Problem solve Get help with specific problems with your technologies, process and projects.

SEM security 101

How does SAP handle Security with SEM?
In addition to the standard BW authorization process, SEM has its own authorization objects definition for each of the application areas, i.e. BPS, PM, CPM and SRM. Below, you will find some of the authorization mechanisms that are available in SEM:

For BPS, if you go to the authorization tab while you are in the planning books, you can define the authorizations any way you want. In addition to these, you can use Data Slices and Variables for authorization. Data slice can be used when you want to explicitly lock certain subsets of a planning area's data set so that the data cannot be updated.

When creating a planning area, there are no default settings that restrict the data that you can update. In practice, however, it may be appropriate to permit data updates for specific characteristic value combinations only (e.g. actual data)

Variables are used to restrict characteristics to one desired value or value range, which can be used within a planning area. The setting of the characteristic value then becomes automatically effective in all places within the planning area. The selection for the corresponding characteristic is referred to the variable you have defined. There are 3 different types of variables. For authorization purposes it is recommended to use user-specific values. In principle, you can enter a selection of values or value ranges for the variable, which are then used as the standard in the entire planning area for the replacement of variables. Additionally, the user variable values you enter should be valid. In this way you can make sure that the person responsible, e.g. sales planning, sees the plan figures for all regions when he/she navigates within the planning area. While the processors, who are responsible for individual regions, are only offered the plan figures, which fall within their area of responsibility. The differentiation of users takes place with the user names, with which they log onto the system.

SEM-CPM allows for substitute users. Substitute users are users assigned as "backup" authorized users and given similar or the same level of access. Elements contained in a scorecard can be edited, not only by the responsible person, but also by persons who have been nominated as substitutes. The responsible person can create substitutes, the name of the substitute and the time frame for which the substitute should be valid. By entering a time frame, the substitute can, for example, obtain access during the vacation period of the responsible person.

Dig Deeper on SAP CPM software

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.