Preview Original paying document published on :
http://expertplug.com/materials/training/sap-user-and-authorization-toolkit
You can find many more SAP training material on www.ExpertPlug.com.
(you can download the preview there)
ExpertPlug is an SAP marketplace for training materials and an online community of experts. We offer a simple way for the global SAP workforce, consulting companies and industry to market their skills and find quality information.
As an SAP Expert, you can also market your SAP skills and make extra cash by publishing SAP documents on www.ExpertPlug.com.
1. SAP User and Authorization Toolkit
SAP BC Training document
1
2. DISCLAIMER
“This publication contains references to the products of SAP AG. SAP, R/3, SAP NetWeaver, Duet,
PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and
services mentioned herein as well as their respective logos are trademarks or registered trademarks of
SAP AG in Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal
Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned
herein as well as their respective logos are trademarks or registered trademarks of Business Objects
Software Ltd. Business Objects is an SAP company.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products
and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of Sybase, Inc. Sybase is an SAP company.
SAP AG is neither the author nor the publisher of this publication and is not responsible for its content.
SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties
for SAP Group products and services are those that are set forth in the express warranty statements
accompanying such product and services, if any. Nothing herein should be construed as constituting
an additional warranty”.
SAP®, SAP® R/2®, SAP® R/3®, mySAP.com®, SAP® R/3® Enterprise, SAP NetWeaver®, ABAP™,
SAP® Business Suite, SAP® Customer Relationship Management (SAP CRM), SAP® ERP, SAP®
Product Lifecycle Management (SAP PLM), SAP® Supplier Relationship Management (SAP SRM),
SAP® Supply Chain Management (SAP SCM), SAP NetWeaver® Business Intelligence (SAP
NetWeaver BI), SAP® Business Information Warehouse (SAP BW), SAP NetWeaver® Portal, SAP
NetWeaver® Exchange Infrastructure (SAP NetWeaver XI), SAP® Solution Manager, SAP
NetWeaver® Visual Composer, SAP NetWeaver® Developer Studio are the trademark(s) or
registered trademark(s) of SAP AG in Germany and in several other countries.
2
3. Table of content
DISCLAIMER ............................................................................................................................................. 2
I- Transaction used : ........................................................................................................................... 4
II- Summary / Overview: ...................................................................................................................... 4
III- Requirements / prerequisites: .................................................................................................... 5
IV- Course materials:......................................................................................................................... 5
1) SAP User mass creation: .............................................................................................................. 6
2) Implement the required set of SAP roles .................................................................................... 8
3) Authorization check................................................................................................................... 16
4) Perform various report on user and authorization ................................................................... 17
5) Perform report on inactive SAP users ....................................................................................... 18
3
4. I- Transaction used :
SAP Transaction code Transaction description
SU01 User maintenance
SU10 Mass user maintenance
PFCG Role maintenance
SE16 Data Browser
SUIM User information system
II- Summary / Overview:
The purpose of this document is to show useful transaction, activities and tricks that allow the
SAP Authorization and User Management consultant to properly and efficiency manage user
and authorization within the company.
We suppose that the reader already has the basic knowledge in terms of SAP user creation,
SAP role creation and SAP user modification (please refer to the procedure SAP “User and
Authorization Management” for this purpose).
In his day to day activities or in some punctual circumstances, the SAP Authorization and
User Management consultant needs to know how:
- to perform mass user creation
- To implement the required set of SAP roles
- to ask user to perform an authorization check so he can determine the missing
authorization
- to perform various report on user and authorization to know who has the rights to do
what
- to perform report on inactive SAP users
- …
This list is not exhaustive; however, it defines some of the most important activities the SAP
Authorization and User Management consultant has to deal with.
4
5. III- Requirements / prerequisites:
In order to follow this procedure, it is required to have an extended SAP user access profile
(like SAP_ALL for example) allowing to perform SAP User management activities as well as
SAP Authorization management activities. In particular, the user needs to have access to all
the transaction mentioned in the paragraph ‘transaction used’.
SAP user and authorization management activities are very sensitive
Note : activities and have to be performed by qualified and skilled administrator.
Therefore and if you are not familiar with user management activities, you
should use this document only in a SAP sandbox system or in a training
environment.
Besides, we suppose that the reader already has the basic knowledge in terms of SAP user
creation, SAP role creation and SAP user modification (please refer to the procedure SAP
“User and Authorization Management” for this purpose).
IV- Course materials:
In the company, the SAP User and Management and Authorization consultant is responsible
to properly manage user and authorization. Due to the fact that there usually hundreds (or
even thousands) of SAP user accounts impacted, it is required to automatize some of the
tasks. In the following paragraph, we will see the basic required steps to:
- perform mass user creation
- Implement the required set of SAP roles ask user to perform an authorization check
so the User and Management and Authorization consultant can determine the
missing authorization
- perform various report on user and authorization to know who has the rights to do
what
- perform report on inactive SAP users
5
6. 1) SAP User mass creation:
In this paragraph, we will show the different steps of the SAP user mass creation in SAP. We
will consider that we are working in a SAP ERP environment (in fact, the authorization
concept in system like SAP Portal systems are different).
When some SAP projects have to go live, the authorization and user management
consultant needs to create many SAP user accounts (hundreds of SAP account
sometimes) so each entitled end-user in the company obtains his SAP user account.
Transaction SU10 in SAP allows creating multiple SAP user accounts.
⇒ Execute transaction SU10
⇒ Fill in the list of SAP user names and click the ‘create’ icon
As you can see, the screen related to the user creation consists of many tabs. Please
refer to procedure “User and Authorization Management” to have the signification of
these tabs.
⇒ In the logon data tab, change the start and end validity for the SAP user accounts
according to your requirements :
6
7. ⇒ In the ‘Roles’ tab, you can assign a role so all the user created will inherit this role :
⇒ Click on ‘save’ and then click on ‘yes’ when the following popup is displayed :
⇒ The displayed logs confirm the SAP user creation :
7
8. ⇒ Once you performed the mass user creation, you will have to go user by user on the
Address tab to adjust the information details (such as First name, Last name…). Also,
the SAP system generated for all these users password. You can have to change
these SAP generated password so you communicate to each user the new password
value.
2) Implement the required set of SAP roles
a) Understanding the SAP authorization concept
Purpose of the SAP authorization concept is to protect transactions and programs from
unauthorized access. Here, the SAP Authorization Consultant assigns roles to the users that
determine which actions they can execute in the system.
Each SAP role is associated to an authorization profile where authorizations are combined.
The definition of the main authorization components that participates in the authorization
concept is given below:
• Role: the roles are directly granted to the user in the role tab of transaction SU01.
Roles are associated to generated profile.
8
9. Preview Original paying document published on :
http://expertplug.com/materials/training/sap-user-and-authorization-toolkit
You can find many more full SAP training material and SAP jobs on www.ExpertPlug.com.
ExpertPlug is an SAP marketplace for training materials and an online community of experts. We
offer a simple way for the global SAP workforce, consulting companies and industry to market their
skills and find quality information.
As an SAP Expert, you can also market your SAP skills and make extra cash by publishing SAP
documents on www.ExpertPlug.com.