SlideShare a Scribd company logo

Sap user and authorization toolkit

ExpertPlug
ExpertPlug

Preview Original paying document published on : http://expertplug.com/materials/training/sap-user-and-authorization-toolkit You can find many more SAP training material on www.ExpertPlug.com. (you can download the preview there) ExpertPlug is an SAP marketplace for training materials and an online community of experts. We offer a simple way for the global SAP workforce, consulting companies and industry to market their skills and find quality information. As an SAP Expert, you can also market your SAP skills and make extra cash by publishing SAP documents on www.ExpertPlug.com.

1 of 9
SAP User and Authorization Toolkit SAP BC Training document 1
DISCLAIMER “This publication contains references to the products of SAP AG. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company. SAP AG is neither the author nor the publisher of this publication and is not responsible for its content. SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such product and services, if any. Nothing herein should be construed as constituting an additional warranty”. SAP®, SAP® R/2®, SAP® R/3®, mySAP.com®, SAP® R/3® Enterprise, SAP NetWeaver®, ABAP™, SAP® Business Suite, SAP® Customer Relationship Management (SAP CRM), SAP® ERP, SAP® Product Lifecycle Management (SAP PLM), SAP® Supplier Relationship Management (SAP SRM), SAP® Supply Chain Management (SAP SCM), SAP NetWeaver® Business Intelligence (SAP NetWeaver BI), SAP® Business Information Warehouse (SAP BW), SAP NetWeaver® Portal, SAP NetWeaver® Exchange Infrastructure (SAP NetWeaver XI), SAP® Solution Manager, SAP NetWeaver® Visual Composer, SAP NetWeaver® Developer Studio are the trademark(s) or registered trademark(s) of SAP AG in Germany and in several other countries. 2
Table of content DISCLAIMER ............................................................................................................................................. 2 I- Transaction used : ........................................................................................................................... 4 II- Summary / Overview: ...................................................................................................................... 4 III- Requirements / prerequisites: .................................................................................................... 5 IV- Course materials:......................................................................................................................... 5 1) SAP User mass creation: .............................................................................................................. 6 2) Implement the required set of SAP roles .................................................................................... 8 3) Authorization check................................................................................................................... 16 4) Perform various report on user and authorization ................................................................... 17 5) Perform report on inactive SAP users ....................................................................................... 18 3
I- Transaction used : SAP Transaction code Transaction description SU01 User maintenance SU10 Mass user maintenance PFCG Role maintenance SE16 Data Browser SUIM User information system II- Summary / Overview: The purpose of this document is to show useful transaction, activities and tricks that allow the SAP Authorization and User Management consultant to properly and efficiency manage user and authorization within the company. We suppose that the reader already has the basic knowledge in terms of SAP user creation, SAP role creation and SAP user modification (please refer to the procedure SAP “User and Authorization Management” for this purpose). In his day to day activities or in some punctual circumstances, the SAP Authorization and User Management consultant needs to know how: - to perform mass user creation - To implement the required set of SAP roles - to ask user to perform an authorization check so he can determine the missing authorization - to perform various report on user and authorization to know who has the rights to do what - to perform report on inactive SAP users - … This list is not exhaustive; however, it defines some of the most important activities the SAP Authorization and User Management consultant has to deal with. 4
III- Requirements / prerequisites: In order to follow this procedure, it is required to have an extended SAP user access profile (like SAP_ALL for example) allowing to perform SAP User management activities as well as SAP Authorization management activities. In particular, the user needs to have access to all the transaction mentioned in the paragraph ‘transaction used’. SAP user and authorization management activities are very sensitive Note : activities and have to be performed by qualified and skilled administrator. Therefore and if you are not familiar with user management activities, you should use this document only in a SAP sandbox system or in a training environment. Besides, we suppose that the reader already has the basic knowledge in terms of SAP user creation, SAP role creation and SAP user modification (please refer to the procedure SAP “User and Authorization Management” for this purpose). IV- Course materials: In the company, the SAP User and Management and Authorization consultant is responsible to properly manage user and authorization. Due to the fact that there usually hundreds (or even thousands) of SAP user accounts impacted, it is required to automatize some of the tasks. In the following paragraph, we will see the basic required steps to: - perform mass user creation - Implement the required set of SAP roles ask user to perform an authorization check so the User and Management and Authorization consultant can determine the missing authorization - perform various report on user and authorization to know who has the rights to do what - perform report on inactive SAP users 5
1) SAP User mass creation: In this paragraph, we will show the different steps of the SAP user mass creation in SAP. We will consider that we are working in a SAP ERP environment (in fact, the authorization concept in system like SAP Portal systems are different). When some SAP projects have to go live, the authorization and user management consultant needs to create many SAP user accounts (hundreds of SAP account sometimes) so each entitled end-user in the company obtains his SAP user account. Transaction SU10 in SAP allows creating multiple SAP user accounts. ⇒ Execute transaction SU10 ⇒ Fill in the list of SAP user names and click the ‘create’ icon As you can see, the screen related to the user creation consists of many tabs. Please refer to procedure “User and Authorization Management” to have the signification of these tabs. ⇒ In the logon data tab, change the start and end validity for the SAP user accounts according to your requirements : 6
⇒ In the ‘Roles’ tab, you can assign a role so all the user created will inherit this role : ⇒ Click on ‘save’ and then click on ‘yes’ when the following popup is displayed : ⇒ The displayed logs confirm the SAP user creation : 7
⇒ Once you performed the mass user creation, you will have to go user by user on the Address tab to adjust the information details (such as First name, Last name…). Also, the SAP system generated for all these users password. You can have to change these SAP generated password so you communicate to each user the new password value. 2) Implement the required set of SAP roles a) Understanding the SAP authorization concept Purpose of the SAP authorization concept is to protect transactions and programs from unauthorized access. Here, the SAP Authorization Consultant assigns roles to the users that determine which actions they can execute in the system. Each SAP role is associated to an authorization profile where authorizations are combined. The definition of the main authorization components that participates in the authorization concept is given below: • Role: the roles are directly granted to the user in the role tab of transaction SU01. Roles are associated to generated profile. 8
Preview Original paying document published on : http://expertplug.com/materials/training/sap-user-and-authorization-toolkit You can find many more full SAP training material and SAP jobs on www.ExpertPlug.com. ExpertPlug is an SAP marketplace for training materials and an online community of experts. We offer a simple way for the global SAP workforce, consulting companies and industry to market their skills and find quality information. As an SAP Expert, you can also market your SAP skills and make extra cash by publishing SAP documents on www.ExpertPlug.com.

Recommended

Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
NextLabs, Inc.
 
Authorization objects a simple guide
Authorization objects a simple guideAuthorization objects a simple guide
Authorization objects a simple guide
Albert Shumov
 
Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security
Siva Pradeep Bolisetti
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRC
techgurusuresh
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
Nasir Gondal
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important Questions
Ragu M
 
PART I of III: Advanced Authorization for SAP Global Deployments: September ...
PART I of III: Advanced Authorization for SAP Global Deployments: September ...PART I of III: Advanced Authorization for SAP Global Deployments: September ...
PART I of III: Advanced Authorization for SAP Global Deployments: September ...
NextLabs, Inc.
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questions
sumitmsn2
 

Recommended

Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
NextLabs, Inc.
 
Authorization objects a simple guide
Authorization objects a simple guideAuthorization objects a simple guide
Authorization objects a simple guide
Albert Shumov
 
Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security
Siva Pradeep Bolisetti
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRC
techgurusuresh
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
Nasir Gondal
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important Questions
Ragu M
 
PART I of III: Advanced Authorization for SAP Global Deployments: September ...
PART I of III: Advanced Authorization for SAP Global Deployments: September ...PART I of III: Advanced Authorization for SAP Global Deployments: September ...
PART I of III: Advanced Authorization for SAP Global Deployments: September ...
NextLabs, Inc.
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questions
sumitmsn2
 
Pensum adm
Pensum admPensum adm
Pensum adm
Adhemar Vargas
 
CSI tools SAP Authorization Presentation TROOPERS 2014
CSI tools SAP Authorization Presentation TROOPERS 2014CSI tools SAP Authorization Presentation TROOPERS 2014
CSI tools SAP Authorization Presentation TROOPERS 2014
CSI tools
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0
Latha Kamal
 
How to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsHow to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systems
TL Technologies - Thoughts Become Things
 
Basic settings Of SAP Fi
Basic settings Of SAP FiBasic settings Of SAP Fi
Basic settings Of SAP Fi
Lav Kumar
 
Summarisation levels in SAP COPA
Summarisation levels in SAP COPASummarisation levels in SAP COPA
Summarisation levels in SAP COPA
Rajesh Shanbhag
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
Guang Ying Yuan
 
SAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data securitySAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data security
Sven Ringling
 
Co product costing detailed trng
Co product costing detailed trngCo product costing detailed trng
Co product costing detailed trng
Venkat Reddy
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 training
suresh
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
larrymcc
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.info
sapdocs. info
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
Nasir Gondal
 
Copa implementation
Copa implementationCopa implementation
Copa implementation
suryanarayana tata
 
MAHESH SAP FI NOTES
MAHESH SAP FI NOTESMAHESH SAP FI NOTES
MAHESH SAP FI NOTES
garry1890
 
Copa configuration
Copa configurationCopa configuration
Copa configuration
Mithun Roy
 
Co product costing config ecc6
Co product costing config ecc6Co product costing config ecc6
Co product costing config ecc6
Abhishek Mittal
 

More Related Content

Viewers also liked

CSI tools SAP Authorization Presentation TROOPERS 2014
CSI tools SAP Authorization Presentation TROOPERS 2014CSI tools SAP Authorization Presentation TROOPERS 2014
CSI tools SAP Authorization Presentation TROOPERS 2014
CSI tools
 
Basic settings Of SAP Fi
Basic settings Of SAP FiBasic settings Of SAP Fi
Basic settings Of SAP Fi
Lav Kumar
 
Summarisation levels in SAP COPA
Summarisation levels in SAP COPASummarisation levels in SAP COPA
Summarisation levels in SAP COPA
Rajesh Shanbhag
 
Co product costing detailed trng
Co product costing detailed trngCo product costing detailed trng
Co product costing detailed trng
Venkat Reddy
 
MAHESH SAP FI NOTES
MAHESH SAP FI NOTESMAHESH SAP FI NOTES
MAHESH SAP FI NOTES
garry1890
 
Copa configuration
Copa configurationCopa configuration
Copa configuration
Mithun Roy
 
Co product costing config ecc6
Co product costing config ecc6Co product costing config ecc6
Co product costing config ecc6
Abhishek Mittal
 

Viewers also liked (17)

Pensum adm
Pensum admPensum adm
Pensum adm
 
CSI tools SAP Authorization Presentation TROOPERS 2014
CSI tools SAP Authorization Presentation TROOPERS 2014CSI tools SAP Authorization Presentation TROOPERS 2014
CSI tools SAP Authorization Presentation TROOPERS 2014
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0
 
How to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsHow to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systems
 
Basic settings Of SAP Fi
Basic settings Of SAP FiBasic settings Of SAP Fi
Basic settings Of SAP Fi
 
Summarisation levels in SAP COPA
Summarisation levels in SAP COPASummarisation levels in SAP COPA
Summarisation levels in SAP COPA
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
 
SAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data securitySAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data security
 
Co product costing detailed trng
Co product costing detailed trngCo product costing detailed trng
Co product costing detailed trng
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 training
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.info
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 
Copa implementation
Copa implementationCopa implementation
Copa implementation
 
MAHESH SAP FI NOTES
MAHESH SAP FI NOTESMAHESH SAP FI NOTES
MAHESH SAP FI NOTES
 
Copa configuration
Copa configurationCopa configuration
Copa configuration
 
Co product costing config ecc6
Co product costing config ecc6Co product costing config ecc6
Co product costing config ecc6
 

Sap user and authorization toolkit

  • 1. SAP User and Authorization Toolkit SAP BC Training document 1
  • 2. DISCLAIMER “This publication contains references to the products of SAP AG. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company. SAP AG is neither the author nor the publisher of this publication and is not responsible for its content. SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such product and services, if any. Nothing herein should be construed as constituting an additional warranty”. SAP®, SAP® R/2®, SAP® R/3®, mySAP.com®, SAP® R/3® Enterprise, SAP NetWeaver®, ABAP™, SAP® Business Suite, SAP® Customer Relationship Management (SAP CRM), SAP® ERP, SAP® Product Lifecycle Management (SAP PLM), SAP® Supplier Relationship Management (SAP SRM), SAP® Supply Chain Management (SAP SCM), SAP NetWeaver® Business Intelligence (SAP NetWeaver BI), SAP® Business Information Warehouse (SAP BW), SAP NetWeaver® Portal, SAP NetWeaver® Exchange Infrastructure (SAP NetWeaver XI), SAP® Solution Manager, SAP NetWeaver® Visual Composer, SAP NetWeaver® Developer Studio are the trademark(s) or registered trademark(s) of SAP AG in Germany and in several other countries. 2
  • 3. Table of content DISCLAIMER ............................................................................................................................................. 2 I- Transaction used : ........................................................................................................................... 4 II- Summary / Overview: ...................................................................................................................... 4 III- Requirements / prerequisites: .................................................................................................... 5 IV- Course materials:......................................................................................................................... 5 1) SAP User mass creation: .............................................................................................................. 6 2) Implement the required set of SAP roles .................................................................................... 8 3) Authorization check................................................................................................................... 16 4) Perform various report on user and authorization ................................................................... 17 5) Perform report on inactive SAP users ....................................................................................... 18 3
  • 4. I- Transaction used : SAP Transaction code Transaction description SU01 User maintenance SU10 Mass user maintenance PFCG Role maintenance SE16 Data Browser SUIM User information system II- Summary / Overview: The purpose of this document is to show useful transaction, activities and tricks that allow the SAP Authorization and User Management consultant to properly and efficiency manage user and authorization within the company. We suppose that the reader already has the basic knowledge in terms of SAP user creation, SAP role creation and SAP user modification (please refer to the procedure SAP “User and Authorization Management” for this purpose). In his day to day activities or in some punctual circumstances, the SAP Authorization and User Management consultant needs to know how: - to perform mass user creation - To implement the required set of SAP roles - to ask user to perform an authorization check so he can determine the missing authorization - to perform various report on user and authorization to know who has the rights to do what - to perform report on inactive SAP users - … This list is not exhaustive; however, it defines some of the most important activities the SAP Authorization and User Management consultant has to deal with. 4
  • 5. III- Requirements / prerequisites: In order to follow this procedure, it is required to have an extended SAP user access profile (like SAP_ALL for example) allowing to perform SAP User management activities as well as SAP Authorization management activities. In particular, the user needs to have access to all the transaction mentioned in the paragraph ‘transaction used’. SAP user and authorization management activities are very sensitive Note : activities and have to be performed by qualified and skilled administrator. Therefore and if you are not familiar with user management activities, you should use this document only in a SAP sandbox system or in a training environment. Besides, we suppose that the reader already has the basic knowledge in terms of SAP user creation, SAP role creation and SAP user modification (please refer to the procedure SAP “User and Authorization Management” for this purpose). IV- Course materials: In the company, the SAP User and Management and Authorization consultant is responsible to properly manage user and authorization. Due to the fact that there usually hundreds (or even thousands) of SAP user accounts impacted, it is required to automatize some of the tasks. In the following paragraph, we will see the basic required steps to: - perform mass user creation - Implement the required set of SAP roles ask user to perform an authorization check so the User and Management and Authorization consultant can determine the missing authorization - perform various report on user and authorization to know who has the rights to do what - perform report on inactive SAP users 5
  • 6. 1) SAP User mass creation: In this paragraph, we will show the different steps of the SAP user mass creation in SAP. We will consider that we are working in a SAP ERP environment (in fact, the authorization concept in system like SAP Portal systems are different). When some SAP projects have to go live, the authorization and user management consultant needs to create many SAP user accounts (hundreds of SAP account sometimes) so each entitled end-user in the company obtains his SAP user account. Transaction SU10 in SAP allows creating multiple SAP user accounts. ⇒ Execute transaction SU10 ⇒ Fill in the list of SAP user names and click the ‘create’ icon As you can see, the screen related to the user creation consists of many tabs. Please refer to procedure “User and Authorization Management” to have the signification of these tabs. ⇒ In the logon data tab, change the start and end validity for the SAP user accounts according to your requirements : 6
  • 7. ⇒ In the ‘Roles’ tab, you can assign a role so all the user created will inherit this role : ⇒ Click on ‘save’ and then click on ‘yes’ when the following popup is displayed : ⇒ The displayed logs confirm the SAP user creation : 7
  • 8. ⇒ Once you performed the mass user creation, you will have to go user by user on the Address tab to adjust the information details (such as First name, Last name…). Also, the SAP system generated for all these users password. You can have to change these SAP generated password so you communicate to each user the new password value. 2) Implement the required set of SAP roles a) Understanding the SAP authorization concept Purpose of the SAP authorization concept is to protect transactions and programs from unauthorized access. Here, the SAP Authorization Consultant assigns roles to the users that determine which actions they can execute in the system. Each SAP role is associated to an authorization profile where authorizations are combined. The definition of the main authorization components that participates in the authorization concept is given below: • Role: the roles are directly granted to the user in the role tab of transaction SU01. Roles are associated to generated profile. 8
  • 9. Preview Original paying document published on : http://expertplug.com/materials/training/sap-user-and-authorization-toolkit You can find many more full SAP training material and SAP jobs on www.ExpertPlug.com. ExpertPlug is an SAP marketplace for training materials and an online community of experts. We offer a simple way for the global SAP workforce, consulting companies and industry to market their skills and find quality information. As an SAP Expert, you can also market your SAP skills and make extra cash by publishing SAP documents on www.ExpertPlug.com.