Role designing in SAP

Hi Experts,
Please let me know who does role design in SAP? I mean who is responsible for role designing in an SAP implementation project? Whether he is BASIS or Functional consultant.
Eg. To create a SD role for the business how come basis or security consultant will know the authorization about SD tcode. As far as my knowledge goes Functional consultant will design his module's role and at last he will handover it to the BASIS or security consultant to create the role in the system using pfcg.
Please let me know your opinion.
Thanks,
Sudip.

Hi ,
You are right.
We will be getting the information from the Business side the list of Users who shall
a)Create only Sales Order,
b)Managers who can approve Credit Limit
c) Accountants who can Create Billing document etc.
All these informations which are collected for every module in scope of the
implemented business scenario will be handed over to the BASIS Team
who control them through appropriate authorisation.
Authorisation Profile are created and added to each End Users ID which will control their Authorizations.
Regards,
Ravi

Similar Messages

  • Who does Role Design in SAP

    Hi Experts,
    Please let me know who does role design in SAP? I mean who is responsible for role designing in an SAP implementation project? Whether he is BASIS or Functional consultant.
    Please let me know your valuable answer ASAP.
    Thanks,
    Sudip...

    Hi Sudip,
    Yes basis consultants are responsible to design roles according to the requirement or at the time of user create for the first time.The basis team designed a role according to different modules of SAP like PP,MM,PS etc.Again Basis consultant create new roles according to the requirement of the user.
    But at times functional consultants are also able to give or design a role according to requirement.
    So,first time when user crated it was the basis consultant who design the role and later when it requires, it was functional or basis guys are able to design the role.

  • Need Role Design for Oil and Gas industry

    Hi All,
    i have a requirement of designing roles for Oil and Gas industry. Could any one share some material/link or overview on the same.
    if not all, Role Design on UOM is also fine
    regards
    Plaban

    Hi Mythily,
    If you already know something about explortion of oil, then you will find PRA (production and revenue acconting) interesting. This module deals with exploration of oil and gas and then distributing the revenue to owners.
    You can find detailed information in help.sap.com. Follow the link given below for PRA help:
    http://help.sap.com/saphelp_oil46csp2/helpdata/en/ec/9d2c3adcc8431be10000000a114084/frameset.htm
    Reading some of the material will give you more clarity whether you like it or not.
    And it is perfectly fine to have ABAP knowledge, that will help in going deep into Oil and gas.
    Rgds,
    Abhishek

  • 'Change your password' error when log to designer using SAP Authentication

    Hi All,
    Here is the scenario. I want to create a universe on BW.
    1. I try to log into designer using SAP authentication (by choosing SAP as the authentication option)
    2. In the system name its the name of the CMS
    3. The username and password that I entered were for my SAP system. (Yes, my SAP role is already present in CMC)
    4. After I entered, I got a message saying ' You must change your password to continue. If you do not change your password, your account might get disabled'.
    5. I am prompted with dialogue box to change my password.
    6. After I enter a new password (fairly complicated), it gives an error Failed to change password/ Details : [repo_proxy 15]. Sessionfacade:: changePassword - User password has not been updated (Incorrect password).
    I know that's not the case because I am able to log into SAP GUI and into CMC using my SAP credentials.
    Any advice please ? Why is this happening in designer ?

    Hi,
    Your issue may be fixed in FP1.8 with the following reference:
    ADAPT01229385
    Description:
    +If an Enterprise alias is created for a SAP user accounts in the Central Management Console (CMC), and set to change their+
    +passwords at the next log on, the SAP users may be unable to log on to applications with their SAP credentials.+
    +This problem happens even after the Enterprise alias is removed from the SAP user accounts in the CMC.+
    I hope this helps.
    regards,
    Henry

  • Business Process Role Design

    Hi all,
      I am infant in SAP world. I am looking for best practices or templates in order to define and document business process roles. Our strategy is to create roles by function. Look at the company organization chart and the various functions and accordingly roles. I am in charge of doing the functional documentation. I wanted to know if anyone has experience in document business function role design or a template that they can share.
    I would appreciate any help in this area. Thanks.
    Regards,
    Sara

    A.General
    1.
    Expression of one's responsibility would not dwell merely on actions but end results!
    2
    Responsibilities may be Technical,Administrative,Functional,Managerial,Financial and so on.
    It is better to classify for better understanding and to assign priority.
    3
    The document describing the Role would serve for reference, for training, for evaluation of performance and many more.
    B.Carrying out the task
    Having realized the significance of designing the Role some of points to be kept in view are as follows:
    1
    A template may contain the following heads:
    - Role title/Designation/Position name
    - Summary of responsibilities
    - Equipment/Budget level/People/Places for which responsible
    - Activities in the Role
    - Out put of the Role's function
    - Internal/external customers
    2
    To design business process roles, one must know the processes in greater detail collected by reading, visiting,discussing, interviewing concerned people.
    3
    Details may be collected by asking simple questions and eliciting simple answers. The answers may relate to Planning, Doing, Checking.
    High order terms must be avoided at this stage.
    4
    When the out come of one level activities is described in higher level abstraction, it becomes the responsibility of the higher level.This way, role description in one level after another is built up.
    5
    The out put of one Role must be input for another role.One must be conscious of this while describing a role.This is helpful to the business.
    Sam Anbazhagan
    Edited by: Anbazhagan Sam Venkatesan on Sep 8, 2008 4:11 PM
    Edited by: Anbazhagan Sam Venkatesan on Sep 9, 2008 4:37 PM

  • SRM role design

    Hi All,
    I have few queries regarding SRM role Design.
    - I do not find WebDynpro applications for certain requirement, like Create Contract. How do i add this requirement? FYI,  SAP standard role uses Floor Plan Manager '/SAPSRM/WDA_L_FPM_OIF' and has named it Contract Details. Is this correct?
    - There are no Authorization objects which come automatically on adding a WebDynPro application. Do I need to configure SU24 for each WebDynPro? I do not think it is to be done, since in SAP standard role, auth. objects have been added manually.
    - How is a Business role on EP linked with its corresponding SRM role?
    - Do i need to use BSP applications also?
    - i have requirement to create SRM MDM role and SRM role. So, is SRM MDM role also to be created on SRM server?
    Regards

    Which transaction(s) are the user ID´s designed to use for this?
    Can it be assumed that the "billing" is resulting from the "dispatching" (Warenausgang) or a milestone of some project?
    Where is the user and the role?
    Sorry I dont understand the question. Perhaps you should first ask functional questions about this in the Sales and Distribution type of forums to get a real technical feasability answer, then attempt an authorization (role) to enable it.

  • Role Design Startegy

    Hi All,
    Any insights are greatly appreciated
    I am  strong believer that SAP Security role design startegy should be simple and  easy to manage with single roles rather than having composites. At current cleint, I tried to sell this idea and tried to avoid composite role design because of problems I have seen after go-live (SODs, maintainence issues, problem analysis effort)
    For some inexplicable reasons, I did not succeed completely now we are building roles with 3 tiers, 1 tier being common access role- single, second being display -single and 3 tier is composite role for each job function , having a combination of different task-based process roles . This is n+1 implementation with global roll out followed by individual markets. There will another tier of roles developed on need basis during blueprint of different market roll-outs
    Can anyone give me inputs if this kind of composite approach combined with 3-tier have been used and what will be potential nightmares after go-live
    Thanks in Advance

    I would suggest that it will depend quite a bit upon the business requirements, but a lot more on how many staff there are; potentially on how many roles would end up being created.
    However, when I set-up our roles, I used only single roles (no composite) and that has worked well (150+ users at the moment, more to be added later, possibly up to 450) There is an arguement for saying that we could easily switch to composite roles now, but we still get quite a bit of role movement and keeping them as single roles has proven to be better. Perhaps in a few years if it settles down we may then look at it again.
    Our roles are based upon job function, but in some cases, we have a "clerk", "supervisor", & "manager" role. The user in the supervisor function would have both "clerk" and "supervisor" role, but not manager. We also have some generic roles e.g. "purchase requisition" which are used by a larger number of people. This allows the specific items to be managed in one role rather than in say 8 or 10 roles.
    Each role can then have different t-codes or authorisations; as they are cumulative, that gives the required access to do the job. It's also fairly easy to test that the role is working as we want it to do.
    It took a while to get it right, but now it seems to be working really well for us. Moving people between job functions is really straight forward and easy to do. It's also very easy to add new users and will prove to be very easy as the new staff get added over the next few years.
    I would suggest that the old axiom is true; the more work you do at the beginning, the less you will have to do afterwards.
    Regards
    Tony

  • Job role design - transaction role and auth object role

    Hi all, please kindly comment following job role design:
    (1) transaction role:
    Keep transactions in single job role to represent business processes in different application areas, e.g.MM: maintain PR, PO, OA.   CO: maintain cost center, internal order   HR: maintain org structure, personnel management.
    The single job role will only keep role menu, object S_TCODE and inactivated all other application related authorization objects.
    (2) authorization role
    Keep application component related authorzation objects except S_TCODE in single job role by different application area, e.g. Objects of MM_B, MM_E, MM_G in MM role. Objects of K_CCA, K_CSKS_SET in CO role.  Objects of HR in HR role.
    Then maintain org level of MM, CO, HR roles for different companies, e.g. Company A MM role, company A CO role, company A HR role, company B MM role.;....
    User will be assigned transaction role + auth object role.   For example, user of company A to perform MM and CO functions will be assigned
    with MM transaction role + company A MM role + company A CO role.
    Please let me know the pros and cons of above design.  Thanks.
    Regards,
    Donald
    * I can see the disadvantage of this design is during SAP upgrade (SU25), revised of authorization object will not reflect in authorization role

    Brent Van Dyck wrote:
    Keep in mind the project was for an HCM implementation where there's already hardly any connection between tcodes and authorization values so it may have made more sense in that context than it would in a classic SD/MM.
    That is correct - but it still exceeds "horrible" beyond imaginable boundaries if you try to split the fields of the objects into different roles and expect it to work or that there will be less roles.
    In the case of HCM and also BW the auths admin needs to know more about the data and organization than what classic ERP auths admins can get away with. That is why they take longer to migrate away from manual profiles and have a greater tendency to have manual authorizations inserted into roles - which could however also be achieved by maintaining fields proposed without values and at least proposing those (such as activity type fields) which are known.
    But splitting cube / characteristics / key figures  or infotype / personel group / auth code into different roles can only go wrong.
    Another mistake some "value role experts" sometimes make is that they don't want Su24 proposals in PFCG because they don't understand them. So what they do is that they clean out the SU24 tables completely... Well... the side affect of that is that all SU24 check indicators flagged as "no check" suddenly become alive in their system although there are mostly good reasons not to have the checks active.
    Cheers,
    Julius

  • How to call rfc fuction module designed in sap from netweaver

    Hi all.
          Can any one pls let me know how to call the trfc,arfc function modules designed in sap from netweaver system.
    Is the method of calling trfc , arfc fuction modules from non sap system same?
    If not let me know how to call trffc & arfc function modules from non  sap systems.Thanks in advance.
    Kind Regards,
    sami.

    Hi
    Use
    in background task
    and
    destination
    additions when you call tRFC function modules from
    SAP system to SAP system.

  • How does my role as a SAP SECURITY ADMIN dfiffre frm upgrade n implementati

    hi Gurus ,
    i am new to this Security i just want to know how does my role as a security admin differ ..in a implementation project and in a upgrade project ........pls answer this ..............n can i get any doc abt the tables n the objects .............related to security .......................  any links or docs u can mail me at [email protected]
    thank you

    A few inputs from my end....
    Implementation --> starting from role naming conventions to role design,sod conflicts, master child relations and documentation.
    Upgrade --> If from 4.0 versions to higher versions then its something similar where we convert profiles to Roles and then redesign them to SOD conflicts..
    But in case of higher upgrades then the java component access and the segregation of duties for these components as well have to be considered...
    Hope it helps...
    Vbr,
    Sri
    Award points for helpful answers

  • Performance and configuration Adobe LiveCyce Designer for SAP

    Hi there,
    I have a question for LiveCycle Designer for SAP. If the SAP system, a very large amount of data to the LiveCycle Designer is passed (eg data from over 1000 pages about 40,000 lines) then it comes to the following exception: com.adobe.ProcessingException: com.adobe.ads.exception.TransientException: A problem was encountered with the results: render Result array is null .; [Error Log file "2014.11.14.145246SAFPFILE1.pdf" written to F: \ usr \ sap \ R44 \ SYS \ global \\ Adobe Document
    For smaller amounts of data from SAP, it goes without problems.
    Does anyone know the settings in SAP or by Adobe LiveCyle designer?
    Is there such a thing as a limitation of number of rows? Or is there a limit on the size of the transferred data from SAP?
    What would be a possible solution?

    Did you raise this SAP via an OSS message?
    Chintan

  • Role design: use of billing block

    Role design: use of billing block
    Billing block should be applied automatically after the net total hit a certain $ value.
    For example, any credit memo request above $1,000 would automatically get a billing block. 
    User ID #12345 can release a billing block up to $1,000.
    User ID #67890 can release a billing block up to $10,000.

    Which transaction(s) are the user ID´s designed to use for this?
    Can it be assumed that the "billing" is resulting from the "dispatching" (Warenausgang) or a milestone of some project?
    Where is the user and the role?
    Sorry I dont understand the question. Perhaps you should first ask functional questions about this in the Sales and Distribution type of forums to get a real technical feasability answer, then attempt an authorization (role) to enable it.

  • What are the roles & responsibilities of SAP MDG Functional Consultant?

    Dear experts,
    Please explain What are the roles & responsibilities of SAP MDG Functional Consultant?
    Regards
    Adhi,

    Hello Adhi
    There is no limit to explore in MDG. As a functional consultant you are responsible for -
    1. Defining scope of MDG
    2. Set up governance process - Workflow
    3. Configuration - MDG (Activate services - functions / role set up / Data modelling / process modelling / replication set up ) - You have to involve in each of these activities with technical. You can also do it on your own.
    4. Testing - end to end testing and training
    5. Cut over activities - data load etc
    In these areas, you have to contribute 100% and work with entire team (tech) for set up.
    As mention, you can explore a lot in MDG.
    Kiran

  • Feedback thread for "How To Design a SAP NetWeaver - Based System Landscape

    I have just published a RIG How To Guide called [How To Design a SAP NetWeaver - Based System Landscape|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/50a9952d-15cc-2a10-84a9-fd9184f35366].  You can read my [blog |http://www.sdn.sap.com/?blog=/cs/weblog/view/wlg/8877]on it.  This thread is collect feedback and discussion on the Guide.

    Hi Matt!
    This is definitely interesting reading and a lot of projects I've been in could have benefitted from it had it been carefully read beforehand by some of the involved parties.
    What I like especially is the fact that this is not only for technical consultants (who should know about most of these things anyway) but for the people closer to the business who need to find agreements with the technical guys.
    Good job...
    Jörg
    Some comments to what I read:
    I noticed that you use the term 'server virtualization' (section 3.3.1) quite generally. Maybe it would be worth introducing the term 'server consolidation' (which you use later in the document)  already in this early chapter. My experience shows that (especially recently) a lot of customers are interested in 'virtual servers' (meaning a virtual server with an OS installed separately), not really knowing what they're talking about and often better advised to use 'server consolidation' (one OS, many SIDs). These two concepts are similar in terms of sharing hardware resources, but quite different in terms of the implications toward administration.
    In section 4.2.1.3 you mention (in brackets) the Usage type to which the client belongs for the Business Explorer  and the J2SE Adapter Engine if I understood that correctly. There is no UT mentioned for the other clients and there is no explanation on what the bits in brackets are supposed to mean. (I first expected the 'BeX' abbreviation when I saw something in brackets...)

  • Automatic Role transfer to SAP

    Hi all,
    is it possible to automate the "Portal Role Transfer to SAP" functionality within the portal?
    Cheers
    Marcel

    Hi Marcel,
    did you fixed the automatic upload issue? If yes - how?
    because I'm in the same situation right now ...
    Thanks a lot in advance.
    Best regards
    Michael

Maybe you are looking for