Your SlideShare is downloading. ×
$XWKRUL]DWLRQV 0DGH (DV     8VHU 5ROH 7HPSODWHV DQG  *HQHUDWLQJ $XWKRUL]DWLRQ 3URILOHV            Release 4.6A/B          ...
&RSULJKW     ©  E 6$3 $* $OO ULJKWV UHVHUYHG     1HLWKHU WKLV GRFXPHQWDWLRQ QRU DQ SDUW RI LW PD EH FRSLHG RU UHSURGXFHG L...
³RX FDQ RSHQ WKLV ERRN                    DQG NHHS LW RSHQ ZLWKRXW LW VQDSSLQJ VKXW RQ RX RX QHHG QRW ZRUU DERXW          ...
RQWHQWV DW D *ODQFH$FNQRZOHGJHPHQWV [LLL,QWURGXFWLRQ             [Y:KDW·V 1HZ LQ 5HOHDVH   [[LKDSWHU           5 6VWHP 6HF...
iv
HWDLOHG 7DEOH RI RQWHQWV$FNQRZOHGJHPHQWV [LLL,QWURGXFWLRQ              [Y                       What Is this Book About? ....
Detailed Table of Contents                  R/3 Tools for Security Implementation ...........................................
Detailed Table of Contents                 External R/3 Users ...............................................................
Detailed Table of Contents                  Postmaintaining User Role Templates..............................................
Detailed Table of Contents                 Comparing User Master Data from Within Transaction PFCG...........................
Detailed Table of Contents                      Enabling auth/tcodes_not_checked ............................................
Detailed Table of Contents$SSHQGL[ %      )UHTXHQWO $VNHG 4XHVWLRQV %²                 Overview..............................
Detailed Table of Contents   xii                       Authorizations Made Easy
$FNQRZOHGJPHQWV, ZLVK WR H[SUHVV DSSUHFLDWLRQ WR WKH IROORZLQJ LQGLYLGXDOV ZKR SURYLGHG WLPH PDWHULDO H[SHUWLVH DQGUHVRXUF...
6$3 $*           1RUPDQ H /HHXZ 0DWKLDV .LQ]OHU (UZLQ 5RMHZVNL 0DUNXV 6FKPLGW +HLNR 6WRFN                  6YHQ 6FKZHULQ:H...
Acknowledgmentsxivxiv            Authorizations Made Easy
,QWURGXFWLRQRQWHQWVWhat Is this Book About? .................................................................................
IntroductionWhat Is this Book About?:KDW ,V WKLV %RRN $ERXW               7KLV JXLGHERRN LV GHVLJQHG WR KHOS RX VHW XS WKH...
,W H[SODLQV ZKDW RX QHHG WR NQRZ WR               SHUIRUP WKLV WDVN DQG KHOSV RX XVH WKH VWDQGDUG WRROV SURYLGHG ZLWK RXU ...
7KLV JXLGH UHIHUV WR 5HOHDVH $% RI WKH 6$3 5 6VWHP $OO VFUHHQVKRWV DUH IURP 5HOHDVH               $ XQOHVV RWKHUZLVH QRWHG...
7DVNV RX QHHG WR SHUIRUP GXULQJ DQG DIWHU LQVWDOODWLRQ RI 5 WR IDFLOLWDWH WKH XVH RI WKH                   3*             ...
Introduction                                                                                           How to Use this Gui...
Monospace                                      8VHU LQSXW WH[W WKH XVHU WSHV YHUEDWLP
1DPH → 1DPH                                  0HQX VHOHFWLRQ 1DPH LV WKH PHQX QDPH                                         ...
IntroductionConventions                  6DPSOH 5 5HOHDVH  6FUHHQ                     Menu Bar               Standard Tool...
HSHQGLQJ RQ RXU DXWKRUL]DWLRQV VRPH RI WKH EXWWRQV RQ RXU DSSOLFDWLRQ WRROEDU PD                     QRW EH DYDLODEOH     ...
Introduction                                                                                                    Convention...
IntroductionConventionsxx xx          Authorizations Made Easy
:KDW·V 1HZ LQ 5HOHDVH RQWHQWVOverview .......................................................................................
What’s New in Release 4.6Overview2YHUYLHZ               7KLV FKDSWHU SURYLGHV D EULHI GHVFULSWLRQ RI WKH QHZ IXQFWLRQDOLW ...
7KLV XVHU PHQX LV EDVHG RQ WKH XVHU UROH               WHPSODWH RU DFWLYLW JURXS WKH XVHU LV DVVLJQHG WR 8VHUV QR ORQJHU K...
What’s New in Release 4.6                                                                                         Flexible...
What’s New in Release 4.6Composite Activity GroupsRPSRVLWH $FWLYLW *URXSV               $V RI 5HOHDVH $ LW LV SRVVLEOH WR ...
KDSWHU                          5 6VWHP 6HFXULW DQG WKH                                                                   ...
Chapter 1: R/3 System Security and the Authorization ConceptOverview2YHUYLHZ                ,Q WKLV FKDSWHU ZH H[SODLQ WKH...
3UHSDULQJ WKH 5 (QYLURQPHQW DQG 3UHSDUDWLRQ IRU *R /LYH FKDSWHU
3URGXFWLRQ 3KDVH FKDSWHU
8SJUDGH DQG 2QJRLQJ HYHORSPHQW FKDSWHU
:H EHJLQ ZLWK WKH 5 DXWKRUL]DWLRQ FRQFHSW DQG WKH DXWKRUL]DWLRQ GHVLJQ VR RX FDQ PHHW                UHTXLUHPHQWV VXFK DV ...
DQG EHFRPHV HYHQ PRUH DFXWH WKDQ :$1V                                                                                     ...
Chapter 1: R/3 System Security and the Authorization Concept                                                              ...
$FFHVV SURWHFWLRQ DQG DXWKHQWLFDWLRQ RXWVLGH RI 5 LQFOXGLQJ DXWKRUL]DWLRQV EHWZHHQ                     :HEEDVHG DSSOLFDWLR...
3URWHFWLRQ DW QHWZRUN FRPPXQLFDWLRQ OHYHO QRW GLVFXVVHG LQ WKLV JXLGH
DWD SURWHFWLRQ DW GDWDEDVH OHYHO QRW GLVFXVVHG LQ WKH JXLGH
Release 4.6A/B                                                                                                            ...
Chapter 1: R/3 System Security and the Authorization ConceptThe Authorization Concept7KH $XWKRUL]DWLRQ RQFHSW             ...
DWD HQFUSWLRQ QRW GLVFXVVHG LQ WKLV ERRN
/RFNLQJ VVWHP IRU FKDQJHV                7KH 5 DXWKRUL]DWLRQ FRQFHSW SHUPLWV WKH DVVLJQPHQW RI JHQHUDO DQGRU ILQHO GHWDLOH...
XVXDOO JHQHUDWHV DXWKRUL]DWLRQV DQG                DXWKRUL]DWLRQ SURILOHV DOWKRXJK DXWKRUL]DWLRQV FDQ DOVR EH PDQXDOO LQVH...
Chapter 1: R/3 System Security and the Authorization Concept                                                              ...
Chapter 1: R/3 System Security and the Authorization ConceptThe Authorization Concept$XWKRUL]DWLRQ 2EMHFW )LHOGV          ...
$FWLYLW $797
([SODQDWLRQ    DOO SRVVLEOH YDOXHV    GLVSOD                $XWKRUL]DWLRQV DUH XVHG WR VSHFLI SHUPLWWHG YDOXHV IRU WKH ILH...
Chapter 1: R/3 System Security and the Authorization Concept                                                              ...
DXWKRUL]DWLRQ                 REMHFWV $OVR XVH WKH 3* WR H[FOXGH IXUWKHU DXWKRUL]DWLRQ REMHFWV IRU H[DPSOH +5 GDWD
IURP WKH SURILOH                 1RWH WKDW ZH DUH WDONLQJ DERXW DXWKRUL]DWLRQ SURILOHV QRW DFWLYLW JURXSV                 ...
FDQ EH IUHHO DVVLJQHG 7KH QXPEHU RI SURILOHV JHQHUDWHG GHSHQGV RQ WKH                 QXPEHU RI DXWKRUL]DWLRQV LQ HDFK DFW...
DUH XVHG DV D FRXQWHU                 7R DYRLG FRQIOLFWV EHWZHHQ FXVWRPHUGHILQHG SURILOHV DQG WKRVH SURILOHV VXSSOLHG E 6$...
7KHUHIRUH LI                 RXU FRPSDQ KDV LWV RZQ QDPLQJ FRQYHQWLRQV RX DUH DOORZHG WR RYHUZULWH WKH                 SUR...
8VHU 0DVWHU 5HFRUGV                 0DVWHU UHFRUGV HQDEOH WKH XVHU WR ORJ RQ WR WKH 5 6VWHP DQG DOORZ OLPLWHG DFFHVV WR WK...
Chapter 1: R/3 System Security and the Authorization ConceptSAP* and DDIC Users$XWKRUL]DWLRQ KHFNV                7R FRQGX...
WR WKH YDOXHV QHHGHG WR FDUU RXW D SURJUDPVSHFLILHG DFWLRQ $                XVHU PD RQO FDUU RXW WKH DFWLRQ LI WKH DXWKRUL...
7KH WZR VSHFLDO 5 XVHUV DUH                 6$3                    HILQHG DV WKH VWDQGDUG 5 VXSHUXVHU 6$3 GRHV QRW UHTXLUH...
Chapter 1: R/3 System Security and the Authorization Concept                                                              ...
Π  +DV XQOLPLWHG VVWHP DFFHVV DXWKRUL]DWLRQV                     :KHQ RX LQVWDOO 5 D XVHU PDVWHU UHFRUG LV GHILQHG LQ FOL...
KHOSV WKH DXWKRUL]DWLRQ DGPLQLVWUDWRU FUHDWH JHQHUDWH DQG                 DVVLJQ DXWKRUL]DWLRQ SURILOHV )LUVW UHOHDVHG ZLW...
Chapter 1: R/3 System Security and the Authorization ConceptWhat Is the Profile Generator?                 8VH 68 WR LQLWL...
)RU GHWDLOHG LQIRUPDWLRQ SOHDVH UHDG FKDSWHU  6HWWLQJ 8S WKH 3URILOH *HQHUDWRU                2QFH WKH 3* LV VHW XS RX FDQ...
Chapter 1: R/3 System Security and the Authorization Concept                                                              ...
7KH 3* WKHQ SODFHV WKH VSHFLILHG OHYHOV LQ WKH DXWKRUL]DWLRQ REMHFWV $W WKLV SRLQW D ORW RI                 DXWKRUL]DWLRQ ...
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Amez 46 all
Upcoming SlideShare
Loading in...5
×

Amez 46 all

382

Published on

Published in: Technology, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
382
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Amez 46 all"

  1. 1. $XWKRUL]DWLRQV 0DGH (DV 8VHU 5ROH 7HPSODWHV DQG *HQHUDWLQJ $XWKRUL]DWLRQ 3URILOHV Release 4.6A/B SAP Labs, Inc. Palo Alto, California
  2. 2. &RSULJKW © E 6$3 $* $OO ULJKWV UHVHUYHG 1HLWKHU WKLV GRFXPHQWDWLRQ QRU DQ SDUW RI LW PD EH FRSLHG RU UHSURGXFHG LQ DQ IRUP RU E DQ PHDQV RU WUDQVODWHG LQWR DQRWKHU ODQJXDJH ZLWKRXW WKH SULRU FRQVHQW RI 6$3 $* 6$3 $* PDNHV QR ZDUUDQWLHV RU UHSUHVHQWDWLRQV ZLWK UHVSHFW WR WKH FRQWHQW KHUHRI DQG VSHFLILFDOO GLVFODLPV DQ LPSOLHG ZDUUDQWLHV RI PHUFKDQWDELOLW RU ILWQHVV IRU DQ SDUWLFXODU SXUSRVH 6$3 $* DVVXPHV QR UHVSRQVLELOLW IRU DQ HUURUV WKDW PD DSSHDU LQ WKLV GRFXPHQW 7KH LQIRUPDWLRQ FRQWDLQHG LQ WKLV GRFXPHQW LV VXEMHFW WR FKDQJH ZLWKRXW QRWLFH 6$3 $* UHVHUYHV WKH ULJKW WR PDNH DQ VXFK FKDQJHV ZLWKRXW REOLJDWLRQ WR QRWLI DQ SHUVRQ RI VXFK UHYLVLRQ RU FKDQJHV 6$3 $* PDNHV QR FRPPLWPHQW WR NHHS WKH LQIRUPDWLRQ FRQWDLQHG KHUHLQ XS WR GDWH7UDGHPDUNV 6$3 WKH 6$3 ORJR 5 5 $%$3 DQG RWKHU 6$3 UHODWHG SURGXFWV PHQWLRQHG KHUHLQ DUH UHJLVWHUHG RU XQUHJLVWHUHG WUDGHPDUNV RI 6$3 $* $OO RWKHU SURGXFWV PHQWLRQHG LQ WKLV GRFXPHQW DUH UHJLVWHUHG RU XQUHJLVWHUHG WUDGHPDUNV RI WKHLU UHVSHFWLYH FRPSDQLHV 6LPSOLILFDWLRQ *URXS 6$3 /DEV ,QF HHU UHHN 5RDG 3DOR $OWR $ ZZZVDSODEVFRPVLPSOH VLPSOLIU#VDSFRP 3ULQWHG LQ WKH 8QLWHG 6WDWHV RI $PHULFD ,6%1 ; 7KLV ERRN XVHV (FR)/(;™ ODIODW ELQGLQJ :LWK WKLV ODIODW IHDWXUH³GHYHORSHG E DQG H[FOXVLYHO DYDLODEOH DW -RKQVRQ 3ULQWLQJ 6HUYLFH -36
  3. 3. ³RX FDQ RSHQ WKLV ERRN DQG NHHS LW RSHQ ZLWKRXW LW VQDSSLQJ VKXW RQ RX RX QHHG QRW ZRUU DERXW EUHDNLQJ WKH VSLQH (FR)/(; PDNHV ERRNV OLNH WKLV RQH HDVLHU WR XVH
  4. 4. RQWHQWV DW D *ODQFH$FNQRZOHGJHPHQWV [LLL,QWURGXFWLRQ [Y:KDW·V 1HZ LQ 5HOHDVH [[LKDSWHU 5 6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSW ²KDSWHU $XWKRUL]DWLRQV DQG $6$3 ²KDSWHU 6HWWLQJ 8S WKH 3URILOH *HQHUDWRU ²KDSWHU 8VHU $GPLQLVWUDWLRQ ²KDSWHU 8VHU 5ROH 7HPSODWHV ²KDSWHU $GYDQFHG 3URILOH *HQHUDWRU )XQFWLRQDOLW²KDSWHU 3UHSDULQJ WKH 5 (QYLURQPHQW IRU *R/LYH²KDSWHU ,QVHUWLQJ 0LVVLQJ $XWKRUL]DWLRQV²KDSWHU $VVLJQLQJ $FWLYLW *URXSV ²KDSWHU 6HWWLQJ 8S WKH $/( (QYLURQPHQW IRU HQWUDO 8VHU $GPLQLVWUDWLRQ²KDSWHU 6HWWLQJ 8S HQWUDO 8VHU $GPLQLVWUDWLRQ ²KDSWHU 7LSV DQG 7URXEOHVKRRWLQJ ²KDSWHU 6$3 6HFXULW $XGLW DQG /RJJLQJ²KDSWHU 8SJUDGH ²$SSHQGL[ $ 6$31HW ² 5 )URQWHQG 1RWHV $²$SSHQGL[ % )UHTXHQWO $VNHG 4XHVWLRQV %²$SSHQGL[ ,PSRUWDQW 6VWHP 3URILOH 3DUDPHWHUV ²*ORVVDU *²,QGH[ ,²Authorizations Made Easy iii
  5. 5. iv
  6. 6. HWDLOHG 7DEOH RI RQWHQWV$FNQRZOHGJHPHQWV [LLL,QWURGXFWLRQ [Y What Is this Book About? ................................................................................... xvi Who Should Read this Book?............................................................................. xvi How to Use this Guide ........................................................................................ xvii Conventions......................................................................................................... xvii:KDW·V 1HZ LQ 5HOHDVH [[L Overview............................................................................................................... xxii User Role Templates........................................................................................... xxii Flexible User Menus............................................................................................ xxii Composite Activity Groups............................................................................... xxiv User Groups........................................................................................................ xxiv Central User Administration ............................................................................. xxivKDSWHU 5 6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSW ² Overview............................................................................................................... 1–2 The Authorization Concept ................................................................................ 1–4 Authorization Object .............................................................................................. 1–5 Authorization Object Fields ................................................................................... 1–6 Authorizations........................................................................................................ 1–6 Authorization Profiles ............................................................................................ 1–7 Naming Convention for Authorization Profiles........................................................ 1–7 User Master Records ............................................................................................ 1–7 Authorization Checks ............................................................................................ 1–8 Activating and Deactivating Authorization Checks in Transactions...................... 1–8 SAP* and DDIC Users ......................................................................................... 1–8 What Is the Profile Generator? .......................................................................... 1–9 Components of the Profile Generator ................................................................. 1–10 Activity Groups...................................................................................................... 1–10 Composite Activity Groups ................................................................................... 1–10 Derived Activity Groups ........................................................................................ 1–10 User Assignment .................................................................................................. 1–10 Generating the Profiles........................................................................................ 1–10 What Is an Activity Group? .............................................................................. 1–12 Activity Group Assignments ................................................................................ 1–12 R/3 login user IDs ............................................................................................... 1–12 Jobs ..................................................................................................................... 1–12 Positions.............................................................................................................. 1–13 Organizational units ........................................................................................... 1–13 What Is a User Role Template? .......................................................................... 1–13Authorizations Made Easy v
  7. 7. Detailed Table of Contents R/3 Tools for Security Implementation ........................................................... 1–14 Case Study: Security Strategy in a Three-System Environment ................. 1–15 Development System (DEV) ............................................................................... 1–15 Quality Assurance System (QAS) ....................................................................... 1–17 Training Client System (TRG)...............................................................................1–17 Production System (PRD) ................................................................................... 1–18 Setting Up the Authorization Administrators ................................................. 1–19 How the Administrators Work Together ..............................................................1–21 Policies and Procedures................................................................................... 1–21 User Administration ............................................................................................. 1–21 Policies ..................................................................................................................1–21 Procedures ............................................................................................................1–22 Roles and Responsibilities ....................................................................................1–22 System Security................................................................................................... 1–23 Policies ..................................................................................................................1–23 Procedures ............................................................................................................1–23 Roles and Responsibilities ....................................................................................1–24 Auditing Requirements ..................................................................................... 1–24KDSWHU $XWKRUL]DWLRQV DQG $6$3 ² Overview ............................................................................................................... 2–2 ASAP Roadmap ................................................................................................... 2–2 Authorizations in the Roadmap Structure ............................................................. 2–4 Knowledge Corner............................................................................................... 2–5 Questions and Answers Database (QAdb) .................................................... 2–6 What Is the QAdb?.............................................................................................. 2–6 How to Work with the QAdb................................................................................ 2–6 How to Generate the Authorization List from the QAdb ..................................... 2–6 Authorization List ................................................................................................ 2–6 What Is the Authorization List?.............................................................................. 2–6 How to Work with the Authorization List................................................................ 2–7 Generate Authorization List from the QAdb..........................................................2–7 Define User Roles ...................................................................................................2–8 Generate User Roles Overview ..............................................................................2–9 Build User Roles .....................................................................................................2–9KDSWHU 6HWWLQJ 8S WKH 3URILOH *HQHUDWRU ² Overview ............................................................................................................... 3–2 Confirming that the Profile Generator Is Active............................................... 3–2 Checking the Required Instance Profile Parameter.............................................. 3–2 Loading the USOBX_C and USOBT_C tables .................................................. 3–4 Initial Copying of SAP Defaults into the Customer Tables (SU25) ....................... 3–4 Transporting the Defaults ...................................................................................... 3–6 Getting Support from the SAPNet – R/3 Frontend Notes................................ 3–7 Accessing the Error Notes Database ....................................................................3–7 Printing Important SAPNet – R/3 Frontend Notes ................................................ 3–8 Applying Advance Corrections to Your R/3 System.............................................. 3–8KDSWHU 8VHU $GPLQLVWUDWLRQ ² Overview ............................................................................................................... 4–2 System Users ....................................................................................................... 4–2 vi Authorizations Made Easy
  8. 8. Detailed Table of Contents External R/3 Users ................................................................................................ 4–3 Internal R/3 Users ................................................................................................. 4–3 Dialog...................................................................................................................... 4–3 Batch Data Communication.................................................................................... 4–3 Background............................................................................................................. 4–3 CPIC ....................................................................................................................... 4–4 Special R/3 Users.................................................................................................. 4–4 SAP* ....................................................................................................................... 4–4 DDIC ....................................................................................................................... 4–4 EarlyWatch ............................................................................................................. 4–4 Creating Users ...................................................................................................... 4–5 User Groups......................................................................................................... 4–5 Authorizations and Authorization Profiles ....................................................... 4–6 Mass Operations ................................................................................................. 4–6 Creating a New User (Client-Specific)............................................................... 4–7 Changing a User’s Password........................................................................... 4–10 Password Requirements ..................................................................................... 4–11 User Information System.................................................................................. 4–12KDSWHU 8VHU 5ROH 7HPSODWHV ² Overview............................................................................................................... 5–2 What Are User Role Templates? ....................................................................... 5–2 User Menu ............................................................................................................ 5–2 How to Work with User Role Templates ........................................................... 5–3 Starting Activity Group Maintenance (PFCG) ....................................................... 5–4 Using the SAP-Provided User Role Templates .................................................... 5–4 Copying and Modifying SAP-Provided User Role Templates............................. 5–10 Create your own User Role Templates............................................................... 5–22 Creating Composite Activity Groups ................................................................... 5–32 Tips for an Administrator ................................................................................. 5–35 Available User Role Templates........................................................................ 5–40 Release 4.6A ....................................................................................................... 5–40 Release 4.6B ....................................................................................................... 5–44KDSWHU $GYDQFHG 3URILOH *HQHUDWRU )XQFWLRQDOLW² Overview............................................................................................................... 6–2 Selecting Views/Types in Activity Group Maintenance .................................. 6–2 Exploring Advanced Profile Generator Functionality ..................................... 6–3 Creating and Changing the Hierarchy................................................................... 6–4 Inserting Transactions ............................................................................................ 6–5 Inserting Internet and Document Links ............................................................... 6–10 Inserting Reports ................................................................................................. 6–12 Displaying the Online Documentation for Activity Group Objects ...................... 6–15 Copying and Deriving Activity Groups ...........................................................6–16 Basics on Duplicating Activity Groups ................................................................ 6–16 Copying Activity Groups ...................................................................................... 6–17 Deriving Activity Groups ...................................................................................... 6–17 Selecting Workflow Tasks................................................................................ 6–21 What You Should Know About Workflow............................................................ 6–21 Deleting Activity Groups .................................................................................. 6–24Release 4.6A/B vii YLL
  9. 9. Detailed Table of Contents Postmaintaining User Role Templates............................................................ 6–25 Different Settings for the Maintenance View ....................................................... 6–25 Maintaining and Generating the Authorization Profiles................................ 6–26 Displaying an Overview of Generated Profiles .............................................. 6–30 Regenerating Authorization Profiles After Making Changes ....................... 6–32 Using Utilities to Change Generated Authorizations .................................... 6–36 Merging Authorizations........................................................................................ 6–36 Reorganizing Technical Names of Authorizations .............................................. 6–37 Customizing Authorizations............................................................................. 6–38 Assigning IMG Projects or Project Views to Activity Groups .............................. 6–38KDSWHU 3UHSDULQJ WKH 5 (QYLURQPHQW IRU *R/LYH ² Overview ............................................................................................................... 7–2 Transports Between Clients............................................................................... 7–2 Transports Between R/3 Systems ..................................................................... 7–3 Transporting Activity Groups ............................................................................ 7–3 Transporting Single Activity Groups Using the Activity Group Maintenance Transaction........................................................................................................ 7–4 Mass Transport of Activity Groups ........................................................................ 7–6 Transporting Check Indicators and Field Values ............................................7–8 Transporting Authorization Templates ............................................................. 7–8 Transporting User Master Records ................................................................... 7–8KDSWHU ,QVHUWLQJ 0LVVLQJ $XWKRUL]DWLRQV ² Manually Postmaintaining Authorizations........................................................ 8–2 When to Insert Missing Authorizations?................................................................ 8–2 Case #1: Authorization Is Missing for Related Transactions ..................................8–2 Case #2: The Generated Profile Does Not Assign Any General Rights to the User ....................................................................................................................8–2 Case #3: Cannot Select Transaction SU53 from the Menu in PFCG .....................8–2 How to Insert Missing Authorizations .................................................................... 8–3 Manually Inserting Authorizations..................................................................... 8–3 Using Selection Criteria ......................................................................................... 8–4 Inserting Manually.................................................................................................. 8–6 Inserting Authorizations from Templates ......................................................... 8–7 Creating a New Template...................................................................................... 8–7 Inserting Authorizations from a Template ........................................................... 8–10 Inserting Authorizations from a Profile........................................................... 8–12 Inserting Full Authorizations: Profile “YourCompany” ............................ 8–15KDSWHU $VVLJQLQJ $FWLYLW *URXSV² Overview ............................................................................................................... 9–2 Assigning Users to Activity Groups.................................................................. 9–3 Assigning Activity Groups to Users.................................................................. 9–6 Assigning PD Objects to Activity Groups ........................................................ 9–7 Assigning Activity Groups to PD Objects ...................................................... 9–10 Transferring Users from an IMG Project to an Activity Group ..................... 9–13 Updating Profiles in the User Master Records............................................... 9–15 viii Authorizations Made Easy
  10. 10. Detailed Table of Contents Comparing User Master Data from Within Transaction PFCG........................... 9–15 Profile Comparisons Using Mass Compare (PFUD)........................................... 9–18 Report PFCG_TIME_DEPENDENCY to Schedule Time Dependency.............. 9–19 Creating a Sample Organizational Plan .......................................................... 9–21 Using the Classic R/3 Transaction ...................................................................... 9–22 Using the Enjoy Transaction ............................................................................... 9–27 Structural Authorizations ................................................................................. 9–28KDSWHU 6HWWLQJ 8S WKH $/( (QYLURQPHQW IRU HQWUDO 8VHU $GPLQLVWUDWLRQ² Overview............................................................................................................. 10–2 Setting Up an ALE User.................................................................................... 10–3 Naming Logical Systems.................................................................................. 10–5 Assigning Logical Systems to Clients............................................................ 10–8 Defining Target System for RFC Calls .......................................................... 10–10 Distribution Model........................................................................................... 10–13 Generating Partner Profiles in the Central System ..................................... 10–16 Distributing Model View ................................................................................. 10–17 Generating Partner Profiles in the Client System........................................ 10–18KDSWHU 6HWWLQJ 8S HQWUDO 8VHU $GPLQLVWUDWLRQ ² Overview............................................................................................................. 11–2 Assigning the Central User Administration Distribution Model .................. 11–2 Testing Central User Administration .............................................................. 11–3 Migrating Existing Users to the Central System............................................ 11–7 Defining Field Attributes for User Maintenance ............................................ 11–9 Global User Manager ...................................................................................... 11–10 Structure of the Global User Manager .............................................................. 11–12 Using the Global User Manager........................................................................ 11–12 System Landscape with Existing Users ............................................................. 11–12 System Landscape Without Existing Users........................................................ 11–13 User Creation...................................................................................................... 11–14 Defining System Types and User Groups......................................................... 11–14 Modeling with the Global User Manager........................................................... 11–16 Authorization for the Global User Manager....................................................... 11–17 Distributing Data in the Global User Manager .................................................. 11–18 Immediate Distribution........................................................................................ 11–19 Scheduling Background Distribution................................................................... 11–19KDSWHU 7LSV DQG 7URXEOHVKRRWLQJ ² Overview............................................................................................................. 12–2 Tracing Authorizations with Transaction SU53 ............................................. 12–2 System Trace Using Transaction ST01........................................................... 12–4 Analyzing a Written Trace File ......................................................................... 12–9 Reducing the Scope of Authorization Checks............................................. 12–12 Overview............................................................................................................ 12–12 Enabling the Profile Generator.......................................................................... 12–12 Enabling/Disabling Other System-wide Checks ............................................... 12–12Release 4.6A/B ix L[
  11. 11. Detailed Table of Contents Enabling auth/tcodes_not_checked ....................................................................12–12 Enabling auth/rfc_authority_check......................................................................12–13 Globally Deactivating or Activating Authorization Checks ..................................12–13 Parameter Transactions......................................................................................12–18 Deactivating Authorization Checks Using SU24 ............................................... 12–18 Reducing the Scope of Authorization Checks................................................... 12–19 Maintaining Check Indicators for Transaction Codes .........................................12–20 Mass Change of Check Indicators ......................................................................12–28 Maintaining Authorizations in the Activity Groups...............................................12–32KDSWHU 6$3 6HFXULW $XGLW DQG /RJJLQJ ² Overview ............................................................................................................. 13–2 Audit Tools (SM20, SM19, SECR) .................................................................... 13–2 Security Audit Log (SM20)................................................................................... 13–2 Running the Audit Log...........................................................................................13–4 Setting Security Audit Log Parameters (SM19) .................................................. 13–5 Defining Filter Group 1 ..........................................................................................13–7 Defining Filter Group 2 ..........................................................................................13–7 Audit Information System (SECR)..................................................................... 13–11 Complete Audit....................................................................................................13–12 User-Defined Audit..............................................................................................13–16 User Security Audit Jobs ................................................................................... 13–18 Audit Tasks (SM21, STAT, ST03) ................................................................... 13–20 Reviewing Validity of Named Users .................................................................. 13–20 Reviewing Profiles for Accuracy and Permission Creep................................... 13–21 System Log (SM21)........................................................................................... 13–22 Statistic Records in CCMS (STAT) ................................................................... 13–24 ST03 – User Profile ........................................................................................... 13–26 Logging of Specific Activities............................................................................. 13–28 Logging Changes to Table Data .........................................................................13–28 Logging Changes to User Master Records, Profiles, and Authorizations 13–30KDSWHU 8SJUDGH ² Before Doing Any Upgrade .............................................................................. 14–2 Validation Steps After Upgrading Is Completed ............................................ 14–3 Converting Previously Created SU02 Profiles to Activity Groups............... 14–4 Creating an Activity Group from Manually Maintained Profiles........................... 14–4 Removing User Assignments from the Original SU02 Profile............................. 14–9 Upgrading from a Release Prior to 3.1x to 4.6 A/B ...................................... 14–11 Converting Existing Authorization Profiles for the Profile Generator ................ 14–11 Re-creating the Authorization Profiles from Scratch Using the Profile Generator ...................................................................................................... 14–11 Upgrading from Release 3.0F to 4.6 A/B....................................................... 14–12 Upgrade from Releases 3.1G, 3.1H, 3.1I to 4.6 A/B...................................... 14–14 Upgrade from Releases 4.0x or 4.5x to 4.6 A/B............................................ 14–22$SSHQGL[ $ 6$31HW ² 5 )URQWHQG 1RWHV $² Overview ...............................................................................................................A–2 SAPNet – R/3 Frontend Notes ............................................................................A–3 x Authorizations Made Easy
  12. 12. Detailed Table of Contents$SSHQGL[ % )UHTXHQWO $VNHG 4XHVWLRQV %² Overview...............................................................................................................B–2 R/3 Initial Screen (SAP Easy Access Menu) and Favorites ............................B–2 Profile Generator Setup ......................................................................................B–3 Working with the PG and Profiles .....................................................................B–3 Authorization Checks (SU24).............................................................................B–5 Upgrade Procedure (SU25) ................................................................................B–7 Including Transactions or Reports ...................................................................B–7 Missing Authorizations.......................................................................................B–7 User Administration ............................................................................................B–8 Transporting ........................................................................................................B–8 Tables ...................................................................................................................B–8$SSHQGL[ ,PSRUWDQW 6VWHP 3URILOH 3DUDPHWHUV ² Incorrect Logons, Default Clients, and Default Start Menu............................C–2 Setting Password Length and Expiration.........................................................C–2 Specifying Impermissible Passwords...............................................................C–3 Securing SAP* Against Misuse..........................................................................C–3 Tracing Authorizations .......................................................................................C–3 Profile Generator and Transaction SU24..........................................................C–4 User Buffer ...........................................................................................................C–4 No Check on Object S_TCODE ..........................................................................C–4 No Check on Certain ABAP Objects .................................................................C–4 RFC Authority Check ..........................................................................................C–5*ORVVDU *²,QGH[ ,²Release 4.6A/B xi [L
  13. 13. Detailed Table of Contents xii Authorizations Made Easy
  14. 14. $FNQRZOHGJPHQWV, ZLVK WR H[SUHVV DSSUHFLDWLRQ WR WKH IROORZLQJ LQGLYLGXDOV ZKR SURYLGHG WLPH PDWHULDO H[SHUWLVH DQGUHVRXUFHV WR KHOS PDNH WKLV JXLGHERRN SRVVLEOH LQ DOSKDEHWLFDO RUGHU
  15. 15. 6$3 $* 1RUPDQ H /HHXZ 0DWKLDV .LQ]OHU (UZLQ 5RMHZVNL 0DUNXV 6FKPLGW +HLNR 6WRFN 6YHQ 6FKZHULQ:HQ]HO 7KRUVWHQ 9LHWK6$3 $PHULFD 0DULD *UHJJ ´DVSHUµ :DL)X .DQ DQLHO%HQMDPLQ )LJ =DLGVSLQHU6$3 /DEV $QLO -DLQ -RKQ .DQFOLHU 2OLYHU 0DLQND *DU 1DNDDPD .XUW :ROI1LKDG $O)WDHK6$3 /DEV ,QF xiii
  16. 16. Acknowledgmentsxivxiv Authorizations Made Easy
  17. 17. ,QWURGXFWLRQRQWHQWVWhat Is this Book About? .......................................................................................xviWho Should Read this Book?.................................................................................xviHow to Use this Guide............................................................................................xviiConventions ............................................................................................................xvii xv
  18. 18. IntroductionWhat Is this Book About?:KDW ,V WKLV %RRN $ERXW 7KLV JXLGHERRN LV GHVLJQHG WR KHOS RX VHW XS WKH DXWKRUL]DWLRQ HQYLURQPHQW LQ WKH FXVWRPHU VVWHP XVLQJ WKH 3URILOH *HQHUDWRU 3*
  19. 19. ,W H[SODLQV ZKDW RX QHHG WR NQRZ WR SHUIRUP WKLV WDVN DQG KHOSV RX XVH WKH VWDQGDUG WRROV SURYLGHG ZLWK RXU VVWHP 7KLV ERRN GRHV QRW FRYHU DXWKRUL]DWLRQV IRU DGGRQ FRPSRQHQWV RU 1HZ LPHQVLRQ SURGXFWV ,W DOVR GRHV QRW FRYHU ,QWHUQHWUHODWHG DXWKRUL]DWLRQV HQFUSWLRQ DXWKHQWLFDWLRQ DQG FUHGLW FDUG VHFXULW
  20. 20. 7KLV JXLGH UHIHUV WR 5HOHDVH $% RI WKH 6$3 5 6VWHP $OO VFUHHQVKRWV DUH IURP 5HOHDVH $ XQOHVV RWKHUZLVH QRWHG 7KH VWUXFWXUH RI WKLV JXLGHERRN PDWFKHV WKH VHWXS RI WKH DXWKRUL]DWLRQ FRQFHSW SURJUHVVLQJ IURP D QHZ 5 LQVWDOODWLRQ DOO WKH ZD WR DQ XSJUDGH ,I RX XSJUDGH IURP DQ ROGHU UHOHDVH VHH FKDSWHU 8SJUDGH IRU PRUH LQIRUPDWLRQ 7KH JUDSKLF EHORZ SURYLGHV DQ URXJK RYHUYLHZ DERXW WKH 5 DXWKRUL]DWLRQ FFOH )RU D PRUH GHWDLOHG LQIRUPDWLRQ RQ WKH DXWKRUL]DWLRQ FFOH DQG WKH WRROV XVHG VHH FKDSWHU 5 6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSW Operations and Evaluation Implementation Continuous Improvement Upgrade + Preparing the R/3 Environment Production Authorizations Scoping Ongoing and Preparation for Go-Live Phase Development 7KLV JXLGH SURYLGHV RX ZLWK WKH IROORZLQJ 7KH ELJ SLFWXUH VHFXULW DQG WKH DXWKRUL]DWLRQ FRQFHSW LQ 5
  21. 21. 7DVNV RX QHHG WR SHUIRUP GXULQJ DQG DIWHU LQVWDOODWLRQ RI 5 WR IDFLOLWDWH WKH XVH RI WKH 3* 7DVNV RX QHHG WR SHUIRUP DIWHU DQ XSJUDGH RI WKH 5 6VWHP $OO WKH HVVHQWLDO VWHSV IRU VHFXULW LPSOHPHQWDWLRQ XVLQJ WKH 3* DQG HQWUDO 8VHU $GPLQLVWUDWLRQ 7DVNV WR SUHSDUH IRU JRLQJ OLYH $SSHQGL[HV ZLWK WKH PRVW LPSRUWDQW 6$31HW ² 5 )URQWHQG QRWHV IRU DXWKRUL]DWLRQV DQG WKH PRVW IUHTXHQWO DVNHG TXHVWLRQV:KR 6KRXOG 5HDG WKLV %RRN 7KLV JXLGH ZDV GHVLJQHG IRU WKH IROORZLQJ SHRSOH XVLQJ WKH 3* HLWKHU LQ DQ LPSOHPHQWDWLRQ SURMHFW RU DV DQ RQJRLQJ UHIHUHQFH %DVLV RQVXOWDQWV ZKR LQVWDOO 5 DQG VHW XS WKH VHFXULW DW FXVWRPHU VLWHVxvixvi Authorizations Made Easy
  22. 22. Introduction How to Use this Guide $SSOLFDWLRQ RQVXOWDQWV ZKR ZDQW WR VWDUW XVLQJ WKH 3* DV WKH EDVLV IRU WKHLU FXVWRPHU VHFXULW LPSOHPHQWDWLRQ XVWRPHU ,7 DQG KHOS GHVN SHUVRQQHO+RZ WR 8VH WKLV *XLGH HSHQGLQJ RQ RXU JHQHUDO 6$3 DQG DXWKRUL]DWLRQVSHFLILF NQRZOHGJH VWDUW ZLWK WKH IROORZLQJ VHFWLRQV ,I RX KDYH OLWWOH RU QR NQRZOHGJH FRQFHUQLQJ VHFXULW DQG WKH DXWKRUL]DWLRQ FRQFHSW LQ 5 VWDUW ZLWK FKDSWHU 5 6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSW (YHURQH HYHQ WKH H[SHUWV VKRXOG UHDG FKDSWHU 6HWWLQJ 8S WKH 3URILOH *HQHUDWRU )DPLOLDULW ZLWK WKLV FKDSWHU HQVXUHV D FRPSOHWH VHWXS EHIRUH RX DFWXDOO VWDUW ZRUNLQJ ZLWK WKH 3* ,I RX KDYH DOUHDG XVHG WKH 3* LQ 5HOHDVH )*+$%$ RU % ZH VWURQJO UHFRPPHQG WKDW RX UHDG WKH FKDSWHU :KDWªV 1HZ LQ 5HOHDVH DQG WKH DSSURSULDWH VHFWLRQ LQ FKDSWHU 8SJUDGH ,Q WKLV FKDSWHU ZH GLVFXVV WKH VWHSV WR EH SHUIRUPHG EHIRUH RX FRQWLQXH ZRUNLQJ ZLWK WKH 3* DIWHU DQ 5 6VWHP XSJUDGH :H SURYLGH LQIRUPDWLRQ IRU D VPRRWK WUDQVLWLRQ WR RXU QH[W UHOHDVH 5HDG FKDSWHUV ² DW OHDVW RQFH IRU LQIRUPDWLRQ UHODWHG WR WKH LPSOHPHQWDWLRQ RI VHFXULW DQG XVLQJ WKH 3URILOH *HQHUDWRU $IWHU WKDW RX FDQ EURZVH WKH FKDSWHUV RQ SHUIRUPLQJ VSHFLILF WDVNV %HIRUH WUDQVSRUWLQJ DFWLYLW JURXSV UHDG FKDSWHU 3UHSDULQJ WKH 5 (QYLURQPHQW IRU *R /LYH FDUHIXOO KDSWHU 7LSV DQG 7URXEOHVKRRWLQJ KHOSV VROYH RQJRLQJ DXWKRUL]DWLRQ SUREOHPV RQFH RX JR OLYH HUWDLQ WHUPLQRORJ XVHU LQIRUPDWLRQ DQG VSHFLDO LFRQV DUH XVHG WKURXJKRXW WKLV JXLGH 7KH IROORZLQJ VHFWLRQV H[SODLQ KRZ WR LGHQWLI DQG XVH WKHVH KHOSIXO IHDWXUHVRQYHQWLRQV ,Q WKH WDEOH EHORZ RX ZLOO ILQG VRPH RI WKH WH[W FRQYHQWLRQV XVHG WKURXJKRXW WKLV JXLGH ROXPQ 7LWOH ROXPQ 7LWOH 6DQVVHULI LWDOLF 6FUHHQ QDPHV RU RQVFUHHQ REMHFWV EXWWRQV ILHOGV VFUHHQ WH[W HWF
  23. 23. Monospace 8VHU LQSXW WH[W WKH XVHU WSHV YHUEDWLP
  24. 24. 1DPH → 1DPH 0HQX VHOHFWLRQ 1DPH LV WKH PHQX QDPH DQG 1DPH LV WKH LWHP RQ WKH PHQXRelease 4.6A/B xvii xvii
  25. 25. IntroductionConventions 6DPSOH 5 5HOHDVH 6FUHHQ Menu Bar Standard Toolbar Screen Title ♦ Application Toolbar User menu SAP standard menu ♣ Workplace Menu Workplace Status Bar ♦ $SSOLFDWLRQ WRROEDU 7KH VFUHHQVKRWV VKRZQ LQ WKLV JXLGH DUH EDVHG RQ IXOO XVHU DXWKRUL]DWLRQ 6$3B$//
  26. 26. HSHQGLQJ RQ RXU DXWKRUL]DWLRQV VRPH RI WKH EXWWRQV RQ RXU DSSOLFDWLRQ WRROEDU PD QRW EH DYDLODEOH ♣ :RUNSODFH PHQX HSHQGLQJ RQ RXU DXWKRUL]DWLRQV RXU ZRUNSODFH PHQX PD ORRN GLIIHUHQW IURP VFUHHQVKRWV LQ WKLV JXLGH ZKLFK DUH EDVHG RQ 6$3B$// 7KH 8VHU PHQX DQG 6$3 VWDQGDUG PHQX EXWWRQV SURYLGH GLIIHUHQW YLHZV RI WKH ZRUNSODFH PHQX ,Q WKLV JXLGHERRN RX OHDUQ KRZ WR EXLOG XVHU PHQXV 1RWH ,Q WKLV JXLGHERRN ZH VKRZ WKH WHFKQLFDO QDPHV RI HDFK WUDQVDFWLRQ 7R PDWFK RXU VHWWLQJV FKRRVH ([WUDV → 6HWWLQJV DQG VHOHFW 6KRZ WHFKQLFDO QDPHVxviii Authorizations Made Easy xviii
  27. 27. Introduction Conventions 6SHFLDO ,FRQV 7KURXJKRXW WKLV JXLGH VSHFLDO LFRQV LQGLFDWH LPSRUWDQW PHVVDJHV %HORZ DUH EULHI H[SODQDWLRQV RI HDFK LFRQ ([HUFLVH FDXWLRQ ZKHQ SHUIRUPLQJ WKLV WDVN RU VWHS $Q H[SODQDWLRQ RI ZK RX VKRXOG EH FDUHIXO LV LQFOXGHG 7KLV LQIRUPDWLRQ KHOSV RX XQGHUVWDQG WKH WRSLF LQ JUHDWHU GHWDLO ,W LV QRW QHFHVVDU WR NQRZ WKLV LQIRUPDWLRQ WR SHUIRUP WKH WDVN 7KHVH PHVVDJHV SURYLGH KHOSIXO KLQWV DQG VKRUWFXWV WR PDNH RXU ZRUN IDVWHU DQG HDVLHURelease 4.6A/B xix xix
  28. 28. IntroductionConventionsxx xx Authorizations Made Easy
  29. 29. :KDW·V 1HZ LQ 5HOHDVH RQWHQWVOverview ..................................................................................................................xxiiUser Role Templates...............................................................................................xxiiFlexible User Menus ...............................................................................................xxiiComposite Activity Groups...................................................................................xxivUser Groups ...........................................................................................................xxivCentral User Administration .................................................................................xxiv xxi
  30. 30. What’s New in Release 4.6Overview2YHUYLHZ 7KLV FKDSWHU SURYLGHV D EULHI GHVFULSWLRQ RI WKH QHZ IXQFWLRQDOLW LQ DXWKRUL]DWLRQUHODWHG WRSLFV LQ WKH 5 5HOHDVH )RU VWHSEVWHS SURFHGXUHV DQG GHWDLOHG LQIRUPDWLRQ RQ VSHFLILF WRSLFV SOHDVH VHH WKH DSSURSULDWH FKDSWHUV DV UHIHUHQFHG )RU WKH ODWHVW LQIRUPDWLRQ RX VKRXOG DOZDV FKHFN WKH UHOHDVH QRWHV IRU 5HOHDVH 8VHU 5ROH 7HPSODWHV :LWK 5HOHDVH $ 6$3 GHOLYHUV RYHU XVHU UROH WHPSODWHV 7KH XVHU UROH WHPSODWHV DUH SUHGHILQHG DFWLYLW JURXSV FRQVLVWLQJ RI WUDQVDFWLRQV UHSRUWV DQG ZHE DGGUHVVHV RX KDYH WKUHH PHWKRGV WR ZRUN ZLWK XVHU UROH WHPSODWHV 8VH DV GHOLYHUHG RS DQG FKDQJH WKHP WR VXLW RXU QHHGV UHDWH RXU RZQ DFWLYLW JURXSV IURP VFUDWFK 2QFH XVHUV DUH DVVLJQHG WR RQH RU PRUH DFWLYLW JURXSV DQG ORJ RQWR WKH VVWHP WKH VHH WKHLU XVHU PHQX $V VKRZQ LQ WKH JUDSKLF RQ WKH QH[W SDJH WKLV XVHU PHQX FRQWDLQV RQO WKRVH LWHPV VXFK DV WUDQVDFWLRQV UHSRUWV DQG ZHE DGGUHVVHV WKH QHHG WR SHUIRUP WKHLU GDLO WDVNV 8VHUV FDQ DOVR DGG WKHLU PRVW IUHTXHQWO XVHG WUDQVDFWLRQV WR D )DYRULWHV PHQX IRU TXLFNHU DFFHVV)OH[LEOH 8VHU 0HQXV $V RI 5HOHDVH $ WKH VVWHP GLVSODV D VSHFLILF XVHU PHQX LQ WKH IRUP RI D WUHH DIWHU XVHUV ORJ RQ WR WKH VVWHP VHH JUDSKLF RQ QH[W SDJH
  31. 31. 7KLV XVHU PHQX LV EDVHG RQ WKH XVHU UROH WHPSODWH RU DFWLYLW JURXS WKH XVHU LV DVVLJQHG WR 8VHUV QR ORQJHU KDYH WR QDYLJDWH WKURXJK XQQHFHVVDU 5 IXQFWLRQV IRU ZKLFK WKH KDYH QR DXWKRUL]DWLRQ 7KH FRPSDQ PHQX LV QR ORQJHU DYDLODEOH DV RI 5HOHDVH $ :KHQ D IXQFWLRQ LV VHOHFWHG LW VWDUWV LQ WKH VDPH VHVVLRQ UHSODFLQJ WKH XVHU PHQX ZLWK WKH H[HFXWHG IXQFWLRQ :KHQ D XVHU H[LWV D WUDQVDFWLRQ RU VWDUWV D QHZ VHVVLRQ WKH VSHFLILF XVHU PHQX DXWRPDWLFDOO UHDSSHDUV $ORQJ ZLWK WKH XVHU PHQXV RX FDQ GLVSOD D FRPSOHWH YLHZ RI DOO IXQFWLRQV GHOLYHUHG E 6$3 XVLQJ WKH 6$3 VWDQGDUG PHQX 7KLV FRPSOHWH YLHZ GLVSODV DXWRPDWLFDOO LI QR XVHUxxii Authorizations Made Easy xxii
  32. 32. What’s New in Release 4.6 Flexible User Menus PHQXV KDYH EHHQ GHILQHG RU LI WKH DGPLQLVWUDWRU KDV FKRVHQ WKLV RSWLRQ ZKHQ GHILQLQJ QHZ XVHU PHQXV 8VHU 0HQX ([DPSOH +HUH DUH VRPH H[DPSOHV RI GHOLYHUHG DFWLYLW JURXSV %DVLV 0LVFHOODQHRXV $XWKRUL]DWLRQ GDWD DGPLQLVWUDWRU 2 6DOHV PDQDJHU $XWKRUL]DWLRQ SURILOH DGPLQLVWUDWRU 2 +HDG RI FRQWUROOLQJ 8VHU DGPLQLVWUDWRU ), $FFRXQWV SDDEOH DFFRXQWDQW 6VWHP DGPLQLVWUDWRU ), $FFRXQWV UHFHLYDEOH DFFRXQWDQW %DFNJURXQG DGPLQLVWUDWRU /2 3URGXFWLRQ SODQQLQJ :RUNHU DWDEDVH DGPLQLVWUDWRU /2 3URGXFWLRQ SODQQLQJ 2SHUDWRU XVWRPL]LQJ SURMHFW PHPEHU 00 $FFRXQWV SDDEOH FOHUNRelease 4.6A/B xxiii xxiii
  33. 33. What’s New in Release 4.6Composite Activity GroupsRPSRVLWH $FWLYLW *URXSV $V RI 5HOHDVH $ LW LV SRVVLEOH WR FUHDWH DQ DFWLYLW JURXS WKDW FRQWDLQV D FROOHFWLRQ RI RWKHU DFWLYLW JURXSV 7KLV DFWLYLW JURXS LV FDOOHG D FRPSRVLWH DFWLYLW JURXS RPSRVLWH DFWLYLW JURXSV FRQWDLQ RQO RWKHU DFWLYLW JURXSV DQG QR DXWKRUL]DWLRQ GDWD8VHU *URXSV ,QVWHDG RI XVLQJ XVHU JURXSV WR RQO GLVWULEXWH XVHU PDLQWHQDQFH DPRQJ VHYHUDO DGPLQLVWUDWRUV RX FDQ QRZ DVVLJQ XVHUV WR RQH RU PRUH XVHU JURXSV 7KH FDWHJRU 8VHU JURXS FDQ EH XVHG DV D EDVLV IRU EHWWHU GLVWULEXWLRQ RI XVHU GDWD LQFUHDVLQJ WKH VSHHG RI HQWUDO 8VHU $GPLQLVWUDWLRQHQWUDO 8VHU $GPLQLVWUDWLRQ ,I D VVWHP JURXS FRQVLVWV RI GLIIHUHQW 5 6VWHPV ZLWK PXOWLSOH FOLHQWV WKHQ WKH VDPH XVHUV DUH FUHDWHG VHYHUDO WLPHV LQ HYHU FOLHQW DQG DVVLJQHG WR DFWLYLW JURXSV HQWUDO 8VHU $GPLQLVWUDWLRQ LV GHVLJQHG WR FDUU RXW WKHVH WDVNV LQ D FHQWUDO VVWHP DQG WKHQ GLVWULEXWH WKLV GDWD WR DOO VVWHPV LQ WKH VVWHP JURXS 7KH *OREDO 8VHU 0DQDJHU SURYLGHV WKH VVWHP DGPLQLVWUDWRU ZLWK DQ RYHUYLHZ RI WKH XVHUV H[LVWLQJ XVHU JURXSV WKH VVWHPV LQ WKH VVWHP JURXS DQG WKH DFWLYLW JURXSV % VLPSO XVLQJ GUDJDQGGURS WKH VVWHP DGPLQLVWUDWRU FDQ PDNH FKDQJHV LQ WKH RYHUYLHZ 7KHVH FKDQJHV WDNH HIIHFW DIWHU GLVWULEXWLRQ WR GHSHQGHQW VVWHPVxxiv Authorizations Made Easy xxiv
  34. 34. KDSWHU 5 6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSWRQWHQWVOverview ..................................................................................................................1–2The Authorization Concept ....................................................................................1–4SAP* and DDIC Users .............................................................................................1–8What Is the Profile Generator? ..............................................................................1–9What Is an Activity Group? ..................................................................................1–12R/3 Tools for Security Implementation ...............................................................1–14Case Study: Security Strategy in a Three-System Environment .....................1–15Setting Up the Authorization Administrators.....................................................1–19Policies and Procedures ......................................................................................1–21Auditing Requirements ........................................................................................1–24 1–1
  35. 35. Chapter 1: R/3 System Security and the Authorization ConceptOverview2YHUYLHZ ,Q WKLV FKDSWHU ZH H[SODLQ WKH VHWXS DQG PDLQWHQDQFH RI WKH 5 DXWKRUL]DWLRQ FRQFHSW WKURXJK WKH FRPSOHWH 5 OLIHFFOH 7KH JUDSKLF EHORZ LOOXVWUDWHV WKH 5 DXWKRUL]DWLRQ FFOH DQG WKH WRROV XVHG LQ YDULRXV VWDJHV RI WKH LPSOHPHQWDWLRQ Operations and Evaluation Implementation Continuous Improvement Upgrade + Preparing the R/3 Environment Production Authorizations Scoping Ongoing and Preparation for Go-Live Phase Development Description of Setting up User User role Preparation for Going live, ASAP Miscellaneous Upgrade auth. concept the profile admin. templates Transporting (AG, user, generator templates,…) Setting up ALE Info gathering Roadmap, + structure IMG R/3 Users 3 methods of using user role templates: Infosystem. 3.x-4.x Õ 4.6 Setting up Central - Use as is User Admnistration Strategy, SU25 - Copy + change QAdb (4.6B) Tips SU25 Definition First installation - Create own Global user Troubleshoot. Upgrade manager Authorization SAPNet -R/3 Description how to work with user role templates (AG) Security list (AL.xls) Frontend (which exists, how to use, Audit notes (formerly OSS) customizing, creating, etc.) 7RROV WR 6XSSRUW WKH 5 $XWKRUL]DWLRQ FOH 7KH JXLGHERRN LV GLYLGHG LQWR IRXU VHSDUDWH SKDVHV $XWKRUL]DWLRQ 6FRSLQJ FKDSWHU
  36. 36. 3UHSDULQJ WKH 5 (QYLURQPHQW DQG 3UHSDUDWLRQ IRU *R /LYH FKDSWHU
  37. 37. 3URGXFWLRQ 3KDVH FKDSWHU
  38. 38. 8SJUDGH DQG 2QJRLQJ HYHORSPHQW FKDSWHU
  39. 39. :H EHJLQ ZLWK WKH 5 DXWKRUL]DWLRQ FRQFHSW DQG WKH DXWKRUL]DWLRQ GHVLJQ VR RX FDQ PHHW UHTXLUHPHQWV VXFK DV PD[LPXP VHFXULW HDV XVHU PDLQWHQDQFH DQG VXIILFLHQW SULYLOHJHV IRU HQG XVHUV WR IXOILOO WKHLU MRE GXWLHV 7KH DXWKRUL]DWLRQ FRQFHSW GHILQHV WKH IXQFWLRQV WR EH FDUULHG RXW LQ YDULRXV RUJDQL]DWLRQDO XQLWV E SHRSOH LQ VSHFLILF SRVLWLRQV 7KH FRQFHSW DOVR H[WHQGV WKH 5 RQOLQH GRFXPHQWDWLRQ RQ DXWKRUL]DWLRQV DQG SURILOHV UHTXLUHG IRU WKH YDULRXV HQWHUSULVH DUHDV ,PSOHPHQWLQJ D PXOWLOHYHO FOLHQWVHUYHU HQYLURQPHQW RQ :$1V SURYLGHV JUHDW IOH[LELOLW %XW LQ WKLV HQYLURQPHQW KLJKO VHQVLWLYH GDWD DQG SURJUDPV DUH DW D JUHDWHU ULVN RI EHLQJ ORVW PDQLSXODWHG DQG VSLHG XSRQ WKDQ LQ D FRQYHQWLRQDO PDLQIUDPH HQYLURQPHQW (YHQ ZLWK ORFDO RSHUDWLRQ WKLV ULVN DSSOLHV WR DOO WKUHH ODHUV 3UHVHQWDWLRQ $SSOLFDWLRQ DQG DWDEDVH
  40. 40. DQG EHFRPHV HYHQ PRUH DFXWH WKDQ :$1V Authorizations Made Easy 1–2
  41. 41. Chapter 1: R/3 System Security and the Authorization Concept Overview 7KH IROORZLQJ JUDSKLF VKRZV KRZ 5 FRYHUV WKH DVSHFWV RI GDWD SURWHFWLRQ DQG VHFXULW 6ˆ‡u‚…v“h‡v‚Ã p‚‰r…rqÃv 8‚prƒ‡ÃvÃSà à 9h‡hł‡rp‡v‚Ã 6ˆ‡u‚…v“h‡v‚† h‡Ãqh‡hih†rÃyr‰ry ÃHhqrÃ@h†’ SAP SAP 9h‡hÃihpxˆƒ 6ppr††Ãƒ…‚‡rp‡v‚ Q…‚‡rp‡v‚Ãh‡Ã p‚€€ˆvph‡v‚Ãyr‰ry S D‡rt…v‡’Ãpurpx S DWD 3URWHFWLRQ DQG 6HFXULW 7R PHHW WKH KLJK GHPDQGV RI GDWD SURWHFWLRQ DQG VHFXULW 6$3 SURYLGHV WKH IROORZLQJ 5 VHFXULW PHFKDQLVPV $XWKRUL]DWLRQ FRQFHSW WKLV JXLGHERRN GLVFXVVHV DQ DXWKRUL]DWLRQ GHVLJQ XVLQJ WKH 3URILOH *HQHUDWRU
  42. 42. $FFHVV SURWHFWLRQ DQG DXWKHQWLFDWLRQ RXWVLGH RI 5 LQFOXGLQJ DXWKRUL]DWLRQV EHWZHHQ :HEEDVHG DSSOLFDWLRQV DQG 5 QRW GLVFXVVHG LQ WKLV JXLGH
  43. 43. 3URWHFWLRQ DW QHWZRUN FRPPXQLFDWLRQ OHYHO QRW GLVFXVVHG LQ WKLV JXLGH
  44. 44. DWD SURWHFWLRQ DW GDWDEDVH OHYHO QRW GLVFXVVHG LQ WKH JXLGH
  45. 45. Release 4.6A/B 1–3
  46. 46. Chapter 1: R/3 System Security and the Authorization ConceptThe Authorization Concept7KH $XWKRUL]DWLRQ RQFHSW 7KH FRQFHSW RI DXWKRUL]DWLRQV LQ WKH 5 6VWHP LQFOXGHV WKH IROORZLQJ 3URILOH *HQHUDWRU /RFNLQJ DQG XQORFNLQJ WUDQVDFWLRQV /RFNHG UHFRUGV 6WUXFWXUDO DXWKRUL]DWLRQV 1RW GLVFXVVHG LQ WKLV YHUVLRQ VHH $XWKRUL]DWLRQV 0DGH (DV JXLGHERRN $% IRU LQIRUPDWLRQ
  47. 47. DWD HQFUSWLRQ QRW GLVFXVVHG LQ WKLV ERRN
  48. 48. /RFNLQJ VVWHP IRU FKDQJHV 7KH 5 DXWKRUL]DWLRQ FRQFHSW SHUPLWV WKH DVVLJQPHQW RI JHQHUDO DQGRU ILQHO GHWDLOHG XVHU DXWKRUL]DWLRQV 7KHVH DVVLJQPHQWV FDQ UHDFK GRZQ WR WKH WUDQVDFWLRQ ILHOG DQG ILHOG YDOXH OHYHO 7KHVH DXWKRUL]DWLRQV DUH FHQWUDOO DGPLQLVWHUHG LQ XVHU PDVWHU UHFRUGV DQG PRVW DOORZ WKH KDQGOLQJ RI FHUWDLQ 5 FRPSRQHQWV DSSOLFDEOH WR VSHFLILF RSHUDWLRQV $FWLRQV E D XVHU PD UHTXLUH VHYHUDO DXWKRUL]DWLRQV )RU H[DPSOH WR FKDQJH D PDWHULDO PDVWHU UHFRUG DXWKRUL]DWLRQV DUH UHTXLUHG IRU WKH 7UDQVDFWLRQ ´FKDQJHµ 6SHFLILF PDWHULDO *HQHUDO DXWKRUL]DWLRQ WR ZRUN ZLWKLQ WKH FRPSDQ FRGH 7KH UHVXOWLQJ UHODWLRQVKLSV FDQ EHFRPH YHU FRPSOH[ 7R PHHW WKHVH UHTXLUHPHQWV WKH 5 DXWKRUL]DWLRQ FRQFHSW KDV EHHQ LPSOHPHQWHG DV D IRUP RI SVHXGRREMHFWRULHQWHG FRQFHSW ZLWK FRPSOHWH DXWKRUL]DWLRQ REMHFWV (DFK DXWKRUL]DWLRQ REMHFW LV D FRPELQDWLRQ RI DXWKRUL]DWLRQ ILHOGV $Q DXWKRUL]DWLRQ DOZDV UHIHUV WR DQ DXWKRUL]DWLRQ REMHFW DQG FDQ FRQWDLQ LQWHUYDOV IRU WKH ILHOG YDOXHV $XWKRUL]DWLRQ FKHFNV SURWHFW WKH IXQFWLRQV RU REMHFWV RX FKRRVH 6WDQGDUGGHOLYHUHG 5 KDV DXWKRUL]DWLRQ FKHFNV HPEHGGHG LQ WKH SURJUDP ORJLF 3URJUDPPHUV KDYH WR GHFLGH ZKLFK DVSHFWV RI WKHLU SURJUDPPHG IXQFWLRQDOLW VKRXOG EH FKHFNHG DQG KRZ WKH FKHFN VKRXOG EH FRQGXFWHG $XWKRUL]DWLRQ DGPLQLVWUDWRUV FUHDWH DXWKRUL]DWLRQV WKDW DUH DVVLJQHG WR XVHUV LQ FROOHFWLRQV FDOOHG SURILOHV 7KH 3URILOH *HQHUDWRU 3*
  49. 49. XVXDOO JHQHUDWHV DXWKRUL]DWLRQV DQG DXWKRUL]DWLRQ SURILOHV DOWKRXJK DXWKRUL]DWLRQV FDQ DOVR EH PDQXDOO LQVHUWHG LQWR D SURILOH 7KH IROORZLQJ JUDSKLF VKRZV WKH DXWKRUL]DWLRQ FRPSRQHQWV DQG H[SODLQV WKHLU UHODWLRQVKLS Authorizations Made Easy 1–4
  50. 50. Chapter 1: R/3 System Security and the Authorization Concept The Authorization Concept Piwrp‡Ã8yh†† 6ˆ‡u‚…v“h‡v‚ 6ˆ‡u‚…v“h‡v‚ Q…‚svyr V†r… Piwrp‡ ÃAvryq Brr…h‡rqà ÃAvryqÉhyˆr s…‚€ÃQB E‚uÃ@‘h€ƒyr T6Q !# ÃG‚tÇr‘‡ ÃUrpuÃh€r ÃAvryq ÃAvryqÉhyˆr AÃD ÃG‚tÇr‘‡ ÃUrpuÃh€r ÃAvryq ÃAvryqÉhyˆr ÃG‚tÇr‘‡ ÃAvryq Brr…h‡rqà 6€’Ã6’ur…r CÃS ÃUrpuÃh€r ÃAvryqÉhyˆr s…‚€ÃQB T6Q#$% 6$3 $XWKRUL]DWLRQ RQFHSW$XWKRUL]DWLRQ 2EMHFW $V VKRZQ LQ WKH JUDSKLF ´6$3 $XWKRUL]DWLRQ RQFHSWµ DERYH REMHFWV DOORZ FRPSOH[ XVHU DXWKRUL]DWLRQ FKHFNV $Q DXWKRUL]DWLRQ REMHFW ZRUNV DV D WHPSODWH IRU D WREHGHILQHG DXWKRUL]DWLRQ DQG FRQWDLQV D PD[LPXP RI WHQ ILHOGV SHU REMHFW 8VHUV PD RQO FRQGXFW DQ DFWLYLW LI WKH VDWLVI WKH DXWKRUL]DWLRQ FKHFN IRU HDFK ILHOG LQ WKH DXWKRUL]DWLRQ GHILQHG RQ D VSHFLILF DXWKRUL]DWLRQ REMHFW $XWKRUL]DWLRQ REMHFWV DUH JURXSHG LQ DQ REMHFW FODVV VXFK DV )LQDQFLDO $FFRXQWLQJ RU +XPDQ 5HVRXUFHV $XWKRUL]DWLRQ REMHFWV FDQ EH FUHDWHG PDQXDOO E FKRRVLQJ 7RROV → $%$3 :RUNEHQFK → HYHORSPHQW → 2WKHU 7RROV → $XWKRUL]DWLRQ 2EMHFWV → 2EMHFWV %HFDXVH DXWKRUL]DWLRQ REMHFWV DUH FOLHQWLQGHSHQGHQW DQG GHILQHG LQ WKH $%$3 :RUNEHQFK GHYHORSHUV DQG SURJUDPPHUV DUH JHQHUDOO UHVSRQVLEOH IRU FUHDWLQJ QHZ DXWKRUL]DWLRQ REMHFWV KDQJHV DUH QHFHVVDU RQO LI RX ´PRGLIµ RXU VVWHP DQG ZDQW WR LQFOXGH $87+25,7+(. FDOOV RU QHZ DXWKRUL]DWLRQ REMHFWV RX FDQ RQO FKDQJH RU GHOHWH DXWKRUL]DWLRQ REMHFWV DGGHG E RXU FRPSDQ 5 DXWKRUL]DWLRQ REMHFWV PD QRW EH GHOHWHG RU FKDQJHG 7R FKDQJH DQ REMHFW RX PXVW ILUVW GHOHWH DOO DXWKRUL]DWLRQV ZLWK ZKLFK LW LV DVVRFLDWHG $Q $87+25,7+(. LV DQ $%$3 FRPPDQGRelease 4.6A/B 1–5
  51. 51. Chapter 1: R/3 System Security and the Authorization ConceptThe Authorization Concept$XWKRUL]DWLRQ 2EMHFW )LHOGV $XWKRUL]DWLRQ ILHOGV IRU DQ REMHFW FDQ EH FUHDWHG PDQXDOO E FKRRVLQJ 7RROV → $%$3 HYHORSPHQW :RUNEHQFK → HYHORSPHQW → 2WKHU 7RROV → $XWKRUL]DWLRQ 2EMHFWV → )LHOGV 7KH ILHOGV LQ DQ DXWKRUL]DWLRQ REMHFW DUH OLQNHG WR GDWD HOHPHQWV LQ WKH 6$3 $%$3 LFWLRQDU 7KH SHUPLVVLEOH YDOXHV FRQVWLWXWH DQ DXWKRUL]DWLRQ :KHQ DQ DXWKRUL]DWLRQ FKHFN WDNHV SODFH WKH VVWHP FKHFNV WKH YDOXHV RX KDYH VSHFLILHG LQ DQ DXWKRUL]DWLRQ DJDLQVW WKRVH UHTXLUHG WR FDUU RXW WKH DFWLRQ 8VHUV PD RQO FDUU RXW WKH DFWLRQ LI WKH VDWLVI WKH FRQGLWLRQV IRU HYHU ILHOG GHILQHG IRU D VSHFLILF DXWKRUL]DWLRQ REMHFW 8VLQJ WKH DXWKRUL]DWLRQ PDLQWHQDQFH IXQFWLRQV GHILQH DOO DXWKRUL]DWLRQ ILHOGV LQ WKH VVWHP GHYHORSPHQW HQYLURQPHQW KDQJHV DUH QHFHVVDU RQO LI RX ´PRGLIµ RXU VVWHP DQG WKH QHZ VVWHP HOHPHQWV DUH VXEMHFWHG WR DXWKRUL]DWLRQ FKHFNV$XWKRUL]DWLRQV $Q DXWKRUL]DWLRQ DOORZV RX WR FDUU RXW DQ 5 WDVN EDVHG RQ D VHW RI ILHOG YDOXHV LQ DQ DXWKRUL]DWLRQ REMHFW (DFK DXWKRUL]DWLRQ UHIHUV WR H[DFWO RQH DXWKRUL]DWLRQ REMHFW DQG GHILQHV WKH SHUPLWWHG YDOXH UDQJH IRU HDFK DXWKRUL]DWLRQ ILHOG RI WKLV DXWKRUL]DWLRQ REMHFW $XWKRUL]DWLRQV DUH XVHG LQ WKH XVHU PDVWHU UHFRUG DV SURILOHV % WKHPVHOYHV DXWKRUL]DWLRQV GR QRW H[LVW 7KH RQO KDYH PHDQLQJ LQVLGH D SURILOH )LHOG 9DOXH XVWRPHU WSH 86773(
  52. 52. $FWLYLW $797
  53. 53. ([SODQDWLRQ DOO SRVVLEOH YDOXHV GLVSOD $XWKRUL]DWLRQV DUH XVHG WR VSHFLI SHUPLWWHG YDOXHV IRU WKH ILHOGV LQ DQ DXWKRUL]DWLRQ REMHFW 7KHUH PD EH RQH RU PRUH YDOXHV IRU HDFK ILHOG $XWKRUL]DWLRQV DOORZ RX WR GHWHUPLQH WKH QXPEHU RI VSHFLILF YDOXHV RU YDOXH UDQJHV IRU D ILHOG $OO YDOXHV RU HPSW ILHOGV FDQ EH SHUPLVVLEOH YDOXHV KDQJHV DIIHFW DOO XVHUV ZKRVH DXWKRUL]DWLRQ SURILOH FRQWDLQV WKDW DXWKRUL]DWLRQ 7KH 5 DXWKRUL]DWLRQ DGPLQLVWUDWRU FDQ PDLQWDLQ DXWKRUL]DWLRQV DXWRPDWLFDOO XVLQJ WKH 3* RU PDQXDOO 2QFH WKH DXWKRUL]DWLRQ LV DFWLYDWHG FKDQJHV DIIHFW DOO XVHUV ZKLFK FRQWDLQ WKH SURILOH ZLWK WKH DFWLYDWHG DXWKRUL]DWLRQ 2QFH JHQHUDWHG DXWKRUL]DWLRQV DQG SURILOHV FUHDWHG ZLWK WKH 3* DUH DXWRPDWLFDOO DFWLYDWHG ,I RX PDQXDOO FUHDWH DQG PDLQWDLQ DXWKRUL]DWLRQV DQG SURILOHV RX PXVW DOVR PDQXDOO DFWLYDWH WKHP *HQHUDWHG SURILOHV DQG DXWKRUL]DWLRQV FDQQRW EH PDLQWDLQHG PDQXDOO ZLWK WKH FRQYHQWLRQDO PDLQWHQDQFH WUDQVDFWLRQV 68 DQG 68 +RZHYHU ZH GR QRW UHFRPPHQG WKH XVH RI WKHVH WUDQVDFWLRQV IRU SURILOH DQG XVHU DGPLQLVWUDWLRQ DQPRUH RX VKRXOG XVH WKH 3URILOH *HQHUDWRU LQVWHDG Authorizations Made Easy 1–6
  54. 54. Chapter 1: R/3 System Security and the Authorization Concept The Authorization Concept$XWKRUL]DWLRQ 3URILOHV 8VHU DXWKRUL]DWLRQV DUH QRW GLUHFWO DVVLJQHG ZLWK WKH 3* WR WKH XVHU PDVWHU UHFRUGV ,QVWHDG WKHVH DXWKRUL]DWLRQV DUH DVVLJQHG DV DXWKRUL]DWLRQ SURILOHV 7KH DXWKRUL]DWLRQ DGPLQLVWUDWRU FDQ FUHDWH DXWKRUL]DWLRQ SURILOHV PDQXDOO RU DXWRPDWLFDOO KDQJHV DIIHFW DOO XVHUV WR ZKRP WKLV SURILOH LV DVVLJQHG DQG WDNH HIIHFW RQO ZKHQ WKH XVHU ORJV RQ 8VHUV ZKR DUH ORJJHG RQ ZKHQ WKH FKDQJH WDNHV SODFH UHPDLQ XQDIIHFWHG GXULQJ WKHLU FXUUHQW VHVVLRQ EXW ZKHQ WKH ORJ RQ DJDLQ WKHLU SURILOH FKDQJHV DFFRUGLQJO $ XVHU·V DXWKRUL]DWLRQV DUH ORDGHG LQWR WKH XVHU EXIIHU RQO ZKHQ WKH ORJ RQ RX FDQQRW XVH WKH DXWKRUL]DWLRQ SURILOH PDLQWHQDQFH WUDQVDFWLRQ 68 WR PDQXDOO PDQLSXODWH WKH 3*FUHDWHG DXWKRUL]DWLRQ SURILOHV $OWKRXJK WHFKQLFDOO SRVVLEOH QHYHU FUHDWH D SURILOH WKDW FRQWDLQV ERWK PDQXDOO DQG DXWRPDWLFDOO JHQHUDWHG DXWKRUL]DWLRQV RU SURILOHV :H QR ORQJHU UHFRPPHQG WKH XVH RI WUDQVDFWLRQ 68 IRU SURILOH DQG XVHU DGPLQLVWUDWLRQ RX VKRXOG XVH WKH 3URILOH *HQHUDWRU LQVWHDG1DPLQJ RQYHQWLRQ IRU $XWKRUL]DWLRQ 3URILOHV $XWKRUL]DWLRQ SURILOHV EHJLQQLQJ ZLWK D 7 PD FRQWDLQ FULWLFDO 6B86(5
  55. 55. DXWKRUL]DWLRQ REMHFWV $OVR XVH WKH 3* WR H[FOXGH IXUWKHU DXWKRUL]DWLRQ REMHFWV IRU H[DPSOH +5 GDWD
  56. 56. IURP WKH SURILOH 1RWH WKDW ZH DUH WDONLQJ DERXW DXWKRUL]DWLRQ SURILOHV QRW DFWLYLW JURXSV :KHQ RX ILUVW VDYH WKH DXWKRUL]DWLRQ SURILOHV RX DUH SURPSWHG WR HQWHU D SURILOH QDPH 7KH VVWHP SURSRVHV D QDPH IRU WKH SURILOH KRZHYHU RQO WKH ILUVW FKDUDFWHUV WKH SURILOH WRUVR
  57. 57. FDQ EH IUHHO DVVLJQHG 7KH QXPEHU RI SURILOHV JHQHUDWHG GHSHQGV RQ WKH QXPEHU RI DXWKRUL]DWLRQV LQ HDFK DFWLYLW JURXS $ PD[LPXP RI DXWKRUL]DWLRQV ILW LQWR D SURILOH ,I WKHUH DUH PRUH WKDQ DXWKRUL]DWLRQV DQ DGGLWLRQDO SURILOH LV JHQHUDWHG ,W KDV WKH VDPH FKDUDFWHU WRUVR DV WKH SURILOH QDPH DQG WKH ODVW WZR GLJLWV SRVLWLRQV DQG
  58. 58. DUH XVHG DV D FRXQWHU 7R DYRLG FRQIOLFWV EHWZHHQ FXVWRPHUGHILQHG SURILOHV DQG WKRVH SURILOHV VXSSOLHG E 6$3 RX VKRXOG QRW XVH DQ QDPH WKDW KDV DQ XQGHUVFRUH LQ WKH VHFRQG SRVLWLRQ 6$3 SODFHV QR RWKHU UHVWULFWLRQV RQ WKH QDPLQJ RI DXWKRUL]DWLRQ SURILOHV UHIHU WR QRWH
  59. 59. 7KHUHIRUH LI RXU FRPSDQ KDV LWV RZQ QDPLQJ FRQYHQWLRQV RX DUH DOORZHG WR RYHUZULWH WKH SURSRVHG QDPH 7KH QDPHV RI WKH DXWKRUL]DWLRQV DUH DOVR GHULYHG IURP WKH SURILOH WRUVR :KHQ PRUH WKDQ RQH DXWKRUL]DWLRQ LV UHTXLUHG IRU DQ REMHFW WKH ODVW WZR SODFHV DUH XVHG DV D FRXQWHU %DVHG RQ WKH QDPH IRU WKH DXWKRUL]DWLRQ SURILOH WKH WHFKQLFDO QDPHV IRU WKH DXWKRUL]DWLRQV WR EH FUHDWHG VWDUW ZLWK D 7 DQG FRPSULVH WKH LQWHUQDO QXPEHU RI WKH DFWLYLW JURXS DQG WZR HQG GLJLWV LQ WKH UDQJH ² 7 LV D VDPSOH DXWKRUL]DWLRQ QDPH
  60. 60. 8VHU 0DVWHU 5HFRUGV 0DVWHU UHFRUGV HQDEOH WKH XVHU WR ORJ RQ WR WKH 5 6VWHP DQG DOORZ OLPLWHG DFFHVV WR WKH IXQFWLRQV DQG REMHFWV 7KH XVHU DGPLQLVWUDWRU PDLQWDLQV XVHU PDVWHU UHFRUGV E FKRRVLQJ 7RROV → $GPLQLVWUDWLRQ → 8VHU PDLQWHQDQFH → 8VHUVRelease 4.6A/B 1–7
  61. 61. Chapter 1: R/3 System Security and the Authorization ConceptSAP* and DDIC Users$XWKRUL]DWLRQ KHFNV 7R FRQGXFW DQ DXWKRUL]DWLRQ FKHFN WKLV FKHFN PXVW EH LQFOXGHG LQ WKH WUDQVDFWLRQ·V VRXUFH FRGH XULQJ WKH FKHFN WKH VVWHP FRPSDUHV DXWKRUL]DWLRQ SURILOH YDOXHV DVVLJQHG E WKH DXWKRUL]DWLRQ DGPLQLVWUDWRU
  62. 62. WR WKH YDOXHV QHHGHG WR FDUU RXW D SURJUDPVSHFLILHG DFWLRQ $ XVHU PD RQO FDUU RXW WKH DFWLRQ LI WKH DXWKRUL]DWLRQ FKHFN LV VXFFHVVIXO IRU HYHU ILHOG LQ WKH DXWKRUL]DWLRQ REMHFW $XWKRUL]DWLRQ FKHFNV DUH WULJJHUHG E WKH $%$3 $87+25,7+(. VWDWHPHQW 7KH SURJUDPPHU VSHFLILHV DQ DXWKRUL]DWLRQ REMHFW DQG WKH UHTXLUHG YDOXHV IRU HDFK DXWKRUL]DWLRQ ILHOG 7KH $87+25,7+(. WKHQ YHULILHV LI D XVHU KDV DXWKRUL]DWLRQ DQG LI WKLV DXWKRUL]DWLRQ LV IURP WKH XVHU PDVWHU UHFRUG 7KH FKHFN LV VXFFHVVIXO LI DQ DXWKRUL]DWLRQ LV IRXQG WKDW FRQWDLQV WKH YDOXHV VSHFLILHG LQ WKH $87+25,7+(. :KHQ 5 WUDQVDFWLRQV DUH H[HFXWHG VLQFH WKH WUDQVDFWLRQ FDOOV RWKHU ZRUN DUHDV LQ WKH EDFNJURXQG PDQ DXWKRUL]DWLRQ REMHFWV DUH RIWHQ FKHFNHG )RU WKHVH FKHFNV WR EH VXFFHVVIXO WKH XVHU PXVW KDYH WKH DSSURSULDWH DXWKRUL]DWLRQV $XWKRUL]DWLRQ FKHFNV FDQ EH GLVDEOHG E VHWWLQJ FKHFN LQGLFDWRUV LQ WUDQVDFWLRQ 68 RU E VZLWFKLQJ RII REMHFWV JOREDOO$FWLYDWLQJ DQG HDFWLYDWLQJ $XWKRUL]DWLRQ KHFNV LQ 7UDQVDFWLRQV ,W LV SRVVLEOH WKDW XVHUV UHFHLYH PRUH DXWKRUL]DWLRQV WKDQ QHFHVVDU OHDGLQJ WR DQ LQFUHDVHG PDLQWHQDQFH ORDG $XWKRUL]DWLRQ FKHFNV DUH FRQGXFWHG ZKHUHYHU WKH DUH ZULWWHQ LQWR D WUDQVDFWLRQ·V VRXUFH FRGH 2QO E XVLQJ WKH 3* FDQ FKHFN LQGLFDWRUV EH VHW WR H[FOXGH HUWDLQ DXWKRUL]DWLRQ REMHFWV IURP DXWKRULW FKHFNV 6SHFLILF DXWKRUL]DWLRQ FKHFNV LQ VSHFLILF WUDQVDFWLRQV $Q DXWKRUL]DWLRQ REMHFW IURP EHLQJ FKHFNHG $OO RI WKHVH DGMXVWPHQWV DUH SRVVLEOH ZLWKRXW DOWHULQJ WKH SURJUDP FRGH 3ULRU WR DXWRPDWLFDOO JHQHUDWLQJ WKH DXWKRUL]DWLRQ SURILOH XVH WKH FKHFN LQGLFDWRUV WR FRQWURO ZKLFK REMHFWV DSSHDU LQ WKH 3* DQG ZKLFK ILHOG YDOXHV DUH GLVSODHG 6$3 GHOLYHUV D GHIDXOW FKHFN LQGLFDWRU VHWWLQJ ZLWK 5 )RU PRUH LQIRUPDWLRQ UHIHU WR FKDSWHU 7LSV DQG 7URXEOHVKRRWLQJ WKH VHFWLRQ 5HGXFLQJ WKH 6FRSH RI $XWKRUL]DWLRQ KHFNV6$3 DQG , 8VHUV XULQJ RXU 5 LQVWDOODWLRQ FOLHQWV DQG DUH FUHDWHG ,Q FOLHQWV DQG WZR VSHFLDO XVHUV DUH GHILQHG EXW QR VSHFLDO XVHU LV FUHDWHG LQ FOLHQW 6LQFH WKHVH XVHUV KDYH VWDQGDUG QDPHV DQG SDVVZRUGV RX QHHG WR VHFXUH WKHVH XVHUV IURP XQDXWKRUL]HG XVDJH WKH (DUO:DWFK DQG 3, XVHUV DUH QRW FRYHUHG LQ WKLV ERRN
  63. 63. 7KH WZR VSHFLDO 5 XVHUV DUH 6$3 HILQHG DV WKH VWDQGDUG 5 VXSHUXVHU 6$3 GRHV QRW UHTXLUH D XVHU PDVWHU UHFRUG 5DWKHU LW Authorizations Made Easy 1–8
  64. 64. Chapter 1: R/3 System Security and the Authorization Concept What Is the Profile Generator? Π,V GHILQHG LQ WKH VVWHP FRGH Π+DV D GHIDXOW SDVVZRUG PASS
  65. 65. Œ +DV XQOLPLWHG VVWHP DFFHVV DXWKRUL]DWLRQV :KHQ RX LQVWDOO 5 D XVHU PDVWHU UHFRUG LV GHILQHG LQ FOLHQWV DQG ZLWK WKH LQLWLDO SDVVZRUG 06071992 6$3 XVHU PDVWHU UHFRUG GHDFWLYDWHV 6$3ªV VSHFLDO SURSHUWLHV 7R SUHYHQW 6$3 PLVXVH FKDQJH WKH SDVVZRUG :H UHFRPPHQG KRZHYHU WKDW RX GHDFWLYDWH 6$3 DQG GHILQH RXU RZQ VXSHUXVHU , 7KLV XVHU LV WKH PDLQWHQDQFH XVHU IRU WKH $%$3 LFWLRQDU DQG VRIWZDUH ORJLVWLFV 7KH XVHU PDVWHU UHFRUG IRU , LV DXWRPDWLFDOO FUHDWHG LQ FOLHQWV DQG DQG KDV WKH GHIDXOW SDVVZRUG 19920706 6VWHP FRGH WHVWLQJ DOORZV , VSHFLDO SULYLOHJHV IRU FHUWDLQ RSHUDWLRQV )RU H[DPSOH , LV WKH RQO XVHU WKDW FDQ ORJ RQ GXULQJ DQ XSJUDGH 7R SUHYHQW , PLVXVH FKDQJH WKH SDVVZRUG 8VH UHSRUW 56865 WR FKHFN ZKHWKHU WKH VWDQGDUG 6$3 DQG , SDVVZRUGV KDYH EHHQ FKDQJHG 7KLV UHSRUW LV UHVWULFWHG WR XVHUV ZKR EHORQJ WR WKH XVHU JURXS 683(5 ZLWK DFWLYLW DQG FOLHQW DGPLQLVWUDWLRQ:KDW ,V WKH 3URILOH *HQHUDWRU 6$3·V 3URILOH *HQHUDWRU 3*
  66. 66. KHOSV WKH DXWKRUL]DWLRQ DGPLQLVWUDWRU FUHDWH JHQHUDWH DQG DVVLJQ DXWKRUL]DWLRQ SURILOHV )LUVW UHOHDVHG ZLWK * WKH 3* DFFHOHUDWHV 5 LPSOHPHQWDWLRQ E VLPSOLILQJ WKH WDVN RI VHWWLQJ XS WKH DXWKRUL]DWLRQ HQYLURQPHQW 7KH DGPLQLVWUDWRU RQO QHHGV WR FRQILJXUH WKH FXVWRPHUVSHFLILF VHWWLQJV WKH 3* PDQDJHV RWKHU WDVNV VXFK DV VHOHFWLQJ WKH UHOHYDQW DXWKRUL]DWLRQ REMHFWV IRU FRQVLGHUDWLRQ 7KH 3* LV IXOO LQWHJUDWHG ZLWK 5 DQG LV DYDLODEOH RQ DOO 5VXSSRUWHG SODWIRUPV 7KH 3* UHSUHVHQWV HW DQRWKHU LPSURYHPHQW RI 6$3·V WRROEDVHG VXSSRUW DQG D UHGXFWLRQ LQ 5 LPSOHPHQWDWLRQ WLPH 7KH 3* LV DQ DSSURDFK WR GHILQLQJ WKH DXWKRUL]DWLRQ HQYLURQPHQW 7KH DGPLQLVWUDWRU QR ORQJHU XVHV WKH DXWKRUL]DWLRQ REMHFWV WR GHILQH WKH DXWKRUL]DWLRQV IRU YDULRXV XVHU JURXSV LQVWHDG DXWKRUL]DWLRQ SURILOHV DUH EXLOW DURXQG WKH IXQFWLRQV WR EH SHUIRUPHG LQ 5 %DVHG RQ WKH IXQFWLRQV VHOHFWHG WKH 3* SLFNV WKH UHOHYDQW DXWKRUL]DWLRQ REMHFWV DQG JURXSV WKHP LQ D QHZ DXWKRUL]DWLRQ SURILOH 8VLQJ IXQFWLRQV WR GHILQH DXWKRUL]DWLRQ SURILOHV 6SHHGV XS WKH SURFHVV HILQHV DXWKRUL]DWLRQ SURILOHV 6LPSOLILHV DGPLQLVWUDWRUXVHU FRPPXQLFDWLRQ DOORZLQJ ERWK WKH DGPLQLVWUDWRU DQG XVHUV WR XVH WKH VDPH 5 IXQFWLRQ WHUPLQRORJ 7R XVH WKH 3* RX ILUVW KDYH WR VHW LW XS 7KH RQH WLPH VHW XS LQYROYHV WKH IROORZLQJ VWHSV KHFN LI WKH 6$3 5 6VWHP SDUDPHWHU LV VHW FRUUHFWO WR DFWLYHRelease 4.6A/B 1–9
  67. 67. Chapter 1: R/3 System Security and the Authorization ConceptWhat Is the Profile Generator? 8VH 68 WR LQLWLDOL]H WKH WDEOHV 862%7B DQG 862%;B DQG WKHQ FXVWRPL]H WKHP LI GHVLUHG
  68. 68. )RU GHWDLOHG LQIRUPDWLRQ SOHDVH UHDG FKDSWHU 6HWWLQJ 8S WKH 3URILOH *HQHUDWRU 2QFH WKH 3* LV VHW XS RX FDQ ZRUN ZLWK LW %HIRUH ZRUNLQJ ZLWK ZLWK WKH 3* LW LV XVHIXO WR XQGHUVWDQG LWV FRPSRQHQWVRPSRQHQWV RI WKH 3URILOH *HQHUDWRU 7KH 3* KDV WKH IROORZLQJ FRPSRQHQWV $FWLYLW *URXSV $Q DFWLYLW JURXS LV D FROOHFWLRQ RI 5 WUDQVDFWLRQV DXWKRUL]DWLRQV DQG DGGLWLRQDO REMHFWV RX FDQ DVVLJQ DQ DFWLYLW JURXS WR DV PDQ XVHUV DV RX ZDQW RX FDQ FUHDWH GLVSOD FKDQJH FRS DQG WUDQVSRUW DFWLYLW JURXSV RPSRVLWH $FWLYLW *URXSV RPSRVLWH DFWLYLW JURXSV DUH PDGH XS RI D FROOHFWLRQ RI DFWLYLW JURXSV 7KH XVHUV DVVLJQHG WR D FRPSRVLWH DFWLYLW JURXS DUH DXWRPDWLFDOO DGGHG WR WKH DFWLYLW JURXSV GXULQJ D FRPSDULVRQ RPSRVLWH DFWLYLW JURXSV WKHPVHOYHV GR QRW FRQWDLQ DQ DXWKRUL]DWLRQ GDWD ,QVWHDG RI KDYLQJ WR DVVLJQ HDFK XVHU WR HDFK DFWLYLW JURXS RX FDQ VHW XS D FRPSRVLWH DFWLYLW JURXS DQG WKHQ DVVLJQ WKH XVHUV WR WKLV JURXS HULYHG $FWLYLW *URXSV RX FDQ XVH DQ H[LVWLQJ DFWLYLW JURXS DV D UHIHUHQFH ZKHQ FUHDWLQJ D QHZ RQH 7KH VVWHP WUDQVIHUV WKH WUDQVDFWLRQV LQ RQH DFWLYLW JURXS WR D QHZ DFWLYLW JURXS³RQH WKDW UHPDLQV GHSHQGHQW RQ WKH ILUVW RX FDQ GLVSOD WKH KLHUDUFK RI WKH DFWLYLW JURXSV WKDW LQKHULW WUDQVDFWLRQV IURP HDFK RWKHU E FKRRVLQJ $FWLYLW JURXS → :KHUHXVHG OLVW :LWK DQ DFWLYLW JURXS GHULYHG IURP D GLIIHUHQW DFWLYLW JURXS RX FDQQRW HQWHU WUDQVDFWLRQV GLUHFWO RX FDQQRW UHVHW WKH GHILQLWLRQ RI WKH LQLWLDO DFWLYLW JURXS IURP ZKLFK WKH GHULYHG DFWLYLW JURXS LQKHULWHG LWV WUDQVDFWLRQV 3DVVLQJ RQ WUDQVDFWLRQV RQO UHIHUV WR WKH PHQX VHOHFWLRQ DQG QRW WR WKH DXWKRUL]DWLRQV RX PXVW PDLQWDLQ DXWKRUL]DWLRQV VHSDUDWHO LQ HDFK DFWLYLW JURXS WKHVH DUH QRW SDVVHG RQ ,W LV DOVR SRVVLEOH WR WUDQVIHU WKH DXWKRUL]DWLRQ GDWD RI WKH SUHYLRXV DFWLYLW JURXS WR WKH GHULYHG DFWLYLW JURXS DV D FRS 8VHU $VVLJQPHQW 8VHUV FDQ EH DVVLJQHG WR VLQJOH DFWLYLW JURXSV RU WR FRPSRVLWH DFWLYLW JURXSV ZKLFK PRVWO UHSUHVHQW MRE UROHV 8VHUV WKDW RX DVVLJQ WR DQ DFWLYLW JURXS PD H[HFXWH WKH WUDQVDFWLRQV UHSRUWV RU DQ RWKHU WDVN LQ WKH DFWLYLW JURXS ZLWK WKH FRUUHVSRQGLQJ DXWKRUL]DWLRQV*HQHUDWLQJ WKH 3URILOHV 7KH DGPLQLVWUDWRU FKRRVHV WKH VSHFLILF PHQX SDWKV DQG IXQFWLRQV IRU HDFK XVHU JURXS 7KLV VHOHFWLRQ GHWHUPLQHV WKH 5 DFWLYLWLHV WKDW XVHUV LQ HDFK XVHU JURXS DUH DXWKRUL]HG WR SHUIRUP 8VLQJ WKH VHOHFWHG WUDQVDFWLRQ FRGHV WKH 3* GHWHUPLQHV WKH DIIHFWHG DXWKRUL]DWLRQ REMHFWV 7R VLPSOLI WKH FUHDWLRQ RI VXEVHTXHQW LQGLYLGXDO DXWKRUL]DWLRQ SURILOHV 5 FRQWDLQV Authorizations Made Easy 1–10
  69. 69. Chapter 1: R/3 System Security and the Authorization Concept What Is the Profile Generator? GHIDXOW YDOXHV IRU PDQ DXWKRUL]DWLRQ ILHOGV LQ VSHFLILF DXWKRUL]DWLRQ REMHFWV )RU H[DPSOH RQH SRVVLEOH DFFHVV UHVWULFWLRQ PLJKW EH WKH GHIDXOW YDOXH LVSOD OLPLWLQJ WKH XVHU WR GLVSOD PRGH RQ FHUWDLQ WUDQVDFWLRQV $GGLWLRQDOO WKH 3* LGHQWLILHV WKH RUJDQL]DWLRQDO OHYHOV WKDW SOD D UROH LQ WKH H[WUDFWHG DXWKRUL]DWLRQ REMHFWV DQG FOHDUO GLVSODV WKHVH OHYHOV IRU WKH DGPLQLVWUDWRU 7KH DXWKRUL]DWLRQ DGPLQLVWUDWRU PD KDYH WR LQWHUYHQH DQG PDQXDOO GHILQH WKH OHYHOV WR ZKLFK WKH XVHUV QHHG DFFHVV IRU H[DPSOH WKH FRPSDQ FRGH
  70. 70. 7KH 3* WKHQ SODFHV WKH VSHFLILHG OHYHOV LQ WKH DXWKRUL]DWLRQ REMHFWV $W WKLV SRLQW D ORW RI DXWKRUL]DWLRQ REMHFW ILHOGV IRU WKH QHZ DXWKRUL]DWLRQ SURILOH KDYH EHHQ ILOOHG KRZHYHU WKHUH DUH VWLOO ILHOGV WKDW QHHG WR EH PDLQWDLQHG 7KH DXWKRUL]DWLRQ REMHFWV DUH GLVSODHG KLHUDUFKLFDOO LQ D VSHFLDO PDLQWHQDQFH WUDQVDFWLRQ 7KH DGPLQLVWUDWRU PD DGMXVW WKH UHPDLQLQJ YDOXHV VXFK DV PDWHULDO WSH RUGHU WSH HWF :LWKLQ WKLV PDLQWHQDQFH WUDQVDFWLRQ WKH DGPLQLVWUDWRU FDQ HDVLO QDYLJDWH IURP WKH RYHUYLHZ VFUHHQ WR WKH ORZHVW GLVSOD OHYHO WKH DXWKRUL]DWLRQV DQG WKHLU ILHOGV

×