Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Common Transactions for All Users

Former Member

‎04-21-2008 1:24 AM

0 Kudos

I'm following the three-tiered approach for creating roles - general access, general functional access and specific job access. Right now, I'm creating just the general access role .

What are the transactions that should be common to all employees? So far I have:

SBWP - SAP Business Workplace

SEARCH_SAP_MENU - Find in SAP Menu

SEARCH_USER_MENU - Find in User Menu

SMX - Display Own Jobs

SO04 - SAPoffice: Shared Folders

SP02 - Display Spool Requests

SSC0 - SAP Appointment Calendar (Employee)

SSC1 - SAP (own) Appointment Calendar

SU2 - Maintain Own User Parameters

SU3 - Maintain Users Own Data

SU53 - Evaluate Authorization Check

Are there anymore transactions that should be added into the general access role?

Thanks in advance!

Edited by: Litz Tee on Apr 21, 2008 2:59 AM

6 REPLIES 6

Former Member

‎04-21-2008 7:31 AM

0 Kudos

That list looks good, I would add SU56 in there out of preference & some will recommend SU01D (Though I am not a fan of having it in there)

Former Member

‎04-21-2008 7:40 AM

0 Kudos

hi,

based on SAP standard role SAP_BC_ENDUSER that normally assigned to enduser, you should add

SM36 (define jobs)

SM37 (display jobs)

SU56 (authorization in user buffer for logged-on user)

SESSION_MANAGER (start menu)

SU3 (maintain own profile)

rgds,

alfonsus guritno

Former Member
In response to Former Member

‎04-21-2008 1:22 PM

0 Kudos

I would not recommend adding tcodes SM36 and SM37 to the "common role". Depending upon what values you have for the associated auth objects, SM37 will have the ability to change and delete jobs. Also SM36 for creating jobs would also be an issue. External auditors would have significant issues with all end users having this kind of access.

Former Member
In response to Former Member

‎04-21-2008 1:48 PM

0 Kudos

I agree with JC - we can give reasonable control over SM36 & SM37, but their place is not in a basic user role in my opinion.

Former Member
In response to Former Member

‎04-22-2008 3:43 PM

0 Kudos

Depending on your implementation you also might want to reconsider SU2 - especially if you are using function authorisations in MM.

Or if you would be making use of PID's for HR purposes e.g. variants for reports, CATS etc.

Former Member
In response to Former Member

‎04-22-2008 6:49 PM

0 Kudos

SM37 is not recommended.

All the same you may want to include a Print Role

From a user maintence standpoint --> include SU56 too.

SU3 Is already present for every user as its created just go to SYSTEM>Utilites--> Own Data

Thx

Edited by: george G on Apr 22, 2008 7:49 PM

Edited by: george G on Apr 22, 2008 10:08 PM