01-31-2008 11:00 AM
hello guru's
i am junior security guy. i am in starting stage of implementing security. please let me know the
Authorisation standards and policies for implementing. <removed_by_moderator>
authorizations
thanks
Ramesh
Edited by: Julius Bussche on Feb 2, 2008 1:29 PM
01-31-2008 11:37 AM
>
> please let me know the Authorisation standards and policies for implementing.
I'm afraid "the Authorisation standards and policies for implementing" do not exist. If they did just handing them over will not help your understanding of the matter.
Learning to implement authorizations needs a step by step approach. You're asking for ballet lessons while you're (just guessing here) in the process of learning to walk.
That's not going to help you.
Which of the SAP courses SAPTEC, ADM100, ADM940, ADM 950 or ADM960 have you already attended? If we know that we will know what your level of experience is and maybe be able to guide you towards your next step.
Jurjen
02-01-2008 8:49 AM
Also one should be aware that SAP security does not stand on its own!
There should be a company security policy and the SAP security policy should be based on that and can never contradict to the aforementioned. So when writing a SAP security policy one should know everything that is in the company security policy!
So start looking in your company for implementation polices of other software already implemented.
That is an other reason there is no standard policy that can be used everywhere!
Edited by: Auke Visser on Feb 1, 2008 9:50 AM
Edited by: Auke Visser on Feb 1, 2008 9:51 AM
02-01-2008 10:43 PM
Hi Ramesh,
Welcome to the world of SAP BASIS.Keep this in your mind if you are going to handle SAP roles and authorization project :-
Every company have different authorization policies there is no single document available for this but you may no need to that much worry because if you are Jr. basis consultant then you may not have to design the authorization policies and also
there should be one Sr. for each module who will tell you the required authorization objects or the set of transactions needed for the consultants under him.you just have to execute what they say.for this you need to run T-code - PFCG.
just study the concept of master role ,derived role.
just Ask if you have any doubt in roles and authorizations.
Best of Luck !
Regards,
Rohit
02-03-2008 8:18 AM
Sorry, one correction. Currently most companies have discovered that Authorisations should NOT be part of Basis, but a seperate entity that sits under finance as that is where the main rules come from!