02-12-2008 2:56 PM
HI Experts,
I am new to Sap security and would like to know the important things to be cosidered while designing the role and what does the testing part include after creation of roles in dev system.
02-12-2008 3:25 PM
Hi Sandhya
Things you need to consider:
Who is using the role
What part of business process/es is the role being used for
What control requirements need to be covered by the role e.g. SoD's, doc type access, segregation of duties
Does it need a role menu
Are you going to design based on tasks or groups of activities
After you create the roles you need to positive test them to ensure all transactions execute as require
Negative testing needs to be performed to ensure that the restrictions you have put in place are working
02-12-2008 3:41 PM
Hi Alex,
Thanks for Quick response, can u please eloborate on the last point you have mentioned,
"Are you going to design based on tasks or groups of activities"... What are these tasks? and
After creation of roles and transporting them to Prod system, How to map the users to the roles( Mass user mapping) in the role based security and how mapping is done in position based security and which method is generally used?
Your answer is much appreciated.
Thanks
Sandhya
02-12-2008 3:58 PM
> "Are you going to design based on tasks or groups of activities"... What are these tasks? and
A task based approach is building a role based on small tasks such as process material (might have MM01 & MM02), manage FI doc (FB01, FB02)
An activity based approach could be something like AP Payment Processing where you combine all the transactions needed for AP Payment Processing (keeping in mind SoD's etc)
Task based is often easier to set up, but has a higher maintenance overhead usually.
Function or job based approach takes more effort (I estimate about 30% more) in design phase but can be reduced maintenance if you do it well
> After creation of roles and transporting them to Prod system, How to map the users to the roles( Mass user mapping) in the role based security and how mapping is done in position based security and which method is generally used?
You can use an eCATT (search this forum + web for tutorials) and SU10 to allocate roles to users. Your functional team and business should identify the users and roles which you need to set up.
02-12-2008 4:21 PM
02-12-2008 4:04 PM