ABAP/4 & BASIS role in SRM
hi experts,
what is the role of ABAP/4's in SRM? n how much their involvement wth BASIS people in SRM.
could anyone pls resolve this question for getting good points.
bye bye
Regards
rakhi
Hi Rakhi,
I have done full end to end implementation in SRM5.5
SRM is 60% Technical.
ABAP Role:
If needed....adding new fields in different documents of SRM
IDOC extension
BADI enhancement
Resolving IDOC issues
BAPI related issues for document posted through SRM
User/Field exits
You need to know XML,HTML to resolve certain issues in SRM
Basis Role
RFC Destination / SICF configuration
ALE/IDOC setup
Roles and Authorisation
Lot of patches needs to be applied in SRM
We had lots of issues of basis, so expect issues if in implementation.
Thanks,
Anil Rajpal
Similar Messages
-
How to find SAP java realted roles for ABAP and Basis
Hi Gurus,
I am new in SAP Security First week, I got the assignment to find the SAP Roles and Trans for ABAP and Basis in all Systems like Ecc, BI, ......
I use SE16 ->AGR_TCODES then SAP* in Table Name it give me all SAP Roles and Trans.
Pls help me to get only SAP Java and Basis roles and Trans Seperately
ThanksHi,
Are you speaking about the standrad SAP roles? If yes, you can have a look at BC and ABAP roles. However, if your question is about the created roles, you should see the convention that was followed in your organization to identify the roles.
Rgds,
Raghu Boddu -
Protect sensitive HR tables from ABAPer and BASIS
Hello
We are trying to work out some security authorizations where in we can protect HR master data through direct access to HR tables through SE16 or SM30 for info type tables like PA0008 or PA0015 etc. I know that these tables have authorization group 'PA' and we can build a role using S_TABU_DIS using this autho group but we have about 30 such infotypes to be protected. If we build a role with S_TABU_DIS and Auth group='PA' we will land up protecting all the Infotypes. Other problem is that if we create a new auth group 'ZPA' for these 30 infotype tables, thats too much customization as we might have problems during future upgrades.
My question to the forum members is - What solutions were explored or implemented for such situations?
Thanks
SnehalDear Snehal,
Maintain all such sensitive infotypes in a Z table. Implement a proper BAdi/Enhacement that will be called whenver user accesses the transactions that you want to restrict and validate against that Z table. If the entry exists in Z table raise an error message saying 'You are not authorized' else display.
You would need to bypass this validation for users other than ABAPer or BASIS. For that you may need to maintain proper naming convention or some logic.
Please check this sample program from other thread to find BADI and enhancement for a given transaction code. You just need to create a custom program in your system by cut and paste below codes.
REPORT ZTEST.
TABLES: TSTC,
TADIR,
MODSAPT,
MODACT,
TRDIR,
TFDIR,
ENLFDIR,
SXS_ATTRT ,
TSTCT.
DATA: JTAB LIKE TADIR OCCURS 0 WITH HEADER LINE.
DATA: FIELD1(30).
DATA: V_DEVCLASS LIKE TADIR-DEVCLASS.
PARAMETERS: P_TCODE LIKE TSTC-TCODE,
P_PGMNA LIKE TSTC-PGMNA .
DATA: WA_TADIR TYPE TADIR.
START-OF-SELECTION.
IF NOT P_TCODE IS INITIAL.
SELECT SINGLE * FROM TSTC WHERE TCODE EQ P_TCODE.
ELSEIF NOT P_PGMNA IS INITIAL.
TSTC-PGMNA = P_PGMNA.
ENDIF.
IF SY-SUBRC EQ 0.
SELECT SINGLE * FROM TADIR
WHERE PGMID = 'R3TR'
AND OBJECT = 'PROG'
AND OBJ_NAME = TSTC-PGMNA.
MOVE : TADIR-DEVCLASS TO V_DEVCLASS.
IF SY-SUBRC NE 0.
SELECT SINGLE * FROM TRDIR
WHERE NAME = TSTC-PGMNA.
IF TRDIR-SUBC EQ 'F'.
SELECT SINGLE * FROM TFDIR
WHERE PNAME = TSTC-PGMNA.
SELECT SINGLE * FROM ENLFDIR
WHERE FUNCNAME = TFDIR-FUNCNAME.
SELECT SINGLE * FROM TADIR
WHERE PGMID = 'R3TR'
AND OBJECT = 'FUGR'
AND OBJ_NAME EQ ENLFDIR-AREA.
MOVE : TADIR-DEVCLASS TO V_DEVCLASS.
ENDIF.
ENDIF.
SELECT * FROM TADIR INTO TABLE JTAB
WHERE PGMID = 'R3TR'
AND OBJECT in ('SMOD', 'SXSD')
AND DEVCLASS = V_DEVCLASS.
SELECT SINGLE * FROM TSTCT
WHERE SPRSL EQ SY-LANGU
AND TCODE EQ P_TCODE.
FORMAT COLOR COL_POSITIVE INTENSIFIED OFF.
WRITE:/(19) 'Transaction Code - ',
20(20) P_TCODE,
45(50) TSTCT-TTEXT.
SKIP.
IF NOT JTAB[] IS INITIAL.
WRITE:/(105) SY-ULINE.
FORMAT COLOR COL_HEADING INTENSIFIED ON.
Sorting the internal Table
sort jtab by OBJECT.
data : wf_txt(60) type c,
wf_smod type i ,
wf_badi type i ,
wf_object2(30) type C.
clear : wf_smod, wf_badi , wf_object2.
Get the total SMOD.
LOOP AT JTAB into wa_tadir.
at first.
FORMAT COLOR COL_HEADING INTENSIFIED ON.
WRITE:/1 SY-VLINE,
2 'Enhancement/ Business Add-in',
41 SY-VLINE ,
42 'Description',
105 SY-VLINE.
WRITE:/(105) SY-ULINE.
endat.
clear wf_txt.
at new object.
if wa_tadir-object = 'SMOD'.
wf_object2 = 'Enhancement' .
elseif wa_tadir-object = 'SXSD'.
wf_object2 = ' Business Add-in'.
endif.
FORMAT COLOR COL_GROUP INTENSIFIED ON.
WRITE:/1 SY-VLINE,
2 wf_object2,
105 SY-VLINE.
endat.
case wa_tadir-object.
when 'SMOD'.
wf_smod = wf_smod + 1.
SELECT SINGLE MODTEXT into wf_txt
FROM MODSAPT
WHERE SPRSL = SY-LANGU
AND NAME = wa_tadir-OBJ_NAME.
FORMAT COLOR COL_NORMAL INTENSIFIED OFF.
when 'SXSD'.
For BADis
wf_badi = wf_badi + 1 .
select single TEXT into wf_txt
from SXS_ATTRT
where sprsl = sy-langu
and EXIT_NAME = wa_tadir-OBJ_NAME.
FORMAT COLOR COL_NORMAL INTENSIFIED ON.
endcase.
WRITE:/1 SY-VLINE,
2 wa_tadir-OBJ_NAME hotspot on,
41 SY-VLINE ,
42 wf_txt,
105 SY-VLINE.
AT END OF object.
write : /(105) sy-ULINE.
ENDAT.
ENDLOOP.
WRITE:/(105) SY-ULINE.
SKIP.
FORMAT COLOR COL_TOTAL INTENSIFIED ON.
WRITE:/ 'No.of Exits:' , wf_smod.
WRITE:/ 'No.of BADis:' , wf_badi.
ELSE.
FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
WRITE:/(105) 'No userexits or BADis exist'.
ENDIF.
ELSE.
FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
WRITE:/(105) 'Transaction does not exist'.
ENDIF.
AT LINE-SELECTION.
data : wf_object type tadir-object.
clear wf_object.
GET CURSOR FIELD FIELD1.
CHECK FIELD1(8) EQ 'WA_TADIR'.
read table jtab with key obj_name = sy-lisel+1(20).
move jtab-object to wf_object.
case wf_object.
when 'SMOD'.
SET PARAMETER ID 'MON' FIELD SY-LISEL+1(10).
CALL TRANSACTION 'SMOD' AND SKIP FIRST SCREEN.
when 'SXSD'.
SET PARAMETER ID 'EXN' FIELD SY-LISEL+1(20).
CALL TRANSACTION 'SE18' AND SKIP FIRST SCREEN.
ENDCASE.
Alternatively, you can do the following:
1. For what ever transaction u want the enhancement .. just check for the System-->status (menu) and find out the PROGRAM name....
2. Double click on to the program name and go inside the program (Abap editor)
3. Search for "Call Customer-function " ... and u'll get some search results .. If u get results then u have enhancement in that tcode .....
4. Then it actually calls a Function module .... copy the Function module name .... go to SE80 (object navigator) click on "Repository Information system" then Customer Enhancements .... Give the Function module name in the "Components" field and click Execute ....
ull get a list of Enhancements related to that Componene....
5. Choose which ever enhancement will suit ur business need ..
6. Go to CMOD... create a project .... assign ur enhancement ... and then code ur logic.... activate ur enhancement in CMOD ....... Ur Buisness need will be solved...
For a user exit......
Finding whether there is any User Exit or not for tcode VA42
1. For what ever transaction u want the user exit .. just check for the System-->status (menu) and find out the PROGRAM name.... ( The program name would be for our scenario "SAPMV45A" )
2. Double click on to the program name and go inside the program (Abap editor)
3. Search for the word "USEREXIT" .... u ll find all the user exits in the search result .. and find ur's then ...
Hope this will help.
Regards,
Naveen. -
Create a new role in SRM 7.0 and Portal
Dear All,
We are using SRM 7.0 with Portal. We created a maintenance table in SRM. This table must be maintained from time to time by the key users. But they want to maintain in from Portal, not from SRM.
When i was using SRM 4.0, it was simple, i was creating a new role from PFCG and assigning the table to the role. Then i was be able to see and maintain it from web. But it is not that simple now in Portal side. Because i created a new role and assigned the table to that role in SRM, but nothing happened in Portal side.
Can anyone advise me the steps ? How am i going to show and maintain this table in portal ?
Thanks in advance,
Best regards,Hi,can you share your solution with me. I have the same question but not smart as you.
Thanks in advance.
WuLin
SRM -
Provisioning of roles to ABAP system deletes role assignments in backend
Hi all,
following scenario:
user has role A in an ABAP system which is connected to IDM. Assignment of role A to the user is not in the identity store.
Now you assign role B via workflow to the user and IDM provisions this new assignment to the ABAP system.
What will happen is that the user will get role B but assignment of role A will be deleted.
This happens because in the job "SetABAPRole&ProfileForUser" the connector attribute "roles" will only consist the role assignments which are in the identity store. All assignments in the ABAP system which are not yet in the IDS will be overwritten.
This behaviour can be very critical. If you still allow role assignments directly in the backend system and you read these assignments e.g. once a day to the IDS - but in the meantime assignments have been done via workflow - you will lose data.
My customer wants to assign roles both directly in the system and also by workflow. Every night an ABAP update job runs which writes new assignments to the IDS.
Do you have any idea how I could solve this? Is there a way NOT to overwrite assignments with the ABAP connector field "roles"? I tried to use multivalue operator but this didn't do the trick.
I hope I was able to describe my problem properly and you have answers...
Best regards
Jörn KaplanNo, there is not a way to avoid that IdM replaces the role assignment in ABAP with the current assignments as know by IdM. IdM is the master!
This is not directly an issue of IdM: The standard BAPIs in ABAP (up to release 7.0) offer "replace all role assignments" but not "add role assignment" or "remove role role assignment".
However, there exist an exception: Role assignments in ABAP which are created indirectly by an HR-ORG assignment are not touched by IdM. (There role assignment are viewed in blue in transaction SU01.)
See http://help.sap.com/saphelp_nw70/helpdata/EN/50/e9683c5de8676fe10000000a114084/frameset.htm for details.
Kind regards
Frank Buchholz -
SAP Netweaver XI / PI with ABAP or Basis?
I have good knowledge in SAP Netweaver XI abd PI several versions, now i would like to upgrade myself , which would be best option? ABAP or BASIS? , i dont have any idea about both, please guide me....which would be a better career for me to go with....
1.Worked on XI 3.0, PI 7.0, PI 7.01, PI 7.02, PI 7.1, PI 7.11,PI 7.3 SAP Netweaver versions
2.Experienced in configuring System landscape directory,Enterprise service repository,integration directory,runtime work bench, Netweaver Administrator,message monitoring, component monitoring.
3.Worked on SDM GUI, SAP GUI,Visual Administrator,Config tool,Deploy tool,JSPM and telnet
4.Good in channel ,agreements and determination creation and integrating components
5.Worked with various transport protocols like HTTP,TCP,FTP,MLLP,MQ series and File.
6.Work with different Adapters
7.Worked in different OS like windows,unix,linux,hp-unix,solaris.
Dont have knowledge in following
1.Mapping
2.ABAP
3.BasisI would suggest to educate yourself with SAP BPM and BRM. These are one of the interesting areas in the integration related tasks of SAP and those will change the way how to work with SAP integrations in future. This is already reality with SAP PI 7.3 and 7.31. When you are familiar with BRM, BPM you can learn eSOA of SAP.
However if you must select either ABAP or Basis, It depends the solution where you want to focus. If you want to focus NetWeaver platform and specially solutions like SAP PI, MDM etc. then learn Basis. If you want to work with SAP ERP learn ABAP. -
Hi Experts,
Can anyone tell me the creation of roles in SRM.
Currently we have role called Z_EBP_OPERA_PURCH_10000
which means the spend limit of that role is 10000 euros. This way we have multiple roles for different spend limits.
Now I have to create a new role with spending limit of 30000 euros. In this case can I copy the existing role i.e from the above one and name it as Z_EBP_OPERA_PURCH_30000. will this is going to work?
Or additionally do I have to do anything other settings in the system so that the new role works for 30000.
2 .Also creation of any new role is Job of whom SRM Functional consultant or will it be a job of Security and Administartion team.
Because what I feel is SRM functional consultant can only assign the roles which are there available in the search list and new roles has to be created by a S&A am I rt?
Please suggest me on the above 2 queries
Regards
SairamHi Sai,
1. The creation of the role should work, but don't forget to change the spending limit in the role.
2. The depends on the internal functionning. this is different for every project. Your analyse is not wrong but you should ask this question to some project managers.
Regards,
Laurent.
(Oops i think i answered too late for this one...)
Edited by: laurent touillaud on Jul 24, 2008 4:57 PM -
Basis settings for SRM 5.0.
Hi all
Could you give me a link to documentation with Basis settings for SRM 5.0. ThanksHi,
You can find documents in the SAP Solution Manager if you have.
or
[http://service.sap.com/ibc-srm|http://service.sap.com/ibc-srm]
You can use SRM4.0 documentation.
Regards,
Masa -
Business Workflow - ABAP or Basis?
We just had un upgrade to ECC6 and we need to setup Business Workflow. Its very new to us. And we don't even know who really handles this. Is it the ABAP or Basis guys? What does ABAP do and what does the Basis people do with regards to Business workflow? Pls. enlighten. Thanks!
Hi As per my knowledge.. ABAP people will do development work after basic workflow configurations are in Place. It's basis people who has to take care of configurations.
-
Applying Support Pack in ABAP For Basis and ABAP components
Hi,
Can one please provide a document for appying support packs for ABAP and BASIS componets in SAP system.
Thanks
ArunHello Arun
http://www.sappoint.com/PHPWebUI/Documents/Applying%20Support%20Pack%20and%20Plug-ins.pdf
http://www.sap-img.com/basis/apply-support-packs-to-my-sap-system.htm
But, service.sap.com is always there, you must read Notes too for any procedure and strategy for applying support packs or infact to do anything in SAP.
thanks
Bhudev -
Security Issue: How to create a derived role from the Base role
Hi All,
Kindly let me know how can i create a derived role from the base role?
Please respond at the earliest.
Thanks in advance.
Ramesh.Go to PFCG and Create a role with desired Name.
In the Description Tab, on the Left Side there is a text box for "Derive From "
enter the Base role.
Now your newly created role is derived from the Base role.
Save the newly created role and again run PFCG, enter the Base role name and execute.Select Edit role. Go to Authorization tab.
Edit Authorization.
In the Menu Adjust Derived -> Generate and Adjust derive
This will Generate the derived role.
Now you may go and check the authorization in the derived role. -
What are the Roles and Responsibilities as a Basis Consultant in SRM
Hi Gurus,
I want to know what are the activity in SRM as a Basis Consultant. I know SRM installation,, but i have no idea how to monitor and configure SRM server ,, pls help me,,
regards,
BalaramHI balaram reddy
You can use the administration guide under the below link.....
service.sap.com/instguidesu2192 mySAP Business Suite Solutions u2192 mySAP SRM u2192 Using SAP SRM Server 5.5 u2192Solution Operations Guide: mySAP Supplier Relationship Management
Please find the links as requested. You will find lot of documents and so on here.
http://service.sap.com/srm
http://help.sap.com/saphelp_srm50/helpdata/en/0e/cede3b6bc8682be10000000a11402f/frameset.htm
Regards
Bandla -
Mapping SRM Portal roles with SRM backend roles
Using ABAP as UME when we create a user in SRM backend and assign backend roles, then corresponding portal roles should also get assigned to the
user so that portal roles are not to be assigned separately by portal admin.
Currently for the requirement I followed the following steps:
1. To SAPJSF user in SRM backend assigned roles SAP_BC_JSF_COMMUNICATIONand SAP_BC_JSF_COMMUNICATION_RO.
2. Created a RFC SPML of type 'G'.
3. Activated UME-SPML connection in SPRO.
4. Then in PFCG for the role personalization assigned PCD path of portalrole.
But I am not able to achieve the requirement through the aforesaid steps.
Please Guide.
Regards,
Gagandeep.If you are using ABAP persistency for UME your ABAP roles should appear in the UME as groups. Just assign the portal roles you need to your ABAP roles/groups. Thats it,
cheers -
How does a basis adimn support SRM procurement?
We newly installed SRM for our procurement.
Support is an on-going effort. However we do not know what is specific for basis people to support procurement?
Please share your experience. Thanks!SRM admin does many tasks for us.
user profile and roles authorisation control on every user in SRM
for development copying production systems datas
monitoring /scheduling srm jobs
monitoring srm queues
system performance monitoring like table space etc.
key creation for developers
opening the conncetion to sap if you create a oss messages
sm21 /st22 logs and take up to the correct department for escalations
He/She monitors and control whole syatemstakes care of transport request / sap note implemetations/ patch upgrade etc. cetc..
takes care of net work connectivity betwenn all our interfaces
br
muthu -
How would you create a read/display only applicaiton montior role for SRM
Hello,
I was hoping to get some insight on how to create a display/read only SRM Application monitor role. This role would be used by our Service Desk to perform basic trouble shooting before escalating. Currently in our system it is tied into a tab named SAP Administration and has the capability of doing more than read. How do you create a read version of this to only display the application monitoring in read mode? We currently have an SRP role that has the followiing auths below. Would a EPP portal role need to be created and if so how> Thank you for any assistance.
Manually BBP Component BBP
Manually SRM: General Access Authorizations in EBP BBP_FUNCT
Manually SRM: General Access Authorizations in EBP T-SD59003000
Function in SRM (for Authoriza MON_ALERTS BBP_FUNCT
- ToddHello,
I was hoping to get some insight on how to create a display/read only SRM Application monitor role. This role would be used by our Service Desk to perform basic trouble shooting before escalating. Currently in our system it is tied into a tab named SAP Administration and has the capability of doing more than read. How do you create a read version of this to only display the application monitoring in read mode? We currently have an SRP role that has the followiing auths below. Would a EPP portal role need to be created and if so how> Thank you for any assistance.
Manually BBP Component BBP
Manually SRM: General Access Authorizations in EBP BBP_FUNCT
Manually SRM: General Access Authorizations in EBP T-SD59003000
Function in SRM (for Authoriza MON_ALERTS BBP_FUNCT
- Todd
Maybe you are looking for
-
Sharing one library on external NAS drive for multiple users on one ibook
Hi there, We (my wife and I) have only the ibook. We would like to use only 1 iphoto library for all of our family photos. I have a network drive with a bigger capacity to store the library. I read the post by CaptSwing. It seem to easier if library
-
I just bought a new Mac and I want to transfer some data (not all) from my old Mac. Basically, I want to move my itunes library, iphoto library, and a few documents. I have not even turned on my new Mac yet. Is the best way by an external hard dri
-
What is X11, and why does it now appear when I launch a window in Terminal?
I just upgraded to Leopard from Tiger. I use Terminal to log-in via SSH to my website etc. What is this X11 thing that launches now every time I try to connect via SSH? I never saw this before in Tiger...
-
Hi, I've installed the trial version of LiveCycle ES Server & Workbench v8.0.1.1 SP 1b on a PC running Vista Business, 3Gb RAM, Core Duo Processor. Everything is running OK; except when I try to edit a Process in Workbench. If I double click on a Pro
-
When I use network preferences to connect wirelessly to my wifi home network and enter the correct password that works on my iPad and other computers, I keep getting the message that I entered an invalid password. I have checked my keychain and made