ActiveControl has the ability to be able to control which functions users are able to access and which objects are visible to the user when they log into the GUI.
Administration users are automatically given access to all functionality but non-admin user access can be controlled by setting up the required access using SAP authorisation profiles.
Basic authorisation to the ActiveControl application for all users requires one of the following TE roles to be assigned:
|/BTI/TE:CTS_USER||This role contains all of the basic authorisations that are required to log into ActiveControl application and needs to be assigned to every ActiveControl user.|
|/BTI/TE:CTS_ADMIN_USER||This role contains all of the basic authorisations that are required to use the application, plus some ActiveControl and SAP standard authorisations required for actions aimed more at Basis and Configuration users of ActiveControl.|
These roles are included within the standard user roles supplied with ActiveControl, which are described in detail later in this document.
In addition to these basic authorisation roles, the authorisation concept works in two different ways. Firstly, users can be restricted in what is visible to them when logged into ActiveControl. The details of how this is configured are described below in the View Authorisations section. Secondly users can be restricted in what they do in the system. This is described in the Activities Authorisation section. Both concepts are now controlled through configuration tables in ActiveControl and assigning the appropriate profiles in the user master records of users.