- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Automatic Role Provision tool in ECC
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Automatic Role Provision tool in ECC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2008 3:03 PM
Hi All - In my company we have very tedious procedure for role provisioning, users sometimes get totally lost when requesting roles.
We have no budget to implement SAP Access Enforcer, is there any tool within SAP which provides role provisioning.
Or can you guys suggest me any ideas with which I can make things easy to users in role provision.
As for now our process is user have to manully find roles which they want from couple of 100 roles, than it goes to role owner for approval after approval Sec Admin assigns requested role to user.......
Can you guys suggest me some ideas on how to make this process not complex to users.
Thanks All!
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2008 3:12 PM
First of all ENDUSERS shopping for roles is BAD practice.
SO you should have a design in which from a functional view the access is arranged>
I.e. a list of roles needed for each function, this should be setup by the role owners , key users functional consultants or however you call them!
secondly make a download of AGR_1251 select on object S_TCODE and ONLY your ENDUSER roles.
Put this in a spreadsheet to show to people who should make decisions on the right roles for users.
Good practice in difficult situations create composite roles for every function and assign that, centrally maintain the assignment of singles together with Key users/Role owners.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2008 3:41 PM
Thanks Auke for quick response!
I should have been more clear, my bad! When I say users I mean my IS users (BA's, functional Architects, PM's). Actually they request roles for end users or for business.
I was thinking to create standard roles (composite) per module/business specific. I dont know weather this idea will be any easy. When user request access to ECC per there responsibilities/business we can assign standard composite role to kick start user......
And also question with your previous post :
"_secondly make a download of AGR_1251 select on object S_TCODE and ONLY your ENDUSER roles_."
Could you explain me a little bit more...sorry!
Thanks Again.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2008 3:55 PM
First part, if your design was build according to best practice standards you should have build single display roles for each area on top of the u201Cdou201D roles for these areas.
Consultants and architects should ONLY have display access to production so just assign them the right display roles.
There is no reason these people should have TASKS in a production system.
The download bit:
Go to SE16 or SE17 whatever your company is using, select table AGR_1251 restrict on Object S_TCODE and download in Excel.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2008 4:29 PM
