Basic Understanding of Roles and Authorization
Transcript of Basic Understanding of Roles and Authorization
-
8/16/2019 Basic Understanding of Roles and Authorization
1/3
-
8/16/2019 Basic Understanding of Roles and Authorization
2/3
Roles and Authorizations allow the users to access SAP Standard as wellas custom Transactions in a secure way.SAP pro"ides certain set of generic Standard roles for di;erent modulesand di;erent scenarios.'e can also de*ne user de*ned roles !ased on the Pro$ect scenario
keeping !elow concept in mind+
There are !asically two types of Roles+,. Master Roles 2 'ith Transactions( Authorization
organizational le"el management.-. =eri"ed Roles 2'ith organizational le"el management and
Transactions and Authorization
The reason !ehind this concept is to simplify the management of Roles.
WHAT ARE THE COMPONENTS OF A ROLE:
A Master Role or a =eri"ed Role is ha"ing !elow components inside it+
,. Transaction Codes
-. Pro*le
. Authorization
>. also helps in restricting? allowing the "alues of that particular *eld 5For e+ Authorization
o!$ect I&'OR(&ORD: PM+ %usiness 5/ence assuming > Shift &n3
charges8.
As mentioned !efore( Maintenance &n3charge will ha"e rights to following transactions 2
&'--( &'-( &'-6( &'-7( &',( &'-( &'6 and &'7 !ut he will not ha"e rights to
release the Maintenance order.
-
8/16/2019 Basic Understanding of Roles and Authorization
3/3
E+PLAININ( WITH AN E+AMPLE:
/ence( considering the a!o"e situation( we will create a common Master role for all >
Maintenance &n3charges say ZMPM&MAIN&IN&CHAR(E&ROLE 5/ere the role name
starts with ZMPM to make us understand that it is a Z Master Role
for Plant Maintenance 8 with transaction mentioned a!o"e with all rights 5with "alue DE8inside the transactions !ut only restricting release of Maintenance order with the help of
authorization o!$ectI&'OR(&ORD and remo"ing "alue+ ,FRE and *eld+ ,ETR'OR( !ut
with all any organizational le"el 5say-ant8 assignment.
4ow !ased on this Master Role we ha"e to create deri"ed Roles for all > Maintenance &n3
charges indi"idually say for *rst Maintenance &n3Charge we create a deri"ed
role ZDPM&MAIN&IN&CHAR(E&ROLE&MI.referring the a!o"e Master
Role ZMPM&MAIN&IN&CHAR(E&ROLE. This will copy all the transactions and
authorization o!$ects from Master Role !ut will not copy the organizational le"el
assignments which we ha"e assigned in Master Role. /ence( we need to maintain the
organizational le"el for the deri"ed role 5say PlantP.8.
/ere once we sa"e 5 Benerate8 the Master as well as =eri"ed Role we can assign this
role to the )ser &= for the particular Maintenance &n3charge.