Hi,

I want to assign the roles to developers, functional consultants and endusers in a landscape. Can u plz tell me. What roles should be given to Technical consultants and what roles to Functional consultants. How to identify the roles which role is for which consultants. Plz tell me clearly. I am new to security. We are developing the new landscape and we want to restrict all the consultants from accessing other transaction codes. Technical consultants should be given their related transaction codes and they should not be allowed to acess other transaction codes. Similarly for functional consultants. But i want to know what transaction codes and roles should be assigned to all these technical and functional consultants. Can u plz help me out.

Regards

Karunakar Reddy

Karunakar

Jurjen has told you what you need to do & has included some very relevant questions.

I suggest that if you are not comfortable with this then you enlist the help of an experienced security consultant who will be able to undertake this action. No-one here is going to give you a list of tx which may or may not be relevant to your implementation.

1. Ask your project team what tx then need

2. Build the roles

3. Get them to test them

4. Fix the bugs

5. Repeat steps 3&4 until fixed

I guess what people are trying to say is that SAP security is not some simple pre-canned and defined thing that you can just say definitively that SD people get this, MM this, and HR this.

Every organization is completely different, their needs are different, and their risks are different. I'm afraid that you will need to refer to all of the other suggestions in this thread and work for there. Even if you start your development by using specific module chucks from the menu there are lots of hidden security, basis, development, and other transactions under even the functional modules that you will likely not want to give your functional team.