Question:
Hi Guys,
We are currenlty on the first stages of implementing a security stratergy.
Im currently on a project and we are identifying tasks within the process teams. Once we have identified the tasks we will hold workshops with the process leads to identify transaction codes to assign to the tasks identified in the previous step.
I have been told to use the information collated from the workshops to find sap standard roles to use as templates. My question is :
* How does one identify, from the transactional data( from workshops), sap standard roles to use as a template? Is there a function we can use?
Or should I be copying all the sap roles and taking this information to the workshops.
Secondly, Is there a transaction within sap that will list all the standard roles in SAP and the associated transactions within them ?
Hope you can help!
Regards,
maz
Answer:
Spend an hour or so browsing the forum/using the search as build approaches have been done here a few times before.
As it stands you are starting from a reasonable position - identifying the tasks that are performed in jobs.
Very quickly, a common approach is:
Identify jobs
Identify tasks which make up jobs
Map transactions to tasks
build the jobs in SAP which represent the jobs identified by process owners out of transactions which make up the tasks
Parallel to this you need to identify what you are restricting on and factor that into your build method.
Do not use the SAP standard roles. They are created as generic roles and likely bear no resembelance to what your business does or needs. Some of the technical ones are OK but for the business create them from scratch.
You can get info on contents of roles from a few places. You can go through the menu with SUIM, you can use SE16 to see info from AGR_TCODES (not particularly accurate but will give enough info if you really want to go down the route of using/copying sap standard roles)
From the sound of your question it sounds like you are not a security person. For it to work well, make sure you have an experienced SAP security practitioner involved (one who knows role design, technical aspects of security and an appreciation of process controls) Many functional consultants think they know about security but 99% of them haven't got a clue.
Good luck!
Answer:
Hi, I have been playing with SE16 checking table AGR_Tcodes. I have noticed that not all transactions are shown related to the sap standard role.
Some roles have 1 transaction code and others have S_ALR_87009722.. what is this? Does it map to a group of transactions ?
Does any one know what table I can run so I can have a list of all sap standard roles with transaction codes within the role?
Thanks
PS.. I have tried looking (couple of hours!) for more information regarding build approcahes and methods on this website. iF anyone knows of any links please let me know.
Answer:
The authorisations made easy book is a good ref. Can anyone send it to me?