SlideShare a Scribd company logo

SAP MM Authorization Matrix and User roles.pdf

A
AmanKumarSaksena

SAP MM roles and authorization Matrix by Aman Saksena

Education
1 of 17
Download to read offline
SAP MM Authorization Matrix and User roles in SAP SAP MM BY AMAN SAKSENA aman.kr.saksena@gmail.com +91-8375994808
Overview of SAP Roles • Authorizations are especially useful when controlling access at the application level. They are responsible for controlling the various functions that a user can execute. • User's can also be authorized to view, change, enter, and delete data. While the underlying concept of the authorizing principle may seem trivial, there are numerous challenges that come into play during authorization implementations. • Security compliances, enterprise restrictions, and high costs often times deter organizations from implementing best practices in their security architecture. However, at the end of the day, the importance of a secure access control framework cannot be stressed enough. • Roles and authorizations are what enable users to execute transactions in SAP in a secure manner. (Error in SU53 T-Code) aman.kr.saksena@gmail.com +91-8375994808
P2P Cycle Involves Variety of users 01 02 03 04 Supervisor Accountant Maintenance In-charge Head of the department aman.kr.saksena@gmail.com +91-8375994808
Need of Roles and Authorization • Functional Consultants have a lot of questions in mind regarding this concept and one of the main questions here is why should Functional Consultants worry about Roles and Authorization when it is a job of BASIS team. • Roles and Authorizations allow the users to access SAP Standard as well as custom Transactions in a secure way. SAP provides certain set of generic Standard roles for different modules and different scenarios. aman.kr.saksena@gmail.com +91-8375994808
Need of Roles and Authorization • BASIS team have a know how about the User Management(SU01/SU10), Roles Creation, Profile Creation, Roles and Profile assignment(SAP ID), Authorization assignments etc. but main concern in most of the cases arises when the below questions are unanswered by BASIS team:- 1. Whom to Assign the Roles or transactions 2. What to Restrict in a transaction and for whom 3. How to authorize Custom transactions • Hence, it becomes the role of a Functional Consultant to guide them with the exact process flow and exact organizational chart. aman.kr.saksena@gmail.com +91-8375994808
Roles Org. Chart aman.kr.saksena@gmail.com +91-8375994808
Authorization Matrix based on roles aman.kr.saksena@gmail.com +91-8375994808
Authorization Matrix role mapping with App IDs aman.kr.saksena@gmail.com +91-8375994808
Roles • Single roles can be derived from their respective organizational values into derived roles. From a technical viewpoint, derived roles are also single roles that have inherited authorization characteristics from a separate "master" role. 1. Single Roles - Single roles are derivable from their respective organizational values. Usually when single roles are discussed amongst professionals, the primary reference point is given to a job or position based role design. When this is the case, all required authorizations for a user's job/position are contained in the single role. However, there are examples where many single role designs lack some or even all of a user's required authorizations. This is typically the case when a basic authorization role that includes transactions and authorizations that are uniform for all users. Similarly, there will be users who will possess extra privileges in their authorization permissions. 2. Derived Roles - There are a number of differences between single and derived roles. For starters, derived roles are composed of a "master" role and additional "child" roles that are each unique from the "master" and each other only in their organizational values. This approach does come with a number of limitations however. For example, if a user attempts to promote non-organizational fields to organizational fields, the user must ensure that the values be the same within one role. To put it simply, it's not advisable to use different non-organizational fields in tandem with derived roles since the values across all the child roles will be the same as the "master" role. As a result, all objects will be effected. 3. Composite Roles - The most versatile role type in SAP is the composite role. Composite roles are a collection of single roles that are capable of being grouped into a common composite role menu. The versatility results in users being able to indirectly assign multiple single roles to a user by assigning only the specific composite role that contains the single roles. Composite roles are heavily leveraged by SAP customers because they drastically reduce the single roles count that are directly assigned to users. In a nutshell, a composite role can really be thought of as a package of single roles that can guide a task-level single role. aman.kr.saksena@gmail.com +91-8375994808
How To Define a role • The reason to define user specific activity is to simplify the management of Roles. • We can also define user defined roles based on the Project scenario keeping below concept in mind:- • There are basically three types of Roles:- 1. Master Roles – With Transactions, Authorization Objects and with all organizational level management. 2. Derived Roles –With organizational level management and Transactions and Authorization Object copied from Master Role. 3. Composite Roles – With restrictions based on Org. structure or function. aman.kr.saksena@gmail.com +91-8375994808
Path of Role Authorization (BASIS Team) • You can copy and adjust these default roles in Customizing under:- • SPRO->SAP NetWeaver->Application Server->System Administration - >Users and Authorizations->Maintain Authorizations and Profiles using Profile Generator->Maintain Roles (T-Code : PFCG). aman.kr.saksena@gmail.com +91-8375994808
What are the components of a role? • Transaction Codes • Profile • Authorization Objects • Organization level 2 1 3 4 aman.kr.saksena@gmail.com +91-8375994808
Components of Role • Profile: Profiles are the objects that actually store the authorization data and Roles are the Container that contains the profile authorization data. • Authorization Objects: Objects that define the relation between different fields and also helps in restricting/ allowing the values of that particular field (For ex: Authorization of LGORT S.loc. in BETA Plant) • Authorization objects are actually defined in programs that are executed for any particular transactions. We can also create custom authorization objects for any particular transaction (generally custom transaction). aman.kr.saksena@gmail.com +91-8375994808
Components of Role • Organization level: This defines actually the organizational elements in SAP for ex: Company Code, Plant, Planning Plant, Purchase organization, Sales organization, Work Centres, etc. aman.kr.saksena@gmail.com +91-8375994808
Roles and Authorization Concept for Inventory Management SAP_SR_BUYER_5; is mainly purchasing-related roles but they contain MM-IM related data, such as a goods movement worklist.
Roles and Authorization Concept for Inventory Management aman.kr.saksena@gmail.com +91-8375994808
SAP MM Roles and auth. matrix Thank you SAP MM BY AMAN SAKSENA aman.kr.saksena@gmail.com +91-8375994808

Recommended

2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst WaltherCardinaleWay Mazda
 
priyanka salesforce
priyanka salesforcepriyanka salesforce
priyanka salesforcepriyanka wasankar
 
Interview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRMInterview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRMKumari Warsha Goel
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsWhitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsHappiest Minds Technologies
 
Continuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-EnvironmentsContinuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-Environmentshappiestmindstech
 
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptxTop 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptxAnanthReddy38
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Securitymitul jain
 

Recommended

2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst WaltherCardinaleWay Mazda
 
priyanka salesforce
priyanka salesforcepriyanka salesforce
priyanka salesforcepriyanka wasankar
 
Interview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRMInterview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRMKumari Warsha Goel
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsWhitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsHappiest Minds Technologies
 
Continuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-EnvironmentsContinuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-Environmentshappiestmindstech
 
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptxTop 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptxAnanthReddy38
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Securitymitul jain
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administrationAnil Kumar Reddy Cheppalli
 
shravan
shravanshravan
shravanshravan kumar
 
Resume
ResumeResume
ResumeProsun Chakraborty
 
SAP-Security-Madhu
SAP-Security-MadhuSAP-Security-Madhu
SAP-Security-MadhuMadhu Sharma
 
User stories in agile software development
User stories in agile software developmentUser stories in agile software development
User stories in agile software developmentSandra Svanidzaitė, PhD, CBAP
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...akquinet enterprise solutions GmbH
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
More
MoreMore
MoreAlex Badalic
 
Authorisations in SAP: best practices
Authorisations in SAP: best practicesAuthorisations in SAP: best practices
Authorisations in SAP: best practicesJonathan Eemans
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap securityyektek
 
Keeping it Simple with Permission Sets
Keeping it Simple with Permission SetsKeeping it Simple with Permission Sets
Keeping it Simple with Permission SetsConfigero
 
Open iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-aOpen iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-aBibhuti Kr Jha +91-9810016292
 
Automation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfAutomation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfCristina Vidu
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answersNancy Nelida
 
pavan new
pavan newpavan new
pavan newpavan kumar
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleSalesforce Developers
 
Subhrajyoti Nath_CV
Subhrajyoti Nath_CVSubhrajyoti Nath_CV
Subhrajyoti Nath_CVSubhrajyoti N
 
prasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDCprasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDCKotapati Prasad
 
M365 admin center overview - November 2018
M365 admin center overview - November 2018M365 admin center overview - November 2018
M365 admin center overview - November 2018Matthew Ruderman
 
Robert_Salesforce_Developer
Robert_Salesforce_DeveloperRobert_Salesforce_Developer
Robert_Salesforce_DeveloperRobert S
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 

More Related Content

Similar to SAP MM Authorization Matrix and User roles.pdf

SAP-Security-Madhu
SAP-Security-MadhuSAP-Security-Madhu
SAP-Security-MadhuMadhu Sharma
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...akquinet enterprise solutions GmbH
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
Authorisations in SAP: best practices
Authorisations in SAP: best practicesAuthorisations in SAP: best practices
Authorisations in SAP: best practicesJonathan Eemans
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap securityyektek
 
Keeping it Simple with Permission Sets
Keeping it Simple with Permission SetsKeeping it Simple with Permission Sets
Keeping it Simple with Permission SetsConfigero
 
Automation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfAutomation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfCristina Vidu
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answersNancy Nelida
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleSalesforce Developers
 
prasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDCprasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDCKotapati Prasad
 
M365 admin center overview - November 2018
M365 admin center overview - November 2018M365 admin center overview - November 2018
M365 admin center overview - November 2018Matthew Ruderman
 
Robert_Salesforce_Developer
Robert_Salesforce_DeveloperRobert_Salesforce_Developer
Robert_Salesforce_DeveloperRobert S
 

Similar to SAP MM Authorization Matrix and User roles.pdf (20)

Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
 
shravan
shravanshravan
shravan
 
Resume
ResumeResume
Resume
 
SAP-Security-Madhu
SAP-Security-MadhuSAP-Security-Madhu
SAP-Security-Madhu
 
User stories in agile software development
User stories in agile software developmentUser stories in agile software development
User stories in agile software development
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
 
More
MoreMore
More
 
Authorisations in SAP: best practices
Authorisations in SAP: best practicesAuthorisations in SAP: best practices
Authorisations in SAP: best practices
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
 
Keeping it Simple with Permission Sets
Keeping it Simple with Permission SetsKeeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
 
Open iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-aOpen iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-a
 
Automation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfAutomation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdf
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answers
 
pavan new
pavan newpavan new
pavan new
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
 
Subhrajyoti Nath_CV
Subhrajyoti Nath_CVSubhrajyoti Nath_CV
Subhrajyoti Nath_CV
 
prasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDCprasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDC
 
M365 admin center overview - November 2018
M365 admin center overview - November 2018M365 admin center overview - November 2018
M365 admin center overview - November 2018
 
Robert_Salesforce_Developer
Robert_Salesforce_DeveloperRobert_Salesforce_Developer
Robert_Salesforce_Developer
 

Recently uploaded

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 

Recently uploaded (20)

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 

SAP MM Authorization Matrix and User roles.pdf

  • 1. SAP MM Authorization Matrix and User roles in SAP SAP MM BY AMAN SAKSENA aman.kr.saksena@gmail.com +91-8375994808
  • 2. Overview of SAP Roles • Authorizations are especially useful when controlling access at the application level. They are responsible for controlling the various functions that a user can execute. • User's can also be authorized to view, change, enter, and delete data. While the underlying concept of the authorizing principle may seem trivial, there are numerous challenges that come into play during authorization implementations. • Security compliances, enterprise restrictions, and high costs often times deter organizations from implementing best practices in their security architecture. However, at the end of the day, the importance of a secure access control framework cannot be stressed enough. • Roles and authorizations are what enable users to execute transactions in SAP in a secure manner. (Error in SU53 T-Code) aman.kr.saksena@gmail.com +91-8375994808
  • 3. P2P Cycle Involves Variety of users 01 02 03 04 Supervisor Accountant Maintenance In-charge Head of the department aman.kr.saksena@gmail.com +91-8375994808
  • 4. Need of Roles and Authorization • Functional Consultants have a lot of questions in mind regarding this concept and one of the main questions here is why should Functional Consultants worry about Roles and Authorization when it is a job of BASIS team. • Roles and Authorizations allow the users to access SAP Standard as well as custom Transactions in a secure way. SAP provides certain set of generic Standard roles for different modules and different scenarios. aman.kr.saksena@gmail.com +91-8375994808
  • 5. Need of Roles and Authorization • BASIS team have a know how about the User Management(SU01/SU10), Roles Creation, Profile Creation, Roles and Profile assignment(SAP ID), Authorization assignments etc. but main concern in most of the cases arises when the below questions are unanswered by BASIS team:- 1. Whom to Assign the Roles or transactions 2. What to Restrict in a transaction and for whom 3. How to authorize Custom transactions • Hence, it becomes the role of a Functional Consultant to guide them with the exact process flow and exact organizational chart. aman.kr.saksena@gmail.com +91-8375994808
  • 7. Authorization Matrix based on roles aman.kr.saksena@gmail.com +91-8375994808
  • 8. Authorization Matrix role mapping with App IDs aman.kr.saksena@gmail.com +91-8375994808
  • 9. Roles • Single roles can be derived from their respective organizational values into derived roles. From a technical viewpoint, derived roles are also single roles that have inherited authorization characteristics from a separate "master" role. 1. Single Roles - Single roles are derivable from their respective organizational values. Usually when single roles are discussed amongst professionals, the primary reference point is given to a job or position based role design. When this is the case, all required authorizations for a user's job/position are contained in the single role. However, there are examples where many single role designs lack some or even all of a user's required authorizations. This is typically the case when a basic authorization role that includes transactions and authorizations that are uniform for all users. Similarly, there will be users who will possess extra privileges in their authorization permissions. 2. Derived Roles - There are a number of differences between single and derived roles. For starters, derived roles are composed of a "master" role and additional "child" roles that are each unique from the "master" and each other only in their organizational values. This approach does come with a number of limitations however. For example, if a user attempts to promote non-organizational fields to organizational fields, the user must ensure that the values be the same within one role. To put it simply, it's not advisable to use different non-organizational fields in tandem with derived roles since the values across all the child roles will be the same as the "master" role. As a result, all objects will be effected. 3. Composite Roles - The most versatile role type in SAP is the composite role. Composite roles are a collection of single roles that are capable of being grouped into a common composite role menu. The versatility results in users being able to indirectly assign multiple single roles to a user by assigning only the specific composite role that contains the single roles. Composite roles are heavily leveraged by SAP customers because they drastically reduce the single roles count that are directly assigned to users. In a nutshell, a composite role can really be thought of as a package of single roles that can guide a task-level single role. aman.kr.saksena@gmail.com +91-8375994808
  • 10. How To Define a role • The reason to define user specific activity is to simplify the management of Roles. • We can also define user defined roles based on the Project scenario keeping below concept in mind:- • There are basically three types of Roles:- 1. Master Roles – With Transactions, Authorization Objects and with all organizational level management. 2. Derived Roles –With organizational level management and Transactions and Authorization Object copied from Master Role. 3. Composite Roles – With restrictions based on Org. structure or function. aman.kr.saksena@gmail.com +91-8375994808
  • 11. Path of Role Authorization (BASIS Team) • You can copy and adjust these default roles in Customizing under:- • SPRO->SAP NetWeaver->Application Server->System Administration - >Users and Authorizations->Maintain Authorizations and Profiles using Profile Generator->Maintain Roles (T-Code : PFCG). aman.kr.saksena@gmail.com +91-8375994808
  • 12. What are the components of a role? • Transaction Codes • Profile • Authorization Objects • Organization level 2 1 3 4 aman.kr.saksena@gmail.com +91-8375994808
  • 13. Components of Role • Profile: Profiles are the objects that actually store the authorization data and Roles are the Container that contains the profile authorization data. • Authorization Objects: Objects that define the relation between different fields and also helps in restricting/ allowing the values of that particular field (For ex: Authorization of LGORT S.loc. in BETA Plant) • Authorization objects are actually defined in programs that are executed for any particular transactions. We can also create custom authorization objects for any particular transaction (generally custom transaction). aman.kr.saksena@gmail.com +91-8375994808
  • 14. Components of Role • Organization level: This defines actually the organizational elements in SAP for ex: Company Code, Plant, Planning Plant, Purchase organization, Sales organization, Work Centres, etc. aman.kr.saksena@gmail.com +91-8375994808
  • 15. Roles and Authorization Concept for Inventory Management SAP_SR_BUYER_5; is mainly purchasing-related roles but they contain MM-IM related data, such as a goods movement worklist.
  • 16. Roles and Authorization Concept for Inventory Management aman.kr.saksena@gmail.com +91-8375994808
  • 17. SAP MM Roles and auth. matrix Thank you SAP MM BY AMAN SAKSENA aman.kr.saksena@gmail.com +91-8375994808