Invoice approval agent is non-SAP user

Dart, Jocelyn jocelyn.dart at sap.com
Tue Feb 4 18:25:43 EST 2003 

Hi Nate,
Re the licensing issues - even if you use a generic user the number of actual
users, i.e. people, using the system must be licensed.  There are special
license arrangements around using generic users in this way.
 
However, there are also special licenses around having SAP users who never
directly access the system.
 
Be careful of licensing - what is technically possible is not always legally
defensible, so get advice from your account manager at SAP.
 
I would always recommend using real SAP user ids because you can then utilise
the security, audit trail, agent determination, etc. mechanisms available in
SAP standard.  Whether the users actually ever touch an SAP screen directly
is a separate question.
 
Regards,
        Jocelyn Dart
Consultant (SRM, EBP, Workflow)
and co-author of the book
"Practical Workflow for SAP"
SAP Australia
email: jocelyn.dart at sap.com
phone: +61 412 390 267
fax:   +61 2 9935 4880
 
 
 
 
-----Original Message-----
From: Michael Pokraka [mailto:workflow at quirky.me.uk]
Sent: Friday, 31 January 2003 10:01 PM
To: SAP-WUG at MITVMA.MIT.EDU
Subject: Re: Invoice approval agent is non-SAP user
 
 
Hi,
I wouldn't be too concerned about the 'generic' user posting documents -
after all, WF-BATCH does pretty much everything users are not authorized
to do, which can be a security feature or hole depending on how you
implement it.
I can't speak for SAP on licensing issues, but I would check that out. I
believe there are 'occasional users'-type licenses available.
 
Other than that, the only other thing I can think of is that you need to
be very careful on security and audit considerations. e.g. a pure
SAP WF will show someone approved it, followed by WF-BATCH releasing it.
Now that you're talking to the 'outside world' you will have two areas
of security to consider - what if recipient forwards his mail to his/her
secretary? Where are your controls on what she can now approve, think
substitution strategies, upgrade considerations etc.
It can be a good solution, just needs careful planning.
 
Just my 0.02<insert local currency here>
Cheers
Mike
 
On Fri, Jan 31, 2003 at 11:23:42AM +0100, Nathan Fox wrote:
> Here is the scenario for an invoice approval flow using FI Prebooking
> documents.  MM is not involved. SAP System is 4.6C. Business object FIPP.
>
> 1)Invoices are scanned and pre-booked in FI as a centralized function by
> trained SAP users.
>
> 2)Approval of these invoices is decentralized and concerns about 100 non-SAP
> users.  They don't have an SAP user logon, they have never used SAP.  The
> users are however in the SAP organization structure and could be designated
> quite nicely as the agent of approval for the pre-booked invoice.
>
> 3a)Proposed solution : My immediate reflex was to send an approval work-item
> to the agent's MS Exchange inbox using the MAPI - SAP interface.  The user
> doesn't realize he's "logging on" into the "complicated" SAP environment, he
> just double clicks on an "Email-like" workitem.
>
> 3b)additional requirement after review : this SAP site does not want to buy
> an additional 100 SAP user licences only to enable these agents to approve
> pre-booked invoices, too costly.
>
> Is it feasable to get around the SAP-User logon hurdle without creating an
> equally complicated "gas works" solution?  The following scenario I submit
> for peer-review and hope to stimulate some interesting discussion.
>
> a) On creation of a pre-booked document(FIPP) an SAP Workflow is triggered.
> b) Agents are found via OM and informed via Email of pending pre-booked
> documents.  This Email is purely informative, it is not a workitem.
> c) the SAP workflow goes into a "stand by" mode waiting for the events
> "approved" or "rejected"
> d) the informed agent receives the notification in MS Exchange of a pending
> approval task, the agent starts a non-SAP application (perhaps VB of JAVA)
> which accesses via a custom "GET_LIST" BAPI all the open pre-booked invoices
> which are attributed to his/her HR personel number.  The logon takes place
> accordingly with a generic RFC user.
> e)the pre-booked document is displayed in the external application, after
> which the user is prompted to approve or reject an invoice in which case the
> corresponding "reject" "approve" method would be called via RFC.  We lack
> SAP "BAPI" methods here.
> f) the SAP workflow receives notification of approval or rejection and
> terminates successfully.
>
> Technically we have in-house competency in ABAP, RFC, ALE , BOR, and BAPI
> programming. As "techies" we would love to try something "new" like this, a
> technically cool solution.
>
> My "functional" gut feeling bawks at the thought of a generic RFC user
> approving and posting FI documents.
>
> What do my workflow-peers think?
> Are there other pitfalls, functional or technical, with the above scenario?
>
> regards ( I'm on european time, I might take a while to respond)
> Nate

More information about the SAP-WUG mailing list