SlideShare a Scribd company logo

SAP MM Authorization Matrix and User roles.pdf

A
AmanKumarSaksena

SAP MM roles and authorization Matrix by Aman Saksena

Education
1 of 17
Download to read offline
SAP MM Authorization Matrix and User roles in SAP SAP MM BY AMAN SAKSENA aman.kr.saksena@gmail.com +91-8375994808
Overview of SAP Roles • Authorizations are especially useful when controlling access at the application level. They are responsible for controlling the various functions that a user can execute. • User's can also be authorized to view, change, enter, and delete data. While the underlying concept of the authorizing principle may seem trivial, there are numerous challenges that come into play during authorization implementations. • Security compliances, enterprise restrictions, and high costs often times deter organizations from implementing best practices in their security architecture. However, at the end of the day, the importance of a secure access control framework cannot be stressed enough. • Roles and authorizations are what enable users to execute transactions in SAP in a secure manner. (Error in SU53 T-Code) aman.kr.saksena@gmail.com +91-8375994808
P2P Cycle Involves Variety of users 01 02 03 04 Supervisor Accountant Maintenance In-charge Head of the department aman.kr.saksena@gmail.com +91-8375994808
Need of Roles and Authorization • Functional Consultants have a lot of questions in mind regarding this concept and one of the main questions here is why should Functional Consultants worry about Roles and Authorization when it is a job of BASIS team. • Roles and Authorizations allow the users to access SAP Standard as well as custom Transactions in a secure way. SAP provides certain set of generic Standard roles for different modules and different scenarios. aman.kr.saksena@gmail.com +91-8375994808
Need of Roles and Authorization • BASIS team have a know how about the User Management(SU01/SU10), Roles Creation, Profile Creation, Roles and Profile assignment(SAP ID), Authorization assignments etc. but main concern in most of the cases arises when the below questions are unanswered by BASIS team:- 1. Whom to Assign the Roles or transactions 2. What to Restrict in a transaction and for whom 3. How to authorize Custom transactions • Hence, it becomes the role of a Functional Consultant to guide them with the exact process flow and exact organizational chart. aman.kr.saksena@gmail.com +91-8375994808
Roles Org. Chart aman.kr.saksena@gmail.com +91-8375994808
Authorization Matrix based on roles aman.kr.saksena@gmail.com +91-8375994808
Authorization Matrix role mapping with App IDs aman.kr.saksena@gmail.com +91-8375994808
Roles • Single roles can be derived from their respective organizational values into derived roles. From a technical viewpoint, derived roles are also single roles that have inherited authorization characteristics from a separate "master" role. 1. Single Roles - Single roles are derivable from their respective organizational values. Usually when single roles are discussed amongst professionals, the primary reference point is given to a job or position based role design. When this is the case, all required authorizations for a user's job/position are contained in the single role. However, there are examples where many single role designs lack some or even all of a user's required authorizations. This is typically the case when a basic authorization role that includes transactions and authorizations that are uniform for all users. Similarly, there will be users who will possess extra privileges in their authorization permissions. 2. Derived Roles - There are a number of differences between single and derived roles. For starters, derived roles are composed of a "master" role and additional "child" roles that are each unique from the "master" and each other only in their organizational values. This approach does come with a number of limitations however. For example, if a user attempts to promote non-organizational fields to organizational fields, the user must ensure that the values be the same within one role. To put it simply, it's not advisable to use different non-organizational fields in tandem with derived roles since the values across all the child roles will be the same as the "master" role. As a result, all objects will be effected. 3. Composite Roles - The most versatile role type in SAP is the composite role. Composite roles are a collection of single roles that are capable of being grouped into a common composite role menu. The versatility results in users being able to indirectly assign multiple single roles to a user by assigning only the specific composite role that contains the single roles. Composite roles are heavily leveraged by SAP customers because they drastically reduce the single roles count that are directly assigned to users. In a nutshell, a composite role can really be thought of as a package of single roles that can guide a task-level single role. aman.kr.saksena@gmail.com +91-8375994808
How To Define a role • The reason to define user specific activity is to simplify the management of Roles. • We can also define user defined roles based on the Project scenario keeping below concept in mind:- • There are basically three types of Roles:- 1. Master Roles – With Transactions, Authorization Objects and with all organizational level management. 2. Derived Roles –With organizational level management and Transactions and Authorization Object copied from Master Role. 3. Composite Roles – With restrictions based on Org. structure or function. aman.kr.saksena@gmail.com +91-8375994808
Path of Role Authorization (BASIS Team) • You can copy and adjust these default roles in Customizing under:- • SPRO->SAP NetWeaver->Application Server->System Administration - >Users and Authorizations->Maintain Authorizations and Profiles using Profile Generator->Maintain Roles (T-Code : PFCG). aman.kr.saksena@gmail.com +91-8375994808
What are the components of a role? • Transaction Codes • Profile • Authorization Objects • Organization level 2 1 3 4 aman.kr.saksena@gmail.com +91-8375994808
Components of Role • Profile: Profiles are the objects that actually store the authorization data and Roles are the Container that contains the profile authorization data. • Authorization Objects: Objects that define the relation between different fields and also helps in restricting/ allowing the values of that particular field (For ex: Authorization of LGORT S.loc. in BETA Plant) • Authorization objects are actually defined in programs that are executed for any particular transactions. We can also create custom authorization objects for any particular transaction (generally custom transaction). aman.kr.saksena@gmail.com +91-8375994808
Components of Role • Organization level: This defines actually the organizational elements in SAP for ex: Company Code, Plant, Planning Plant, Purchase organization, Sales organization, Work Centres, etc. aman.kr.saksena@gmail.com +91-8375994808
Roles and Authorization Concept for Inventory Management SAP_SR_BUYER_5; is mainly purchasing-related roles but they contain MM-IM related data, such as a goods movement worklist.
Roles and Authorization Concept for Inventory Management aman.kr.saksena@gmail.com +91-8375994808
SAP MM Roles and auth. matrix Thank you SAP MM BY AMAN SAKSENA aman.kr.saksena@gmail.com +91-8375994808

Recommended

2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther
CardinaleWay Mazda
 
priyanka salesforce
priyanka salesforcepriyanka salesforce
priyanka salesforce
priyanka wasankar
 
Interview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRMInterview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRM
Kumari Warsha Goel
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
hkodali
 
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsWhitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Happiest Minds Technologies
 
Continuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-EnvironmentsContinuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-Environments
happiestmindstech
 
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptxTop 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
AnanthReddy38
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Security
mitul jain
 

Recommended

2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther
CardinaleWay Mazda
 
priyanka salesforce
priyanka salesforcepriyanka salesforce
priyanka salesforce
priyanka wasankar
 
Interview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRMInterview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRM
Kumari Warsha Goel
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
hkodali
 
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsWhitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Happiest Minds Technologies
 
Continuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-EnvironmentsContinuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-Environments
happiestmindstech
 
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptxTop 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
Top 20 Salesforce Admin Interview Questions and Answers in 2023.pptx
AnanthReddy38
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Security
mitul jain
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
Anil Kumar Reddy Cheppalli
 
shravan
shravanshravan
shravan
shravan kumar
 
Resume
ResumeResume
Resume
Prosun Chakraborty
 
SAP-Security-Madhu
SAP-Security-MadhuSAP-Security-Madhu
SAP-Security-Madhu
Madhu Sharma
 
User stories in agile software development
User stories in agile software developmentUser stories in agile software development
User stories in agile software development
Sandra Svanidzaitė, PhD, CBAP
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
akquinet enterprise solutions GmbH
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
larrymcc
 
More
MoreMore
More
Alex Badalic
 
Authorisations in SAP: best practices
Authorisations in SAP: best practicesAuthorisations in SAP: best practices
Authorisations in SAP: best practices
Jonathan Eemans
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
yektek
 
Keeping it Simple with Permission Sets
Keeping it Simple with Permission SetsKeeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Configero
 
Open iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-aOpen iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-a
Bibhuti Kr Jha +91-9810016292
 
Automation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfAutomation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdf
Cristina Vidu
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answers
Nancy Nelida
 
pavan new
pavan newpavan new
pavan new
pavan kumar
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
Salesforce Developers
 
Subhrajyoti Nath_CV
Subhrajyoti Nath_CVSubhrajyoti Nath_CV
Subhrajyoti Nath_CV
Subhrajyoti N
 
prasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDCprasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDC
Kotapati Prasad
 
M365 admin center overview - November 2018
M365 admin center overview - November 2018M365 admin center overview - November 2018
M365 admin center overview - November 2018
Matthew Ruderman
 
Robert_Salesforce_Developer
Robert_Salesforce_DeveloperRobert_Salesforce_Developer
Robert_Salesforce_Developer
Robert S
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
VishalSingh1417
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
RamjanShidvankar
 

More Related Content

Similar to SAP MM Authorization Matrix and User roles.pdf

SAP-Security-Madhu
SAP-Security-MadhuSAP-Security-Madhu
SAP-Security-Madhu
Madhu Sharma
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
akquinet enterprise solutions GmbH
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
Salesforce Developers
 
prasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDCprasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDC
Kotapati Prasad
 
Robert_Salesforce_Developer
Robert_Salesforce_DeveloperRobert_Salesforce_Developer
Robert_Salesforce_Developer
Robert S
 

Similar to SAP MM Authorization Matrix and User roles.pdf (20)

Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
 
shravan
shravanshravan
shravan
 
Resume
ResumeResume
Resume
 
SAP-Security-Madhu
SAP-Security-MadhuSAP-Security-Madhu
SAP-Security-Madhu
 
User stories in agile software development
User stories in agile software developmentUser stories in agile software development
User stories in agile software development
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
 
More
MoreMore
More
 
Authorisations in SAP: best practices
Authorisations in SAP: best practicesAuthorisations in SAP: best practices
Authorisations in SAP: best practices
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
 
Keeping it Simple with Permission Sets
Keeping it Simple with Permission SetsKeeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
 
Open iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-aOpen iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-a
 
Automation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfAutomation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdf
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answers
 
pavan new
pavan newpavan new
pavan new
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
 
Subhrajyoti Nath_CV
Subhrajyoti Nath_CVSubhrajyoti Nath_CV
Subhrajyoti Nath_CV
 
prasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDCprasad with 2.11yrs Exp on SFDC
prasad with 2.11yrs Exp on SFDC
 
M365 admin center overview - November 2018
M365 admin center overview - November 2018M365 admin center overview - November 2018
M365 admin center overview - November 2018
 
Robert_Salesforce_Developer
Robert_Salesforce_DeveloperRobert_Salesforce_Developer
Robert_Salesforce_Developer
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 

Recently uploaded (20)

Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 

SAP MM Authorization Matrix and User roles.pdf

  • 1. SAP MM Authorization Matrix and User roles in SAP SAP MM BY AMAN SAKSENA aman.kr.saksena@gmail.com +91-8375994808
  • 2. Overview of SAP Roles • Authorizations are especially useful when controlling access at the application level. They are responsible for controlling the various functions that a user can execute. • User's can also be authorized to view, change, enter, and delete data. While the underlying concept of the authorizing principle may seem trivial, there are numerous challenges that come into play during authorization implementations. • Security compliances, enterprise restrictions, and high costs often times deter organizations from implementing best practices in their security architecture. However, at the end of the day, the importance of a secure access control framework cannot be stressed enough. • Roles and authorizations are what enable users to execute transactions in SAP in a secure manner. (Error in SU53 T-Code) aman.kr.saksena@gmail.com +91-8375994808
  • 3. P2P Cycle Involves Variety of users 01 02 03 04 Supervisor Accountant Maintenance In-charge Head of the department aman.kr.saksena@gmail.com +91-8375994808
  • 4. Need of Roles and Authorization • Functional Consultants have a lot of questions in mind regarding this concept and one of the main questions here is why should Functional Consultants worry about Roles and Authorization when it is a job of BASIS team. • Roles and Authorizations allow the users to access SAP Standard as well as custom Transactions in a secure way. SAP provides certain set of generic Standard roles for different modules and different scenarios. aman.kr.saksena@gmail.com +91-8375994808
  • 5. Need of Roles and Authorization • BASIS team have a know how about the User Management(SU01/SU10), Roles Creation, Profile Creation, Roles and Profile assignment(SAP ID), Authorization assignments etc. but main concern in most of the cases arises when the below questions are unanswered by BASIS team:- 1. Whom to Assign the Roles or transactions 2. What to Restrict in a transaction and for whom 3. How to authorize Custom transactions • Hence, it becomes the role of a Functional Consultant to guide them with the exact process flow and exact organizational chart. aman.kr.saksena@gmail.com +91-8375994808
  • 7. Authorization Matrix based on roles aman.kr.saksena@gmail.com +91-8375994808
  • 8. Authorization Matrix role mapping with App IDs aman.kr.saksena@gmail.com +91-8375994808
  • 9. Roles • Single roles can be derived from their respective organizational values into derived roles. From a technical viewpoint, derived roles are also single roles that have inherited authorization characteristics from a separate "master" role. 1. Single Roles - Single roles are derivable from their respective organizational values. Usually when single roles are discussed amongst professionals, the primary reference point is given to a job or position based role design. When this is the case, all required authorizations for a user's job/position are contained in the single role. However, there are examples where many single role designs lack some or even all of a user's required authorizations. This is typically the case when a basic authorization role that includes transactions and authorizations that are uniform for all users. Similarly, there will be users who will possess extra privileges in their authorization permissions. 2. Derived Roles - There are a number of differences between single and derived roles. For starters, derived roles are composed of a "master" role and additional "child" roles that are each unique from the "master" and each other only in their organizational values. This approach does come with a number of limitations however. For example, if a user attempts to promote non-organizational fields to organizational fields, the user must ensure that the values be the same within one role. To put it simply, it's not advisable to use different non-organizational fields in tandem with derived roles since the values across all the child roles will be the same as the "master" role. As a result, all objects will be effected. 3. Composite Roles - The most versatile role type in SAP is the composite role. Composite roles are a collection of single roles that are capable of being grouped into a common composite role menu. The versatility results in users being able to indirectly assign multiple single roles to a user by assigning only the specific composite role that contains the single roles. Composite roles are heavily leveraged by SAP customers because they drastically reduce the single roles count that are directly assigned to users. In a nutshell, a composite role can really be thought of as a package of single roles that can guide a task-level single role. aman.kr.saksena@gmail.com +91-8375994808
  • 10. How To Define a role • The reason to define user specific activity is to simplify the management of Roles. • We can also define user defined roles based on the Project scenario keeping below concept in mind:- • There are basically three types of Roles:- 1. Master Roles – With Transactions, Authorization Objects and with all organizational level management. 2. Derived Roles –With organizational level management and Transactions and Authorization Object copied from Master Role. 3. Composite Roles – With restrictions based on Org. structure or function. aman.kr.saksena@gmail.com +91-8375994808
  • 11. Path of Role Authorization (BASIS Team) • You can copy and adjust these default roles in Customizing under:- • SPRO->SAP NetWeaver->Application Server->System Administration - >Users and Authorizations->Maintain Authorizations and Profiles using Profile Generator->Maintain Roles (T-Code : PFCG). aman.kr.saksena@gmail.com +91-8375994808
  • 12. What are the components of a role? • Transaction Codes • Profile • Authorization Objects • Organization level 2 1 3 4 aman.kr.saksena@gmail.com +91-8375994808
  • 13. Components of Role • Profile: Profiles are the objects that actually store the authorization data and Roles are the Container that contains the profile authorization data. • Authorization Objects: Objects that define the relation between different fields and also helps in restricting/ allowing the values of that particular field (For ex: Authorization of LGORT S.loc. in BETA Plant) • Authorization objects are actually defined in programs that are executed for any particular transactions. We can also create custom authorization objects for any particular transaction (generally custom transaction). aman.kr.saksena@gmail.com +91-8375994808
  • 14. Components of Role • Organization level: This defines actually the organizational elements in SAP for ex: Company Code, Plant, Planning Plant, Purchase organization, Sales organization, Work Centres, etc. aman.kr.saksena@gmail.com +91-8375994808
  • 15. Roles and Authorization Concept for Inventory Management SAP_SR_BUYER_5; is mainly purchasing-related roles but they contain MM-IM related data, such as a goods movement worklist.
  • 16. Roles and Authorization Concept for Inventory Management aman.kr.saksena@gmail.com +91-8375994808
  • 17. SAP MM Roles and auth. matrix Thank you SAP MM BY AMAN SAKSENA aman.kr.saksena@gmail.com +91-8375994808