The concept of Role Based Authorizations in SAP would be one of the areas where SAP structure and management of information aligns fairly neatly with the military mindset.
Do you believe me?
Lets look at the similarities.
In the military individuals are posted in to Roles. Command responsibilities and authorizations go with the role and do not stay with the individual on posting.
Lets start with the way the military handles strategic and tactical intelligence reports (after all - SAP exists to manage, categorize and control information). Tactical intelligence reports from certain units in certain areas are "Eyes only" and fed into the system from the ground up. Information is only made available to selected predetermined roles on a "need to know" basis. Anyone outside the predetermined classification of "need to know" is not allowed access to the information. Ground level units can only see information pertinent to their AO and some designated partner units. Some individuals can only enter reports on a predetermined format. Some can read the reports but not comment. Some can read and comment - and a very select few can read, comment, edit and delete. Only those Roles at the top levels of security classification have visibility on the whole picture in the AO. Roles which are not necessarily dependent on Rank and/or Seniority.
The individual who has full and open access to everything will lose that access when they are posted into a new role.
Why is SAP the same?
Authorizations on visibility and management of information as well as Limits of Authority for spending are predetermined for a given role. This function controls which datasets can be seen by an individual, which datasets can be changed (or approved) by an individual and which datasets can be edited and/or deleted by an individual. Level of seniority and accessibility are not necessarily related - in most cases a manager can not change a purchase order after it has been raised - a mechanism designed to discourage fraud and theft.
As in the military, only designated roles can authorize the issue of a quote, the spending of money or the write off of stock. Individual access to information is restricted according to the role the individual is employed in. Only certain roles can hire and fire people. Only certain roles have total visibility on company strategic or proprietary information. Proprietary information is the business version of Top Secret - information that could bring the company down if it is leaked to the opposition.
Role Based Authorizations work almost exactly the same way in both examples.
Got questions?
Click here to ask the WYWM SAP Community on Discord
