Sap Basis Training

IBM Global Technology Services
SAP BASIS TRAINING

User and Authorization
10/10/2006
IBM China
GuoLei, AMS, guol@cn.ibm.com
Integrating for Client Success
Copyright IBM Corporation 2006
R3

SPEX SAP R/3 Project
Version 1.0
Authorization Concept
SAP .
Version 1.0
SAP
Authorization Concept 2
Prof
Activit ile 1
y Grou
p1
Pro
Activi file 2
ty Gro
up 2
Profile
3
Manu
al
User Master Record
Profile(s)
Data Bank
Authorization(s)
Field Values
SAP AG 1999
Version 1.0
SM35
XK05
SE38
XK04
FF_5
MB53
FEBP
MB24
F-04
Version 1.0
IDs

:
John Doe
:
WO
TCODE1
TCODE2
TCODE3
TCODE4
TCODE5
TCODE
6
TCODE
7
TCODE
8
TCODE
9
Mary Jones
:
TCODE1
TCODE2
TCODE3
TCODE10
TCODE11
TCODE12
TCODE13
TCODE14
TCODE15
Version 1.0
Version 1.0
Version 1.0
Version 1.0
SAP .
Version 1.0
!
()
Authorization Objects
Authorization
Object
class
Authorization object
Financial
Accounting
Object: Customer
company code
Company Code
Activity
Customer company code:

Authorization A
0001-0009
display, change
Customer company code:

Authorization B
*
display
SAP AG 1999
Version 1.0
: MIRO
.
Version 1.0
Version 1.0
1
2
Version 1.0
:
-
Version 1.0
Object parameters determine the specific permissions

a user can perform in a transaction.
:
This user can perform

WHAT ACTIVITIES to
WHICH ACCOUNT
TYPES?
Version 1.0
!!!

!!!
1.
2./Template Role/
3.
4.
5.
1.
2.SAP
,
1.DEBUG,,
,
2.
3.I.T.useruserleader
useruser
I.T.
SAP
SAP User account
-Address
-Logon data
-Group
............
Bind with
SAP
Assign to
Role template
-Description
-Menu
-Authorizations
Authorization profile
-Object class
-Authorization object
-Authorizations
..
SAP

User accountUSER ID
RoleUSERSAP
S/OUSER
(Role)
sap4.0
user(!!)
single role composite role
SAP
Profile: sap4.0Role
sap4.6csap
Template Role:Rolesingle role.

(sapDerive
Role(sapadjust)
SAP
USER
USER
Role
Role:
G+Template Role()assignuser id
-
G+
G+-1
Template Role
Template Role
Z+User Role,assignuser id
-
Z+User ID+
:Template Role
Z+User ID+-1:Template Role
Z+User ID+Exception
:Role,
Y+Basis Role,assignuser id
-
Y+
:Basis Role
Role
/Rolename
AR
A/R
CO-AR
G+CO-AR
G+CO-AR-1
Y+CO-AR
Template Role
Template Role
Basis Role
Role
Template Role
G +-1
G + CO CO
Template Role
G+-1
G + CO CO 1
Role
User RoleuserRole.
-
Z+USER ID
W+ USER ID
Z+PSC1-ACT01+CO-CO
Basis Role
Role.
-
Y+
Y + CO CO
.Role
1.Template Role
G
2.User Role:
Z
3.Basis Role:
Y
.USER ID
USER IDID
PSC1-ENG01PSC1PP
PPI.T.
.
userMIS
user,IDI.T.
I.T.
I.T.
User ID, Role, Profile

sap4.6ProfileRole
RoleProfileUser
IDRole
USER ID
T CODE SU01
User ID
USER ID
USER ID
MIS
MISUser
ID
USER ID
USER ID
save
USER ID
USER IDID
(Assign) USER
Assign
Assign Role
Role
Role
RoleT CODE PFCG
1.;
RoleZ+USERID+EXCEPTION
2.;
Z+USERID+
3.COPY
Z+USERID+-1
Role
FORTEST, VA01YF30

PFCG
Role
Role name
Role
Role name
Role
save
Role
menu
Role
MenuUSER MENU
TEXT
T code
SAPMenuT code
RoleCopy Menu
Role

EXCEPTION(Standark)
(Add On)
User
MIS
Role
USER
user
Role
SAPT CODE
SAP
T CODET CODE
T code
Role

T CODE(T CODE
T code
Role
SAP
Role
Role
Role
Role
T codeObject
OBJECT
OBJECT
OBJECT
Role
ObjectT code
T codeuser
Role
Org.level.
sap
Org.level
Role
Org.Level
Object
value
Role
Org.LevelObject value
ObjectObject
Role

Object
*(star)*All AuthorizationObject

Role
T code
T codeObject
Y-AUTH-PRT
Role

Object.
T codeT
codeuser
Role

Role
Authorization
USER,Assign USER ID Role
Role
USER COMPARE
Complete
compare
COMPARE
Assign
FORTEST
VA01YF30
Role
,Role RoleMenu,
AuthorizationOrg.level) Role,Role
Role Role 1
Role
Role.
FORTEST, APAP
Template Role G+CO-AP
CreateRole
Role
Role
Template Role,Enter.
YES
YES
Role
Template
Role,
Authorization
Role
Profile
1.Org.level
X,Org.level
2.SAVEProfile
Role
3.Edit
Copy data,
Object
Role
Org.level
Org.levelObject
I.T.
Role
Org.level)
AssignUSER ID,
Role

Role

Role
APTemplate Role G+CO-AP1
Role
PFCGTemplate Role
COPY
Role
Role
Role
-1Rolemenu
Role
Org.level
Role
Role,
AssignUSER IDRole
Role

-1Template Role Role,
Org.levelObject
-1Object

Role
1.Merge
2./T Code
3.Role
4.Adjust
Role
RoleT Code/
MenuMenuAuthorization
User
Authorization
Role

RoleProfile
Profile
ProfileMenuProfile
Role
ProfileObject
Profile
Object
RoleMenuObject
MergeItem
Role
Profile
RoleMerge
RoleT CodeObject
Value
MergeObjectValue
Item
RoleMerge
Object,Object,Value
RoleMerge
UtilitiesMerge
RoleMerge
ObjectActivityGroup
AcitivityGroup
MergeObjectItem
ItemMerge
RoleMerge
RoleMergeRoleObject Menu
AuthorizationUser
T Code : FSS0
RoleMerge

ProfileObject
FSS0Object
(RoleT
CodeObject)
RoleMerge

ProfileObject
Object
Merge.
RoleMerge
Item
ObjectT Code
RoleT Code
T Code
MenuRole
AuthorizationRole

RoleT Code
MenuRoleS_TCODEObject
ObjectRoleT CodeMenu
Object
RoleT Code

MenuT CodeProfile
ObjectT CodeT Code
MenuT Code
T Code
RoleRole
Role ARole BInsert
Role BObjectRole A
Profile
Role
BProfile
Name
RoleRole
ObjectRole B
Role A
Role B

RoleAdjust
AdjustRole
RoleRoleCopy Data
RoleObject Value
RoleObject ValueRoleAdjust
RoleAdjust
DisplayTemplate RoleProfileGenerate
derived roles
ChangeTemplate RoleAdjustTemplate Role
RoleAdjust
Copy Data Adjust
Copy Data
Adjust
Role
Role
Role
RoleRole
Client
RoleRole
Role
1.Request Num
2.Release
3.Transport
RoleRequest Num
Role
PFCG
Role
RoleRequest Num
Single Role
Role
RoleRequest Num
RoleRequest Num
Role
client
AssignUser ID
Client
Compare
RoleRequest Num
Release
Request Num
Request
RoleRequest Num
RoleRequest Num
Request Num, C00KT00K

.
RoleRequest Num
RoleRequest Num
Key Role
RoleRelease
Release T Code SE10
Request Num
Modifiable
RoleRelease
Request Num,
Header
Item
RoleRelease
Release ItemNumHeader
Num
ItemNum
Release HeaderNum
HeaderNum
Role
Basis
Unix
YATP
QASYATPQA
Request NumReleaseNumber
Role
Request NumServer
Role
Role Request NumRelease
SE10,Num
Role
ReleaseNumber
Number
Role
PFCGRole
Profile
Role
Role
Role
1.RoleRequest Num
2.Role
3.Release;(Role
4.
User IDSU01
RoleZW
Role
USER

Debug/

1.SU53
2.SUIM

Debug/SU53

/NSU53
Debug/SU53
Debug/SU53

SU53
Debug/SUIM
SUIMInformation

T CodeT CodeRole
Debug/SUIM
Debug/SUIM
T CodeT codeRole
RoleMenuProfile
SD
SDS/O Billing BlockYS08
1.ObjectStandard/Manually/Maintained/Changed
2.Object Value VS Org.level
Object
Object
ProfileObject
NEW OLD
NEWObjectItemValue, Profile SaveOLD
OLD ObjectItem
Object
Standard
MaintainedValueItem
ChangedValueItem
Object Value VS Org.level

Object ValueOrg.levelAdjustRole
Role
1.Adjust
Org.levelRoleAdjustRoleRoleAdjustRole
Object.ValueRole

2.ValueOrg.level
ObjectItemValueOrg.level
$Org.level
Org.levelObjectOrg.level
Object$

RoleObject ValueRoleAdjust
RoleObject ValueOrg.level
Object ValueRoleAdjustRoleObject Value
RoleRoleObject Value
RoleValue$XXXX)Role
Org.level

3.OrgValue
ValueNULL()
$Key
ObjectObject
Q&A

Sap Basis Training - Auth

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sap Basis Training - Auth

Uploaded by

Copyright:

Available Formats

IBM Global Technology Services

Integrating for Client Success

IBM Global Technology Services

Copyright IBM Corporation 2006

IBM Global Technology Services

Copyright IBM Corporation 2006

IBM Global Technology Services

Copyright IBM Corporation 2006

IBM Global Technology Services

Copyright IBM Corporation 2006

IBM Global Technology Services

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

Copyright IBM Corporation 2006

IBM Global Technology Services

User Master Record

IBM Global Technology Services

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

Customer company code:

Customer company code:

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

IBM Global Technology Services

SPEX SAP R/3 Project

Copyright IBM Corporation 2006

IBM Global Technology Services

SPEX SAP R/3 Project

Object parameters determine the specific permissions

This user can perform