03-27-2007 11:28 AM
Hi,
Currently too much is carried out via SAP_ALL, SAP_NEW on generic logons. This poses a serious risk to company and therefore restricted access roles for consultants must be created.
I need a list of t-code by module wise (ABAP, SD, MM, FI CO,....) to create a role for consultants
So could you please suggest me which T-codes come under ABAP, SD, MM, FI CO,.... modules.
Thanks in advance
Srinivasa Rao.
03-27-2007 12:20 PM
Hi srinivasa,
Please visit:
http://abap4.tripod.com/Transaction_Codes.html
http://www.erpgenie.com/sap/saptech/transactions.htm#tx
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
Message was edited by:
NAVABOTHU SANTOSH KUMAR
03-27-2007 2:19 PM
Hi Srinivasa,
From your query, it seems that you are in the process of SAP implementation.
SAP has a lot of predefined roles for various users, which we can use as per our requirement.
Alternatively, you have to create a list of users and the transactions to be assigned to each users. You have to control the access to various transactions based on your company policy.
Module-wise list of transactions is available at a lot of sites. But, still, you have to create a list of user groups and the transactions to be assigned to each group.
e.g. MM module has transactions for Purchasing, Material Receipt, Material Issue etc. In most of the organizations, these functions are handled by separate dept. Hence it is required to prepare such lists.
I hope that I have provided initial information to start your work.
-Nandu More
03-27-2007 2:20 PM
Hi Srinivasa,
One more thing, SAP_ALL and SAP_NEW are to be given only to the system administrators.
You can derive your own profiles from these profiles and control the access to various system administrators also.
-Nandu More
03-27-2007 3:20 PM
The trouble with only dividing up access by module is that it doesn't really remediate much of the risk (ie, the risks are similar in likelihood and impact to those of SAP_ALL).
I would suggest that you look at your Company's Internal Controls Framework (including SODs,and cross-environment controls etc) that governs the risks and controls for both the business process layer and the general computer controls layer. This will help you with the security control activities over risks, whilst enabling consultants to perform their work. SAP security breaches pose too much of a risk to the business for you to do anything less.
03-28-2007 11:33 PM
04-11-2007 7:15 PM
Hi! You can create roles for different modules, creating them by the option "From Menu".
Go to PFCG and create a new role, in the tab "Menu" you have a button named "From Menu" or something like that (I don't remember exactly the name). Click this button and a new window will appear with a tree. In this tree you have all the SAP modules. Check the module/s you want and click OK. Generate de profile.
Then, you will have all the necessary Tcodes and the authorizations for the module you checked.
I hope I have been clear in the explanation.