Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sap user and authorization management

10,984 views

Published on

Preview Original paying document published on :

http://expertplug.com/materials/training/sap-user-and-authorization-management

You can find many more SAP training material on www.ExpertPlug.com.
(you can download the preview there)
ExpertPlug is an SAP marketplace for training materials and an online community of experts. We offer a simple way for the global SAP workforce, consulting companies and industry to market their skills and find quality information.
As an SAP Expert, you can also market your SAP skills and make extra cash by publishing SAP documents on www.ExpertPlug.com.

  • Thank you sir,I recently came across your blog and have been reading along. nice explanationWe are providing online training on & for more info sap sd online training
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Sap user and authorization management

  1. 1. SAP User and Authorization Management SAP BC Training document 1
  2. 2. DISCLAIMER“This publication contains references to the products of SAP AG. SAP, R/3, SAP NetWeaver, Duet,PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products andservices mentioned herein as well as their respective logos are trademarks or registered trademarks ofSAP AG in Germany and other countries.Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, CrystalDecisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentionedherein as well as their respective logos are trademarks or registered trademarks of Business ObjectsSoftware Ltd. Business Objects is an SAP company.Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase productsand services mentioned herein as well as their respective logos are trademarks or registeredtrademarks of Sybase, Inc. Sybase is an SAP company.SAP AG is neither the author nor the publisher of this publication and is not responsible for its content.SAP Group shall not be liable for errors or omissions with respect to the materials. The only warrantiesfor SAP Group products and services are those that are set forth in the express warranty statementsaccompanying such product and services, if any. Nothing herein should be construed as constitutingan additional warranty”.SAP®, SAP® R/2®, SAP® R/3®, mySAP.com®, SAP® R/3® Enterprise, SAP NetWeaver®, ABAP™,SAP® Business Suite, SAP® Customer Relationship Management (SAP CRM), SAP® ERP, SAP®Product Lifecycle Management (SAP PLM), SAP® Supplier Relationship Management (SAP SRM),SAP® Supply Chain Management (SAP SCM), SAP NetWeaver® Business Intelligence (SAPNetWeaver BI), SAP® Business Information Warehouse (SAP BW), SAP NetWeaver® Portal, SAPNetWeaver® Exchange Infrastructure (SAP NetWeaver XI), SAP® Solution Manager, SAPNetWeaver® Visual Composer, SAP NetWeaver® Developer Studio are the trademark(s) orregistered trademark(s) of SAP AG in Germany and in several other countries. 2
  3. 3. Table of contentDISCLAIMER ............................................................................................................................................. 2I- Transaction used : ........................................................................................................................... 4II- Summary / Overview : ..................................................................................................................... 4III- Requirements / prerequisites: .................................................................................................... 5IV- Course materials:......................................................................................................................... 5 1) SAP User creation: ....................................................................................................................... 6 2) SAP roles and authorization management: ........................................................................ 11 3) Locking SAP user account: ................................................................................................... 18 4) Inactivating SAP user accounts:........................................................................................... 20V- Conclusion: .................................................................................................................................... 22 3
  4. 4. I- Transaction used : SAP Transaction code Transaction descriptionSU01 User maintenanceSU10 Mass user maintenancePFCG Role maintenance II- Summary / Overview :The purpose of this document is to show the process related to SAP User and Authorizationmanagement.SAP User Management includes the following sub process: - SAP User creation - SAP User modification - SAP User locking and unlocking activities - SAP User inactivationSAP Authorization management includes the following sub process: - SAP role creation - SAP role modification - SAP role removal 4
  5. 5. III- Requirements / prerequisites:In order to follow this procedure, it is required to have an extended SAP user access profile(like SAP_ALL for example) allowing to perform SAP User management activities as well asSAP Authorization management activities. In particular, it is required to have a full access onSU01 transaction, SU10 and PFCG.If you cannot have the SAP_ALL profile assigned, the detailed requirement for creating andediting user master records are the following: - Authorization to create or edit a user master record and to assign it to a user group (object S_USER_GRP). - Authorization for the authorization profiles you assign to users (object S_USER_PRO) - Authorization to create and edit authorizations (object S_USER_AUTH) - Authorization to protect roles. You can use this authorization object to determine which roles may be processed and which activities (Create, Display, Change, and so on) are available for the role(s) (object S_USER_AGR). - Authorization for transactions that you may assign to the role and for which you can assign authorization at the start of the transaction in the Profile Generator (object S_USER_TCD) - Authorization to restrict the values which a system administrator can insert or change in a role in the Profile generator (S_USER_VAL) SAP user and authorization management activities are very sensitiveNote : activities and have to be performed by qualified and skilled administrator. Therefore and if you are not familiar with user management activities, you should use this document only in a SAP sandbox system or in a training environment. IV- Course materials:In the company, the SAP User and Management and Authorization consultant is responsibleto properly manage the “SAP user lifecycle” that includes the following activities: - The SAP user creation - The maintenance of SAP user access rights - Locking and unlocking the SAP user account - The inactivation of obsolete SAP user account 5
  6. 6. 1) SAP User creation:In this paragraph, we will show the different steps of the SAP user creation in SAP. We willconsider that we are working in a SAP ERP environment (in fact, the authorization concept inSAP BI or SAP Portal systems are different). Each business or technical user that needs to work on SAP requires having a SAP user account. For security reason and also for license consideration, the SAP user account must be unique. However and in very few circumstances, it can be required to use a shared SAP user account (in some production line for example). ⇒ Execute transaction SU01 ⇒ Enter the user name (user_test in our example) and click ‘Create’ As you can see, the screen related to the user creation consists of many tab : - The ‘adress’ tab - The ‘logon data’ tab - The ‘defaults’ tab - The ‘parameters’ tab - The ‘roles’ tab - The ‘profiles’ tab - The ‘groups’ tab The ‘personalization’ tab - The ‘licenceData’ tab 6
  7. 7. Here is a brief description regarding the tabs of the user creation screen:Tab Descriptionaddress Used to indicate the last name and first name of the user, its contact information, communication info,…logon data Used to fill out the Initial Password field on the Logon Data tab page. All other entries on this screen are optionalDefaults Used to indicate the default user parameter (language, printer,…)Parameters Used to assign user particular parameters (example : company code,…)roles Roles for accessing the SAP System to a user are assigned on this tab.profiles Used to assign manually created authorization profiles (and therefore authorizations) to a user.groups Used to assign the user to a user group on this tab page.personalization Used to make person-related settings using personalization objectslicenceData You specify the contractual user type of the user on this tab page. Table 1: SAP User creation tab description 7
  8. 8. Preview Original paying document published on :http://expertplug.com/materials/training/sap-user-and-authorization-toolkitYou can find many more full SAP training material and SAP jobs on www.ExpertPlug.com.ExpertPlug is an SAP marketplace for training materials and an online community of experts. Weoffer a simple way for the global SAP workforce, consulting companies and industry to market theirskills and find quality information.As an SAP Expert, you can also market your SAP skills and make extra cash by publishing SAPdocuments on www.ExpertPlug.com.

×