Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to create roles for consultants

Go to solution
former_member189019
Participant

‎03-09-2009 10:16 AM

0 Kudos

Dear Firends,

I have created one role from SAP_ALL but in audit that is not acceptable.

Can you please suggest better way for creating roles for our MM, SD , FI and Abapers.

Please help me out in the above issue.

Thanks a lot in advance.

Regards

Jay

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎03-09-2009 6:20 PM

0 Kudos

Hi,

Basically you can copy the roles from SAP menu structure. For MM, select total MM part in the logistics. they also need some transactions other than MM part. Best to way to get list is from their favorites. they can download and send it to you. So you can copy them. Like wise you can create for others. Also they need authorization for spro.

Thanks,

Gowrinadh C

6 REPLIES 6

Go to solution
jurjen_heeck
Active Contributor

‎03-09-2009 10:24 AM

0 Kudos

> ....but in audit that is not acceptable.

Not acceptable in DEV, QAS or PRD?

Go to solution
fredrik_borlie
Contributor

‎03-09-2009 10:29 AM

0 Kudos

As a former security consultant I always find this question quite funny.

I always ask my colleagues what authorization they need. And I always get the same answer.

"SAP_ALL"

So my response is then, tell me which transactions you need and I make sure you can run it!

That does not work either.

So to try to answer your question.

You have to find out how to define the roles neccessary for the developers.

You can do that by restricting everything and then allowing just transaction by transaction.

Another smart way is to look at some of the predefined roles available in the system. They will not match your need completely, but it will give you quite a good start.

In our new ECC 6.0 system there are over 2500 roles that are delivered by SAP to serve as a template.

Good luck!

/fredrik

Go to solution
former_member189019
Participant
In response to fredrik_borlie

‎03-09-2009 11:16 AM

0 Kudos

Dear Fredrik,

Already, have created one role for basis in dev with following following sap standard roles.

SAP_BC_AUTH_DATA_ADMIN

SAP_BC_AUTH_PROFILE_ADMIN

SAP_BC_BASIS_ADMIN

SAP_BC_BASIS_MONITORING

SAP_BC_BATCH_ADMIN

SAP_BC_BDC_ADMIN

SAP_BC_TRANSPORT_ADMINISTRATOR

SAP_BC_TRANSPORT_ADMIN_MINIAPP

SAP_BC_TRANSPORT_OPERATOR

But still am not getting authorization for SCC4 , stms_import.

can you pl suggest what is wrong??

Thanks in advance.

Regards

Jay,

Go to solution
former_member189019
Participant
In response to fredrik_borlie

‎03-09-2009 12:05 PM

0 Kudos

Dear ,

After adding SAP_BC_CLIENTCOPY that problem is solved.

But how roles will be created for all other consultants.

Regards

NIrgun

Go to solution
Former Member
In response to fredrik_borlie

‎03-09-2009 12:21 PM

0 Kudos

How good your roles will be depends on the quality and experience of your consultants.

If they do not know what transactions they need, one can question if they know what to do with the transaction??

Any way the only way forward is as suggested create roles as good as you can and then add when ever there is need for wider access!

Go to solution
Former Member

‎03-09-2009 6:20 PM

0 Kudos

Hi,

Basically you can copy the roles from SAP menu structure. For MM, select total MM part in the logistics. they also need some transactions other than MM part. Best to way to get list is from their favorites. they can download and send it to you. So you can copy them. Like wise you can create for others. Also they need authorization for spro.

Thanks,

Gowrinadh C