woman-in-front-of-her-computer-3059745 (1)

Data Ownership

Protect Your Data with Data Ownership in SAP Business One

Every company using SAP Business One will have some combination of general authorizations with a particular license to grant its users’ access to documents in the database.  This level of control is by the object, meaning access granted to the object grants access to every document in that object, while access is denied to the object means that none of its documents can be viewed and/or created by the user.  Data ownership authorizations introduce another level of control over company data, enabling you to restrict access to documents on a need-to-know basis.

Data ownership allows you to restrict access to users based on their relationship to the ‘owner’ assigned to either the marketing document or master data record.  There are 7 types of assignable relationships for your users/employees that grant access in the following unique ways:

  • Peer: The owner and the user share the same manager.
  • Manager: the owner is the user’s manager.
  • Subordinate: The user is the manager of the owner, or the owner is the user’s direct sub-ordinate.
  • Department: The user is in the same department as the owner.
  • Branch: The user is in the same branch as the owner.
  • Team: The user is assigned to the same team as the owner (teams are setup on the Membership tab of the Employee Master record).
  • Company: The user is not restricted by data ownership relationships.

These relationships can be set up to depend on three methods: Business Partner only, Marketing Documents only, or both, depending on how you enable Data Ownership in the system. Let me briefly explain each.

Business Partner Only

Ownership will be assigned in the business partner master data record in the Owner field. Once an owner is assigned, marketing documents will inherit their owner from the business partner. Thus, in order to gain access to the Business Partner Master Data record and that business partner’s documents, the user will need to have a defined relationship with the owner of the business partner. Usually, you would only select this method if you have one exclusive employee that manages all relations with a business partner, and anyone who needs access to their data has a defined relationship with this one user.

Marketing Document Only

Ownership will be assigned in the business partner master data record in the Owner field. Once an owner is assigned, marketing documents will inherit their owner from the business partner. Thus, in order to gain access to the Business Partner Master Data record and that business partner’s documents, the user will need to have a defined relationship with the owner of the business partner. Usually, you would only select this method if you have one exclusive employee that manages all relations with a business partner, and anyone who needs access to their data has a defined relationship with this one user

Business Partner and Document

Ownership can be either from the business partner or the marketing document. This method is essentially a hybrid of the other two. If an owner exists on the business partner record, the system will use the Business Partner only method. If there is not an owner assigned on the business partner record, then the system will use the document only method. Use this method if it is true that there can be exclusive owners for some business partners but not for others.

At the heart of Data Ownership is the Employee Master Record, where all the information is found for validating user-owner relationships. Employee records have to exist for every user in the system or at least the users that your company wants to control access of data to (including users you want to be owners). The system will confirm the user’s assigned relationship with the owner of the data by looking at the employee records involved. For example, if Keith is assigned as the owner of ABC Company under the Business Partner only method, and my user is assigned a Manager relationship, I will need to have an employee record with Keith assigned as my manager to view ABC Company’s data. 

If you would like to incorporate data ownership to better protect the data internally in your company database, the LBSi team would be glad to help. 

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email