquiller Node (/FLMCG/NDE) (120sp2+ only)

The final field /FLMCG/NDE optionally allows customers to give access to only certain parts of their classification hierarchies to users.  This field combines all of the allowable TOP level nodes from BOTH content and assemblies.  If you wish to not limit this, just enter the value '*'.  For example, if your hierarchy looks like this:

  • UK
  •         North
  •         South
  •         East
  •         West
  • France
  •         North
  •         Central
  •         South
  • Germany
  •         West
  •         East

You could enter France in this field to give users only access to content and assemblies classified in that way.

Authorization Object creation

Aquiller is not shipped with an authorization object.  Part of the installation process involves the creation of authorization object ‘Z/FLMCG/01’.

  1. Transaction SU21 or menu path ‘Tools->ABAP Workbench->Development->Other tools->Authorization objects->Objects’
  2. Choose the pushbutton for create authorization object.
  3. Enter the following:
    1. Object: ‘Z/FLMCG/01’
    2. Enter description
    3. Class: ‘AAAB’
    4. Field name: /FLMCG/APP
    5. Field name: /FLMCG/CUS
    6. Field name: /FLMCG/CCA
    7. Field name: /FLMCG/CTY
    8. Field name: /FLMCG/NDE
  4. Assign to ZAQUILLER package

 

Roles

There are various ways of linking the authorization object to user ids using roles and profiles.  In this section we describe one method, using a ‘single role’ and a ‘generated profile’.

Creating an Aquiller Super User Role

  1. Transaction PFCG or select the menu path ‘Tools->Administration->User Maintenance->Role Administration->Roles.’
  2. Enter role name (for example ‘AQUI_SUPER’) and choose the ‘Single Role’ pushbutton.
  3. Enter the role description then Save.
  4. Go to the Authorizations Tab and in the ‘Information About Authorization Profile’ box, select the ‘Propose Profile Names’ pushbutton, and a profile name is generated automatically. Press Save.
  5. Select the Change Authorization Data pushbutton.  A pop-up window is displayed.  Select the ‘Do not select templates’ pushbutton.
  6. Now select the ‘Manually’ pushbutton, and enter the authorization object ‘Z/FLMCG/0001’ created above (4.2).
  7. Expand the hierarchy and then enter values for each field: select the ‘*’ symbol in order for this role to include all application types, correspondence categories, letter types and customer codes for the super user.
  8. Press Generate role and save.
  9. Select User tab and assign the role to SAP user account.

 

*Note* Aquiller SP2 version

Follow the above procedure to define authorization profiles for other users who require restricted access to Aquiller application.

Depending on the users other authorizations they may also need the S_SERVICE as well as P_PERNR and P_ORGIN roles.