Solved: PFCG - ROLES DEFINITION FOR ABAP TEAM

rperezkuzma · ‎08-07-2013

Dear SAP Professionals,

I would like to know your thoughts, ideas, templates and resources, on authorization objects and roles we should define and / or create in the company for ABAP development team.

Also, it will be very valuable being able to receive information about that definition, for BASIS team.

Look forward for your answer, and if you need further explanation pls feel free to make it.

Thanks in advance,

Rodolfo

Former Member · ‎08-07-2013

Hi Rodolfo,

These are 2 SAP Standard roles respectively for basis and ABAP team

SAP_BC_BASIS_ADMIN

SAP_BC_DWB_ABAPDEVELOPER.

You can copy these roles one by one and go in the auth. tab with each auth. object and change the values according to your business need.

Hope it will help you.

Thanks

Varun Jain

Former Member · ‎08-07-2013

Hi,

http://help.sap.com/saphelp_46c/helpdata/EN/42/7395c6e37f11d296250000e82de14a/content.htm

please go through this.

hope this would help you out.

Regards,

Mohan Kumar G

Former Member · ‎08-07-2013

Hi Rodolfo,

These are 2 SAP Standard roles respectively for basis and ABAP team

SAP_BC_BASIS_ADMIN

SAP_BC_DWB_ABAPDEVELOPER.

You can copy these roles one by one and go in the auth. tab with each auth. object and change the values according to your business need.

Hope it will help you.

Thanks

Varun Jain

rperezkuzma · ‎08-07-2013

Thanks Varun, it will definetely help. !!

I've found some other roles under:

SAP_BC_*

SAP_BC_DWB_*

Regards,

R

Former Member · ‎08-07-2013

Hello Rodolfo,

Refer the following link.

http://help.sap.com/saphelp_nw73/helpdata/en/4b/68587b8ec53260e10000000a42189b/frameset.htm

Thanks

Katrice

Former Member · ‎08-07-2013

Hi

Is this requirement for a newly installed SAP system and just for DEV or required in an established SAP system (for DEV/QA/PRD) where the business needs to reduce critical/SoD conflicts/fulfil a SOX compliance requirement?

Kind regards

David

rperezkuzma · ‎08-07-2013

Hi Berry,

thank you so much for your answer. Yes this is a requirement for a newly installed SAP system, and also the business needs look to reduce SoD conflicts (not SOX).

Look forward for your thoughts,

Regards,

Rodolfo

Former Member · ‎08-07-2013

I Would create different roles for the different systems (DEV/TEST and Production).

In some companies, the Development team only has display access in production and if really needed, they use a firefighter procedure to solve any problems in production. In dev/test they have broader roles with development authorizations.

Hope this helps!

rperezkuzma · ‎08-07-2013

Hello Meta,

thanks for your answer;

I've found this roles that can help;

SAP_BC_DWB_ABAPDEVELOPER ABAP Developer

SAP_BC_DWB_PROJECT_MANAGER Development Project Leader

SAP_BC_DWB_WBDISPLAY ABAP Developer: Display Authorization

maybe you have some others??

Regards,

R

Former Member · ‎08-07-2013

The SAP_BC_DWB_WBDISPLAY is ABAP display only I think (pls correct me if I'm wrong) and this will give to little authorizations to display in production for them.

We used the display roles in production that we have created per module (FI, MM, et cetera). and assigned them to one composite display role.

The template roles can be a good start for the non production systems, but in our case they where to limited and they needed more authorizations, also for the functional modules. So we ended up creating a new developer composite role that was a combination of the basic ABAPdeveloper role with additional functional roles.

The result is that they have many authorizations in the non production system and additional compensenating controls where needed to minimize the risk. The good thing is that they don't need critical authorizations in the production system and we can monitor the usage of the firefighter use in the production system.