Need Documents on New Role Creation in SAP

Hi All,
i am new to SAP Security and i would like to grow in this field,
Can any one send me the links for the documents on creation of new roles, objects, Authorizations, transactions etc.
Thanking you in Advance,
Savitha.

Hi,
I guess you should look on Google for ADM940 and ADM950,
Its a very detailed book for what ou want.
Indeed to help you out, Its a very very simple task. But when you read this book keep in mind that there are 3 kinds of roles, Single roles, Derived roles and composite roles.
Just to give you a heads up :
Single role :  Role which has Authorization and data is restricted via company code and filed level values
Derived role : these are derived from Single roles or you can say master role. Difference between single role and derived role is that you can derive say 10 roles from single role however company code can be manage in derived roles.
So generally how it works is one create a master role which has all the required authorization. Now you don't want people in australia sould approve orders for Texas, US.
Now there are hundred of companies department accross the glob. you don't want to end up creating hundreds of roles. so you create one master role and then you create derive role from that master role which is most of the time master role replica (keep in mind most of the time but not always so you have to be very carefull) now in derived role all you have to maintain is company codes.
all the authorizations for all the objects and fields come from master role.
I hope i am making sense.
Composite role : its a collection of single and derived roles. Keep in mind you can not put composite role into composite role.
That was just a heads up you need to read ADM940 and ADM950.

Similar Messages

  • Request Number is not generated for BRM "new" role creation

    Hello Gurus,
    I have configured BRM in SAP GRC AC 10, along with the workflow .
    I have selected the following methodology
    Define Role --> Maintain Auth >Analyze & Access Risk>Request Approval>Generate Roles>Maintain Test Cases
    Role name : Y_TEST_BRM_FUNCTIONALITY
    So i do the following steps and assign
    1) Role approver as Mr. ABC & Alternate approver as Mr. QRS
    2) Assign the Required transactions and do the RAR i.e i am done till step 3 of methodology
    When i click "Initiate Approval request"
    The approval triggers , and goes to the 1st stage as configured in MSMP
    1) Power User Approval .
    Here the Power User : EFG , open his workflow and see the request as
    Role approval required for role Y_TEST_BRM_FUNCTIONALITY
    The approver approves the request and then the request all together vanishes.
    Unfortunately i am not able to search the request for that role from NWBC -->Search request by
    Process Id : Role Approver Workflow
    It gives blank !!
    Hence neither i am able to find the request no able to do any debugging of it using
    GRFNMW_DBGMONITOR_WD
    Please note that the Request Id is created for any request in CUP.
    Is it that i have to create a number range for BRM request ??
    If so will you please let me know the object

    Hello All,
    I was wrong in posting the cause of problem.
    Please note no "Request number" is generated for Role creation Request.
    The problem was i was unable to search the Role Request approval status from "Search Request" via  Process Id
    It got resolved via SAP note 1643539 : UAM: Search Request not returning result for some Process Id.
    My Issues is Resolved.
    Thank You.
    Regards,
    Victor

  • New role creation for display

    Hi,
    We want to create a role such that the users can see only the pricing but not the costing, for sales quotations and orders, for a particular distribution channel?
    Regards,
    Ajit

    Hi Ajit,
    If you wish to create a new Role, Use T. Code: PFCG.
    Once created assign the same role in to User's Profile Via T. Code: SU01.
    Here itself, in Authorization you may add T. Codes (for Display) and also define/ restrict User's view/ access to Sales Area data (i.e. Distribution Channel).
    Better to take help from Basis-Administrator as its purely Basis-job.
    Best Regards,
    Amit.

  • New Role creation

    Hi All,
       I created new Role and assigned users to that role . I added HTML page to the particular role and when I go click that link it is saying that java authentication problem. I am unable to see the applets what ever I created for the web page. Is there any thing to add in xMII for the particular role and if add the same HTML page to the Everyone role its working fine.
    Thanks
    Muvva

    Hi Muvva ..
    May be you can try the following ...
    instead of providing the direct html, you can provide the user with the logon credentials which redirect the page to the desired html page, as follows...
    http://Server:50000/logon/logonServlet?redirectURL=XMII/....../YourPage.html
    Regards,
    Ajay.

  • Need Information regarding Service Call creation in SAP R/3

    Hello,
      I need the Transaction code or BAPI to create a service call in sap. Please provide the database table name for the service calls.
    We want to develop  service call management in our server.So please send me the Business data model for service call management in SAP.(All related objects to the service call and their data models.)
    Regards,
    Kiran.

    Hi
    Invoice list is basically SD configuration.
    <b>Invoice List</b>
    <b>Purpose</b>
    The invoice list lets you create, at specified time intervals or on specific dates, a list of billing documents (invoices, credit and debit memos) to send to a particular payer.
    The billing documents in the invoice list can be single or collective documents (collective invoices combine items from more than one delivery).
    The standard version of the SAP R/3 System includes two types of invoice lists:
    1.for invoices and debit memos
    2.for credit memos
    If you wish, you can process invoices, debit memos, and credit memos at the same time. The system automatically creates a separate invoice list for credit memos.
    A payer may be the head office of a buying group, which pays all the invoices for goods that are shipped to individual members. The group payer takes responsibility for paying the invoice lists and then collecting payment from the individual members. In return for these services, the group payer usually earns a factoring or del credere discount.
    Depending on the tax structure of the payer's country, the payer may be liable to pay taxes on factoring discounts that he earns. In Germany, for example, factoring discounts are taxed at the standard rate of 15%. During invoice list processing, you can reimburse the payer in advance for this tax liability by creating special condition records
    Regards
    Ramakrishna

  • New page creation in sap scripts

    Hai
    some one can give me the path for creation of  new page in sap script(forms).
    pl giove me the complete path
    thank u in advance

    hi
    Goto SAPSCRIPT transaction code se71.
    open your sap script.
    goto pages button
    right click
    create element
    a new page element gets created
    fill in required details of this new page like page name next page
    next page is the page that comes after the current page
    if you have no next page - give the current page name in next page.
    you can further create windows in this page and continue
    Regards,
    Richa

  • GRC AC Request Role Creation

    Hello all,
    I noticed that by default GRC AC doesn´t have a Request Type for Role Creation. Normally how this is done? I mean, if someone realizes that a new role is necessary, how can this person report the need for a new role creation? What are my option here?
    Regards,
    SAP Legend

    Hi SAP Legend,
    You can not request a new role to be created via an Access Request workflow. You still need a business governance strategy where someone has to raise a request outside of the GRC system for the new roles through the right channels deemed fit in your company to get the new role made. Maybe you have a support ticketing system in place or some SAP security department you can raise the formal requests to.
    The BRM Role creation/maintenance workflow runs separately from the Access Request workflow. Further more, the definition and creation process of roles via GRC should only involve and be used by Business Process Owners/Role Owners and the Authorisation security team only, i.e. not general end users.
    A role build methodology will have to be set up and then the underlying approval workflows (based in MSMP technology also, like the AR workflow).
    Once the role has been built (either via back end PFCG) or via GRC using the BRM methodology and approval flows, the role will be available to the end user to request via AR.
    Hope that helps.

  • Variant Creation in SAP BI To be used information broadcasting

    Dear Friends,
                            I want to create a VARIANT in SAP BI 7.0 Which is to be used in information broadcasting. I found One Document Named as "Variant Creation In SAP BI to be used in Information Broadcasting.pdf",in SDN Forums. I Couldn't able to Understand the Given Steps in it.
      Could any one of You Please send me the Procedure how to create a Variant.I should also see the "Determine from Variants" button in Work book precalculation Tab,which i am not able to see it currently under "Workbook Precalculation".
    Waiting for ur reply.
    Thanks in advance
    Regards
    Singam Bhaskar Reddy

    Hi,
    Even I have gone through the SDN document. It is clearly explained step by step. If you follow the same document thoroughly you will be able to see Determine From Variants radio button properly.
    Try to understand the document.....you will get the solution.
    Regards,
    Suman

  • SAP AC 10 : ERM working fails (Unable to add Actions,permission)to new role

    Hello Gurus,
    We have done configuration for Role creation via ERM in SAP GRC AC 10.
    The configuration is done via BRF+ and MSMP ,when we try to create a new role via
    NWBC > ACCESS MANAGEMENT>Role Management -->Role Maintenance.
    We see that the correct "methodology" is selected which contains following steps
    Define Role --> Maintain Authorization -->Risk Analysis -->Request Approval -->generation.
    We go past 1st stage and when we are at Maintaining authorizations , the "edit" option is disabled
    It is not possible to add any Action (Tx), Permission(Objects) to the role.
    Is there something else that we need to configure or something that is missing ??
    Please suggest.
    Regards,
    Victor

    Hello All,
    This issue was resolved , after i maintained a User as "Role content approver" and "Assignment Approver"  Under "Owners/Approver" Of define role Tab.
    Whole cycle ran w/o any problem.
    Regards,
    Victor

  • Creation of a new Role in Content 10.0.1

    Hi everyone,
    I would like to create a new standard role in my domain.
    To do this I noticed the SecurityManager and its method createRole. I tried to create a new role with it using the default domain as target. I always get the error ORACLE.FDK.AccessDenied even if I use user orcladmin.
    If I use a library as target I get error ORACLE.FDK.UnexpectedError:ORACLE.FDK.ServerError…
    Moreover in the javadoc I did not notice any attribute that associate permissions to a newly create role.
    Could anyone have an idea on these points?
    Thanks for any help.
    Emmanuel

    Hi,
    1) Is the CUST_BI database user in the right place ?Yes, though you should add the language code to the user name, e.g. CUST_BI_US. This will be the EUL owner, the schema that holds all the EUL tables. The temporary tablespace you specify in the create_eul command is only used when you connect as the EUL owner, so is not important.
    When you connect as an apps user the connection will be made using the APPS database user, and therefore the temporary tablespace used (and location of MVs) will be the temporary and default tablespaces associated with the APPS user. You can change the temporary tablespace just for the Discoverer users by issuing a ALTER SESSION SET CURRENT_SCHEMA command in a PL/SQL procedure called during the initialisation of the Discoverer sessions.
    2) As you can see, I need to separate the BI administration from EBS administration... and DISCOADMIN is a new Apps user... any checklist/recommendation for this new Apps. user? The disco administration user can be any apps user who has EUL administration privileges in the EUL. This user should then be used to create all business areas, etc.
    Rod West

  • Creation of New Company in existing SAP system

    What are the major issues involved in a Business running SAP taking over a new non-SAP company and trying to merge the new enterprise into its existing system? Are there any case studies of this type of acquisition/merger available and also step by step config? I want to use the same company code for the new Company.

    Hi,
    You need to go for a rollout to meet your requirements.
    The configuration comes after the preparatio of blue prints, you may need to restructure the business process in the Non-SAP company.
    Then you need to structure the data of Non-SAP company in accordance with that of the existing data in SAP. Like Business Area or Profit Center or Cost Center etc.
    Thnaks
    VK

  • Creation of new roles in OES using BLM API

    I'm currently using policymgtapi examples for creating new roles. Its gets created but doesn't visible in OES Entitlement application console even though the entry is present in OES DB. But if you create a new User, its available immediately in OES Entitlement application. Pls let me know why Role is not available in Entitlement application after creating using policymgtapi. Thanks

    Is there any org scope to the role?
    There's some conversion process that happens when you load roles via policyloader, I suspect you would need to do the same with Policy Mgt API. There are some groups you need to add to have it show up in the EUI.

  • Creation of new company in existing SAP

    What are the major issues involved in a Business running SAP taking over a new non-SAP company and trying to merge the new enterprise into its existing system? Are there any case studies of this type of acquisition/merger available and also step by step config?

    Hi,
    You need to go for a rollout to meet your requirements.
    The configuration comes after the preparatio of blue prints, you may need to restructure the business process in the Non-SAP company.
    Then you need to structure the data of Non-SAP company in accordance with that of the existing data in SAP. Like Business Area or Profit Center or Cost Center etc.
    Thnaks
    VK

  • Sending an email after creation of new role

    Whenever new role is created in Transaction PFCG I need to email to all the users.
    There is no User-Exit in PFCG and we can't create any new Program for this.
    So how it will be done?
    If anyone worked on it please reply to this as soon as possible.

    hi Zahid Khan,
    as said i tried the same.
    i have created a button "send" action :submit.
    and also have created a process"send mail" with the folloing code
    DECLARE
    l_body CLOB;
    BEGIN
    l_body := 'Thank you for your interest in the APEX_MAIL package.'||utl_tcp.crlf||utl_tcp.crlf;
    l_body := l_body ||' Sincerely,'||utl_tcp.crlf;
    l_body := l_body ||' The APEX Dev Team'||utl_tcp.crlf;
    apex_mail.send(
    p_to => '[email protected]',
    p_from => '[email protected]',
    p_body => l_body,
    p_subj => 'APEX_MAIL Package - Plain Text message');
    APEX_MAIL.push_queue;
    END;
    and , Process Success Message as "done" and When Button Pressed (Process After Submit When this Button is Pressed): "SEND" WITH Process Point : "ON SUBMIT AFTER COMPUTATIONS AND VALIDATION"
    The process is running.., getting the """success message""" but unable to""" get the mail""".(tried different combinations of mail ids)
    any help !!!

  • New company code creation in sap

    Dear Experts
    I want to configure new company code in sap. can anybody share the templates for data collection, which are required during company code creation and configuration steps to be followed for the same.
    Thanks
    Venugopal

    Hi Venugopal,
    For all configuration questions please use help.sap.com
    Thanks.
    Sebastian

Maybe you are looking for

  • Error During Deploying BPM.

    Dear Experts, I have created a BPM process, and while trying to deploy I am facing the following error: (Part of summary Log after failed BPM deploy Process:) ============= Adapter com.sap.glx.adapter.internal.Transformer has refused deploy unit 1977

  • Restartable message in synchronous scenario

    Hi experts, I have a <b>synchronous</b> HTTP-XI-RFC scenario. Since this is a synchronous process, no queue will be kept and the message can't be restarted. So I clearly know that if in any case XI is down, sender system will received either a runtim

  • JPA Error using UPPER

    Hello, we are currently migrating from WebLogic 10 with Hibernate to WebLogic11 (10.3.6) with TopLink. The following Statement runs fine with Hibernate, but with TopLink i cant get it to work. Statement: SELECT t FROM Tan t WHERE UPPER(t.surname) = U

  • How to change Port 1521 to 1526 on EBS 11.5.10.2

    Hi, I am using EBS 11.5.10.2 and 9i Database. ( Single Node ) , on Linux platform I want to change port form Port 1521 to 1526 on the Server Can some please guide me how to do this. Thanks,

  • RTF Support in RTFEditor/JEditorPane

    Hi Whilst using the RTFEditor to display an RTF file in JEditorPane, I'm find some stuff that doesn't get displayed. * Simple tables. These just show the text as if they were words typed next to each other. * Hyperlinks. These do not show up at all e