|
Instructions for Departmental authorizers
|
People who maintain authorizations for a department's resources (see
definitions
of departmental Primary and Secondary authorizers) and want to maintain
them directly must use the Roles Database.
Most people who use the Roles application find that it only takes a little
time to get familiar with the application and start creating authorizations.
(Current documentation describes only SAP-related authorizations, but in
the future, Primary authorizers will be maintaining authorizations for other
business areas as well.) Most of the information you'll need is contained
in the following Web-based documents:
- Setting up
authorizations, by task
(a task-oriented quick guide)
- Detailed definitions of SAP-related business
functions
- Using the Roles application
- Web-based introduction to the Roles application
- PDF-based Navigating
the Roles Database, and Using It to Manage SAP Authorizations
(Requires Acrobat
Reader
)
- Guidelines for Primary authorizers
(includes policies and responsibilities)
Once you're familiar with the SAP-related business functions (items 1 and
2 above) and know how to display, create, and delete authorizations with
the Roles application (item 3), you'll probably find it easy to maintain
authorizations for your department. Read the brief but important web page
on PA Guidelines (item 4), and you'll be ready to begin.
Things to keep in mind:
- When a person from your department who has authorizations
leaves the department or leaves MIT, send e-mail to
business-help@mit.edu
Doing so will help the Business Liaison Team manage usernames in the
system. (This is also included in Guidelines
for Primary authorizers
.)
- Don't forget the REQUISITIONER authorization, where needed.
For some business functions, you must grant a combination
of authorizations.
- For a person to create requisitions in SAPgui or SAPweb, you must
grant both CAN SPEND OR COMMIT FUNDS and REQUISITIONER authorizations.
- You no longer need to grant the CAN USE SAP authorization.
As of 1/10/2003, the CAN USE SAP authorization is implicit for
all users who have other SAP-related authorizations. (There is
an exception for a few people within central offices, but these
special cases will not be handled by Primary Authorizers.)
- All CREDIT CARD VERIFIER authorizations must be done by the
VIP Card Administrator. (She also must set up table entries outside
of the Roles Database.) Contact vipcard@mit.edu
or call x3-8366.
- Where possible, use the Custom Fund Center hierarchy
(rather than the standard hierarchy) for specifying the Qualifier in
Authorizations. However, some DLCs should use the Profit Center hierarchy
for Reporting authorizations because of links to child projects in other
Profit Centers. (See explanation
.)
- Watch out for redundant authorizations.
Authorizations granted for a qualifier in the Fund Center, Cost Object,
or Spending Group hierarchies can be granted for a whole branch of the
hierarchy, e.g., all the Funds and Fund Centers under FC_BIOLOGY. If
you grant a CAN SPEND OR COMMIT FUNDS for a Fund Center and another
one for a Fund or Fund Center within the first Fund Center, the second
authorization is redundant. This won't harm anything in the Roles Database
or SAP, but it may cause confusion for people looking at these authorizations.
You can find redundant
authorizations by using the web-based reports to help you. Try this
handy technique for
deleting them.
- Be aware of the ramifications of certain authorizations that
cross departmental boundaries.
An authorization such as SEE SALARY SUBTOTAL IN REPORTS acts as a single
on/off switch that affects all objects on which a person can
report, sometimes within multiple departments. Primary authorizers granting
such an authorization should be aware of its affect on other departments'
resources, and may need to talk to other PAs to coordinate its use for
certain users. (See more details on
cross-departmental authorizations
.)
- Send requests Nimbus, LDS, warehouse and graduate admissions
authorizations to business-help@mit.edu
At present authorizers cannot grant authorizations for for Nimbus, LDS,
warehouse or graduate admissions. However, if you need such authorizations,
you can send your request to the Business
Liaison Team
and they will make sure it gets to the appropriate group.
Modified by sbjones, 04/01/2003