Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Roles creation by module wise

Former Member

‎03-27-2007 11:28 AM

0 Kudos

Hi,

Currently too much is carried out via SAP_ALL, SAP_NEW on generic logons. This poses a serious risk to company and therefore restricted access roles for consultants must be created.

I need a list of t-code by module wise (ABAP, SD, MM, FI CO,....) to create a role for consultants

So could you please suggest me which T-codes come under ABAP, SD, MM, FI CO,.... modules.

Thanks in advance

Srinivasa Rao.

6 REPLIES 6

Former Member

‎03-27-2007 12:20 PM

0 Kudos

Hi srinivasa,

Please visit:

http://abap4.tripod.com/Transaction_Codes.html

http://www.erpgenie.com/sap/saptech/transactions.htm#tx

Hope it helps.

Please award points if it is useful.

Thanks & Regards,

Santosh

Message was edited by:

NAVABOTHU SANTOSH KUMAR

Former Member

‎03-27-2007 2:19 PM

0 Kudos

Hi Srinivasa,

From your query, it seems that you are in the process of SAP implementation.

SAP has a lot of predefined roles for various users, which we can use as per our requirement.

Alternatively, you have to create a list of users and the transactions to be assigned to each users. You have to control the access to various transactions based on your company policy.

Module-wise list of transactions is available at a lot of sites. But, still, you have to create a list of user groups and the transactions to be assigned to each group.

e.g. MM module has transactions for Purchasing, Material Receipt, Material Issue etc. In most of the organizations, these functions are handled by separate dept. Hence it is required to prepare such lists.

I hope that I have provided initial information to start your work.

-Nandu More

Former Member

‎03-27-2007 2:20 PM

0 Kudos

Hi Srinivasa,

One more thing, SAP_ALL and SAP_NEW are to be given only to the system administrators.

You can derive your own profiles from these profiles and control the access to various system administrators also.

-Nandu More

Former Member

‎03-27-2007 3:20 PM

0 Kudos

The trouble with only dividing up access by module is that it doesn't really remediate much of the risk (ie, the risks are similar in likelihood and impact to those of SAP_ALL).

I would suggest that you look at your Company's Internal Controls Framework (including SODs,and cross-environment controls etc) that governs the risks and controls for both the business process layer and the general computer controls layer. This will help you with the security control activities over risks, whilst enabling consultants to perform their work. SAP security breaches pose too much of a risk to the business for you to do anything less.

Former Member

‎03-28-2007 11:33 PM

0 Kudos

hi ,

you could also see a list of them going to www.sapsecurityonline.com

guillermo_m
Active Participant

‎04-11-2007 7:15 PM

0 Kudos

Hi! You can create roles for different modules, creating them by the option "From Menu".

Go to PFCG and create a new role, in the tab "Menu" you have a button named "From Menu" or something like that (I don't remember exactly the name). Click this button and a new window will appear with a tree. In this tree you have all the SAP modules. Check the module/s you want and click OK. Generate de profile.

Then, you will have all the necessary Tcodes and the authorizations for the module you checked.

I hope I have been clear in the explanation.