cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SRM 7 role mapping and authorization queries

Former Member

on ‎09-14-2011 1:16 AM

0 Kudos

Hi all,

We are on SRM 7.01.

Can anyone confirm the folllowing:

When std SAP roles are copied then does all authorization obejcts get copied ?

Also if we need to check which authorization objects are getting called for which transaction then how do I check this in SRM 7??In SRM 7,the transaction cannot be run in backend as all the transactions under a role in PFCG are Web dynpro applications.

'

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎09-14-2011 4:01 PM
0 Kudos 
When std SAP roles are copied then does all authorization obejcts get copied ?

This is correct. Authorization objects are part of the standard roles. So once you copy the roles, the authorization objects are also copied. As you have realized, in SRM 7, the concept of SAP GUI transaction is nearly obsolete. Authorization checks in SRM server are then embedded in the process of WebDynpro applications.

Show replies
Show replies
Former Member
‎09-14-2011 5:45 PM
0 Kudos

Thanks Hussain and Jay for the responses!

So in SRM 7.1,if I need to check the authroization obejcts for each of the transactions,how do I execute the trsanctions as they are emebeeded in web dynpro applications?Do I need to know the web dynpro application name of each of the link in the roles?If so,how do I find teh web dynpro application name for each of the transactions?

Also I had one more query regarding the EHP1 roles....We have currently activated the switch for EHP1 but we dont intend to use the Menu in the EHP1 roles i.e. we have been using the transactions in the Non-EHP1 roles...Will there be any incosnsiustency if we dont use the standrd EHP1 roles or copy the std EHP1 roles but use the non-EHP1 roles?

If we have activated EHP1,is it mandatory to use EHP1 roles?

Pls advise.

Former Member
‎09-14-2011 12:34 PM
0 Kudos

Hi If you are trying to build custom roles you have 2 options.

1. Copy the standard roles into a custom role, all authorization objects get copied. Since you are on SRM 7.01 make sure you copy the EHP1 roles which end with suffix *EHP1.

2. Build role from scratch. To do this you can ask your security person to give the minimum Human resource related authorizations to a test user ID (so that he can logon into SRM system to start transaction). Then Switch on the security trace while you run the transaction with the test ID on portal. Using the trace the security member can identify the required authorization objects required for the transaction. this will take a number of trial but you have to be careful to execute every action within a particular transaction.

Hope that helps.

Regards,

Hussain

Show replies
Show replies
Ask a Question