Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization standards and policies

Former Member

‎01-31-2008 11:00 AM

0 Kudos

hello guru's

i am junior security guy. i am in starting stage of implementing security. please let me know the

Authorisation standards and policies for implementing. <removed_by_moderator>

authorizations

thanks

Ramesh

Edited by: Julius Bussche on Feb 2, 2008 1:29 PM

4 REPLIES 4

jurjen_heeck
Active Contributor

‎01-31-2008 11:37 AM

0 Kudos

>

> please let me know the Authorisation standards and policies for implementing.

I'm afraid "the Authorisation standards and policies for implementing" do not exist. If they did just handing them over will not help your understanding of the matter.

Learning to implement authorizations needs a step by step approach. You're asking for ballet lessons while you're (just guessing here) in the process of learning to walk.

That's not going to help you.

Which of the SAP courses SAPTEC, ADM100, ADM940, ADM 950 or ADM960 have you already attended? If we know that we will know what your level of experience is and maybe be able to guide you towards your next step.

Jurjen

Former Member
In response to jurjen_heeck

‎02-01-2008 8:49 AM

0 Kudos

Also one should be aware that SAP security does not stand on its own!

There should be a company security policy and the SAP security policy should be based on that and can never contradict to the aforementioned. So when writing a SAP security policy one should know everything that is in the company security policy!

So start looking in your company for implementation polices of other software already implemented.

That is an other reason there is no standard policy that can be used everywhere!

Edited by: Auke Visser on Feb 1, 2008 9:50 AM

Edited by: Auke Visser on Feb 1, 2008 9:51 AM

Former Member

‎02-01-2008 10:43 PM

0 Kudos

Hi Ramesh,

Welcome to the world of SAP BASIS.Keep this in your mind if you are going to handle SAP roles and authorization project :-

Every company have different authorization policies there is no single document available for this but you may no need to that much worry because if you are Jr. basis consultant then you may not have to design the authorization policies and also

there should be one Sr. for each module who will tell you the required authorization objects or the set of transactions needed for the consultants under him.you just have to execute what they say.for this you need to run T-code - PFCG.

just study the concept of master role ,derived role.

just Ask if you have any doubt in roles and authorizations.

Best of Luck !

Regards,

Rohit

Former Member
In response to Former Member

‎02-03-2008 8:18 AM

0 Kudos

Sorry, one correction. Currently most companies have discovered that Authorisations should NOT be part of Basis, but a seperate entity that sits under finance as that is where the main rules come from!