Scribd Logo
Upload

Welcome to Scribd!

  • Authorization Management: at The Customer Site

    Uploaded by

    Aditya
    10 views20 pages
    this document is about: ta11

    Original Title

    TA_11

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    this document is about: ta11

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views20 pages

    Authorization Management: at The Customer Site

    Uploaded by

    Aditya
    this document is about: ta11

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Authorization Management

    at the Customer Site


    Speaker’s Name, SAP
    Month 00, 2017

    PUBLIC
    Authorization Management at the Customer Site

    At the customer site, tables USOBX_C and USOBT_C control the behavior of Role Maintenance.
    After a new installation, these tables are empty, and must be filled with values before Role
    Maintenance is used for the first time.

    Authorization Business
    Development User
    Management

    ABAP
    Workbench
    SU25 1 Logs on to the SAP
    system
    Creates application containing
    1 AUTHORITY-CHECK Navigates using
    1 Copies options in the role
    2 Test application authorization data menu
    Accesses applications
    SU22 SU24 for which the role
    contains authorizations

    Creates authorization
    3 proposals
    2 Adjusts authorization
    Determines necessary checks
    and enters default values
    defaults to customer‘s
    needs
    PFCG PFCG

    3 Creates role with menu


    Creates SAP role with menu
    4 Generates role profile
    Refine authorization value
    4 Assigns role to user

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 2


    Where do the Default Values Come from?

    USOBX_C
    USOBT_C

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 3


    Authorization Concept in Practice:
    Basics

    Composite Role

    Role
    Transaction 1 SU24
    Transaction 2 USOBX_C
    Report 0815
    USOBT_C

    Authorization Object Object


    Z
    Authorization Z
    Authorization Object Z
    Field 1 Field 1
    … Field 1
    … …

    User
    SU25

    SU22
    USOBX

    USOBT

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 4


    Initial Fill of the Default Tables

    SAP Defaults Customer Values


    SU25
    (Step 1)
    USOBX USOBT USOBX_C USOBT_C

    For each application type: For each application type:


     Which checks exist?
    Copy  Which checks exist?
     Which checks  Which checks are
    are performed? performed?
     What is entered in  What is entered in Role
    Role Maintenance? Maintenance?
     What does Role  What does Role
    Maintenance propose? Maintenance propose?

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 5


    Upgrade Scenario

    SAP Customer
    Defaults SU25 Values
    (Step 2A – 2D)
    USOBX 2A: Compares the new tables USOBX and USOBX_C
    USOBT with USOBX_C and USOBT_C

    USOBT 2B: Adds any new transactions/updates to USOBT_C


    tables USOBX_C and USOBT_C

    2C: Updates the existing roles and flags all


    roles with new authorization objects
    2D: Displays all roles for which there are
    changed transaction codes

    Step 1 in transaction “SU25” may not be


    executed for this reason as it would
    completely overwrite the tables

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 6


    Authorization Management at the Customer Site

    Authorization proposals are then refined/adjusted for this specific customer system

    Development Authorization Business User


    Management

    ABAP
    SU25 1 Logs on to the SAP system
    Workbench
    Navigates using options in the
    1 Creates application containing role menu
    AUTHORITY-CHECK
    1 Copies authorization data Accesses applications for
    which the role contains
    2 Test application authorizations

    SU22 SU24

    Creates authorization
    3 proposals 2 Adjusts authorization defaults
    Determines necessary checks to customer‘s needs
    and enters default values

    PFCG PFCG

    3 Creates role with menu


    Creates SAP role with menu Generates role profile
    4
    Refine authorization value
    4 Assigns role to user

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 7


    Adjusting Check Indicators at the Customer Site

    SU24
    Customer Values USOBX_C USOBT_C

    Proposal Status
    For each application type:
     Which checks No
    exist?
     Which checks Yes, Without Values
    are performed?
     What is entered in Yes
    Role Maintenance?
     What does Role
    Maintenance propose?
    Objects & Field Values

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 8


    Authorization Management at the Customer Site

    At the customer site, the administrator creates roles that meet the needs of the customer

    Authorization Business User


    Development
    Management

    ABAP
    SU25 1 Logs on to the SAP system
    Workbench
    Navigates using options in
    1 Creates application the role menu
    containing AUTHORITY-
    CHECK 1 Copies authorization Accesses applications for
    2 Test application data which the role contains
    authorizations

    SU22 SU24

    Creates authorization
    3 proposals 2 Adjusts authorization
    Determines necessary checks defaults to customer‘s
    and enters default values needs

    PFCG PFCG

    3 Creates role with menu


    Creates SAP role with Generates role profile
    4
    menu
    Refine authorization value 4 Assigns role to user

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 9


    Role Maintenance (PFCG)

    Work Center
    Description:
    - Activity 1 Role
    - Activity 2
    - ...

    Description Menu Authorizations User MiniApp Personalization

     Short  Determine  Maintain Authorization  Assign Users  Assign  Set


    Description Activities Data  Compare User MiniApp to Special
     Define Role  Design User  Generate Authorization Master User for SAP Requirements
    Names Menus Profile Workplace

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 10


    Process Steps of the Administrator

    Define role name

    Determine activities

    Design user menus

    Maintain authorization data

    Generate authorization profile

    Assign users

    Compare user master record

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 11


    Authorization Maintenance:
    Traffic Light Legend

    Traffic lights refer to authorization fields in lower branches

    Authorization field contents maintained

    Some unmaintained authorization field contents

    Unmaintained organizational levels

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 12


    Authorization Maintenance:
    Status Texts

    Status texts for authorizations

     Standard: Field values have not been changed


     Maintained: Value entered in field delivered empty
     Changed: Field delivered with content was changed
     Manual: Authorization object was inserted manually

    Status texts after a comparison (such as change in menu selection)


     Old: No field value changed and no new authorization added
     New: At least one new authorization added

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 13


    Authorization Maintenance:
    The “Yellow Traffic Light Problem”

     Manual NO connection between this object entry


    and the role menu exists

     For every action that requires


     Changed
    “Read old status and merge with new data”,

    the Standard is read again

     Maintained Maintenance
    Maintenance
    Connection between this object
    entry and the role menu exists
     Standard

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 14


    Special ABAP Roles:
    Composite Roles

    Role 2
    Role 5
    Role 1 Role 3 Role 4 Role 6 Role 7

    Composite Composite
    Role A Role B

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 15


    Special ABAP Roles:
    Menus of Composite Roles

    Composite Role
    Role 1
    Role 1 Menu
    Read Menu
    Purchasing
    Purchase Order
    Delivery
    Material Price
    Purchasing
    PRs
    Purchase Order
    Delivery Full menu can be changed!
    Role 2 Menu Material Price (entries can be
    Inventory restructured
    Inventory and deleted)
    Count
    Count
    Role 2 PRs
    Material Price

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 16


    Special ABAP Roles:
    Customizing Roles

    Project-IMG

    Customizing-
    Role

    Project- Business Final Go Live &


    Realization
    Preparation Blueprint Preparation Support

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 17


    Authorization Management at the Customer Site

    Business users log on to the SAP system and access applications for which they have
    authorizations

    Authorization Business User


    Development
    Management

    ABAP
    SU25 1 Logs on to the SAP
    Workbench
    system
    1 Creates application
    Navigates using options
    containing AUTHORITY-
    1 Copies in the role menu
    CHECK
    2 Test application authorization data Accesses applications
    for which the role
    contains authorizations
    SU22 SU24

    Creates authorization
    proposals Adjusts authorization
    3 Determines necessary 2
    defaults to customer‘s
    checks and enters needs
    default values
    PFCG
    PFCG

    3 Creates role with menu


    Creates SAP role with
    4 Generates role profile
    menu
    Refine authorization value 4 Assigns role to user

    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 18


    Authorization Check in the Program Flow

    Start Transaction
    Check for S_TCODE ME21N
    ME21N

    Check for Values (TSTCA)


    M_BEST_EKO

    Enter Values / Check for Values (program) in


    Save M_BEST_EKG

    Program
    Check for Values (program) in
    M_BEST_EKO

    Check for Values (program) in


    M_BEST_WRK

    User Action System Action


    © 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 19
    Thank you.
    Contact information:
    F name L name
    Title
    Address
    Phone number

    Partner logo

    You might also like