08-07-2013 12:52 AM
Dear SAP Professionals,
I would like to know your thoughts, ideas, templates and resources, on authorization objects and roles we should define and / or create in the company for ABAP development team.
Also, it will be very valuable being able to receive information about that definition, for BASIS team.
Look forward for your answer, and if you need further explanation pls feel free to make it.
Thanks in advance,
Rodolfo
08-07-2013 10:02 AM
Hi Rodolfo,
These are 2 SAP Standard roles respectively for basis and ABAP team
SAP_BC_BASIS_ADMIN
SAP_BC_DWB_ABAPDEVELOPER.
You can copy these roles one by one and go in the auth. tab with each auth. object and change the values according to your business need.
Hope it will help you.
Thanks
Varun Jain
08-07-2013 8:46 AM
Hi,
http://help.sap.com/saphelp_46c/helpdata/EN/42/7395c6e37f11d296250000e82de14a/content.htm
please go through this.
hope this would help you out.
Regards,
Mohan Kumar G
08-07-2013 10:02 AM
Hi Rodolfo,
These are 2 SAP Standard roles respectively for basis and ABAP team
SAP_BC_BASIS_ADMIN
SAP_BC_DWB_ABAPDEVELOPER.
You can copy these roles one by one and go in the auth. tab with each auth. object and change the values according to your business need.
Hope it will help you.
Thanks
Varun Jain
08-07-2013 8:20 PM
Thanks Varun, it will definetely help. !!
I've found some other roles under:
SAP_BC_*
SAP_BC_DWB_*
Regards,
R
08-07-2013 10:32 AM
Hello Rodolfo,
Refer the following link.
http://help.sap.com/saphelp_nw73/helpdata/en/4b/68587b8ec53260e10000000a42189b/frameset.htm
Thanks
Katrice
08-07-2013 6:54 PM
Hi
Is this requirement for a newly installed SAP system and just for DEV or required in an established SAP system (for DEV/QA/PRD) where the business needs to reduce critical/SoD conflicts/fulfil a SOX compliance requirement?
Kind regards
David
08-07-2013 8:16 PM
Hi Berry,
thank you so much for your answer. Yes this is a requirement for a newly installed SAP system, and also the business needs look to reduce SoD conflicts (not SOX).
Look forward for your thoughts,
Regards,
Rodolfo
08-07-2013 8:08 PM
I Would create different roles for the different systems (DEV/TEST and Production).
In some companies, the Development team only has display access in production and if really needed, they use a firefighter procedure to solve any problems in production. In dev/test they have broader roles with development authorizations.
Hope this helps!
08-07-2013 8:18 PM
Hello Meta,
thanks for your answer;
I've found this roles that can help;
SAP_BC_DWB_ABAPDEVELOPER ABAP Developer
SAP_BC_DWB_PROJECT_MANAGER Development Project Leader
SAP_BC_DWB_WBDISPLAY ABAP Developer: Display Authorization
maybe you have some others??
Regards,
R
08-07-2013 8:36 PM
The SAP_BC_DWB_WBDISPLAY is ABAP display only I think (pls correct me if I'm wrong) and this will give to little authorizations to display in production for them.
We used the display roles in production that we have created per module (FI, MM, et cetera). and assigned them to one composite display role.
The template roles can be a good start for the non production systems, but in our case they where to limited and they needed more authorizations, also for the functional modules. So we ended up creating a new developer composite role that was a combination of the basic ABAPdeveloper role with additional functional roles.
The result is that they have many authorizations in the non production system and additional compensenating controls where needed to minimize the risk. The good thing is that they don't need critical authorizations in the production system and we can monitor the usage of the firefighter use in the production system.