cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SCM authorizations

Former Member

on ‎01-06-2009 9:53 PM

0 Kudos

We are planning on upgrading APO 3.0 (ancient, I know) to SCM...will be setting up a new landscape, project team, quality testers, production users (eventually).

Is anything in old APO 'salvageable ' from a role perspective, or is this really a 'start from scratch' activity? I have also heard rumblings from our business customers that they want 'more' security in SCM than they have currently in APO - separate certain divisions and companies possibly.

Does anyone have any experience with SCM security? Are the SAP delivered roles any good, or do they need a lot of tweaking and testing adjustments? We find in other 'bolt ons' that many more auth checks are performed by various programs that have to be incorporated into roles - wondering if we can expect the same in SCM.

Can anyone relate their experience with SCM auths?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎01-07-2009 2:15 PM
0 Kudos

So, to confirm, in SCM the delivered roles functioned pretty well, with the exception of accomodating client specific requirements.

Our experience with original APO was very different. The transactions in APO were not delivered with any auth objects, and extensive testing and role changing was required.

Our experience with delivered roles in other 'bolt ons" has been mixed...we have had recent trouble with GTS and their delivered roles not containing all auth objects required when executing transactions. This adds unplanned time and risk to the project.

Show replies
Show replies
Former Member
‎01-07-2009 7:14 PM
0 Kudos

Hi Mary,

It is true that you need some good testing some times extensive depending on your requirements. SAP roles I see are bare minimum. We had to add a lot of objects and transactions and make sure the added transaction didn't bring in any duplicate or unwanted security objects in PFCG.

What we did was to make a cheat sheet of all transactions and list of activities executed by type of user and started of with the SAP standard role, ran the transactions/activities and when ever we had a access denial check SU53 and find out the object...analyze whether to add or not...I guess that is part and parcel of the testing...

let's see if any of the other members in the board have some good experience with the upgrade can comment on this..

Former Member
‎01-07-2009 8:00 AM
0 Kudos

Hi Mary,

You can use the below link to get more information on SCM basis authorisations, roles etc.,

http://help.sap.com/saphelp_scm70/helpdata/EN/b6/749684dc304a0bbb39696c73be0360/frameset.htm

Hope this helps your query.

Please confirm

Regards

R. Senthil Mareeswaran.

Show replies
Show replies
Former Member
‎01-07-2009 3:27 AM
0 Kudos

Hi Mary,

The DP and SNP roles are very useful. They are good starting points. You can use pretty much use the same roles defined in [Roles in SAP SCM|http://help.sap.com/saphelp_scm50/helpdata/en/43/4ec7101c091dede10000000a422035/frameset.htm].

The detailed objects are explained in [Authorization in Supply Network and Demand Planning|http://help.sap.com/saphelp_scm50/helpdata/en/21/f6253b90e48743e10000000a11402f/frameset.htm].

I am not that experienced in 3.0 to 5.0 transition of authorizations, but most of the 3.0 objects are retained in 5.0 but some of them are obsolete such as C_APO_SEL2 . But strangely they are still used....

In one of my previous projects, we started of with the standard roles and since the same user can not be used for all users we created Z roles adding, changing objects as needed.

For example, not all users need to have authorization for all planning books. I want to restrict my SNP users to display the DP books and display and edit the SNP planning books.

The same for DP, they should be able to display the SNP books and both display and edit the DP books. SO we modify the existing roles and created Z roles...

Overall in my experience, I see that SAP delivered roles are good starting points and as always since the client requirements vary, we end up creating zroles.

Show replies
Show replies
Ask a Question