Role Matrix in FI

Similar Messages

• Role Matrix of SD

  What Role matrixs are provided in SD fot end user?
  Answers will be awarded.
  Regards,
  Rajesh Banka

  Hi Rajesh,
  The following are the role matrix for SD end users:
  SD - Roles Matrix
  Transaction Description : Transaction Code
  Master Data - Customer
  Customer Master - Create - Sales Area: XD01
  Customer Master - Change - Sales Area: XD02
  Customer Master - Display - Sales Area: XD03
  Customer Master - Display Changes - Sales Area: VD04
  Customer Master - Flag for Deletion - Sales Area: VD06
  Customer List - Block: VD05
  Customer Change Account Group: XD07
  Master Data - Conditions (Pricing)
  Conditions Master - Create: VK11
  Conditions Master - Change: VK12
  Conditions Master - Display: VK13
  Transaction Data - Sales Orders
  Sales Order - Create: VA01
  Sales Order - Change: VA02
  Sales Order - Display: VA03
  Sales order - List display: VA05
  BLOCKED SD DOCUMENTS: VKM1
  Transaction Data - Delivery
  Delivery Create: VL01N
  Delivery Change: VL02N
  Delivery Display: VL03N
  Delivery due list for sales & purchase orders: VL04
  Outbound Delivery Monitor: VL06O
  Incomplete Outbound Deliveries: V_UC
  Transaction Data - Billing
  Billing Document Create: VF01
  Billing Document Change: VF02
  Billing Document Display: VF03
  Maintain Billing Due List: VF04
  List Billing Documents: VF05
  Billing Document Cancel: VF11
  List - Blocked Billing Documents: VFX3
  Billing Document - Background Processing: VF06
  OUTPUT FROM BILLING: VF31
  Excise Transaction Data (Indian Manufacturing Scenario)
  Excise Invoice for Factory sales: J1IIN
  Excise post & print for others mvmts: J1IV
  Selection of Excise Invoice - Common: J1IK
  Excise Invoice for Depot Sales: J1IJ
  Cancel Excise Invoice/JV: J1IH
  Excise Invoice Print: J1IP
  PRINT EXCISE REGISTER: J2I6
  EXTRACT EXCISE REGISTER: J2I5
  PRINT EXCISE REGISTER: J2I6
  CREATE EXCISE BOND: J1IBN01
  CREATE / UPDATE ARE-1: J1IA101
  CREATE / UPDATE ARE-3: J1IA301
  PRINT ARE-1: J1IA101
  Sales tax register: J1I2
  Help on Internally Generated Documents: J1I7
  Standard Reports - SD
  Incomplete sales orders: VA.2
  Outbond Delivery Monitor: VL06O
  Customer Analysis- Sales: MC+E
  Customer Returns-Analysis: MC+A
  Material Analysis(SIS): MCTC
  Sales org analysis: MCTE
  Material Returns-Analysis: MC+M
  Hope the above is works for you.
  REWARD if it helps you!!
  Regards,
  Ajinkya

• Role Matrix in BW

  Hello Friends,
  Can anyone plz help in to design the Roles and profiles here in the BW 3.5 system.
  We have around 8 company codes to be seen. So we need to prepare Base roles and derived roles for the requirement.
  So looking for and idea of a Role matrix which would help. Can you please send me same role matrixes.. for the same.
  Looking Forward
  Cheers,
  Vijay

  Hi Vijay,
  role matrix is not possible, it all depends on the your project requirement. you should sit down with you Functional Consultants and decide the matrix.
  But to give you some information on BW, it is not Transaction based. BW is completely object based like resticting Info Providers, Info Objects, etc....
  To implement Org level restriction, you will have to create 'Custom Reporting Objects ' using Transaction RSSM.
  To know more about BW Security, please visit:
  http://www.*********************/bw_security/bw_security.htm
  Hope it helps.
  Please award points if it is useful.
  Thanks & Regards,
  Santosh

• Role Matrix Templates

  I am working on multiple SAP security implementations. I'm in need for a Role/Transaction/Authorization matrix template. Does any one have any suggestions on how to create the matrix in excel or third party tools that have templates for creating a role matrix. Any help would be greatful.
  Thanks

  A role matrix template is very easy to create yourself. .
  List the txn codes in a column
  List the roles in the row
  Have the business owner designate which tcode goes to which role
  The list of txn codes can be generated by pulling the txns from a particular area menu or from the SAP delivered roles for a module - this is a decent  baseline.

• S_TCode Full Authorization in all Roles

  Hello,
  We have created roles as per the role matrix given by the client. All are absolutely working fine but when i see the report at user level the transaction codes assigned to user we can see almost 100000 T-Codes authorization. I analyzed and found that S_TCODE authorization object consists of value as " * " so that is the reason i am finding all the T_codes authorization.
  How this has happpened? We have not given these value in any of the Role.
  Regards,
  Narasimha Kumar

  > How this has happpened? We have not given these value in any of the Role.
  If you didn't do it manually then it must have been a (very strange) proposal value coming from SU24. Have a look in table USOBT_C, filtered on object S_TCODE. If there's a star in the low or high column, the 'name'  column tells you which transactions' proposal you need to fix in SU24. After that re-read the authorizations for roles containing this transaction.

• Requesting for Security Roles

  hi,
  can you just tell me the security roles.
  our company is going to implement a project. we dont have any KT and procedure for creating roles
  our company is starting to implement SAP. please suggest me for creating roles and  authorisation design.
  thanks
  Ramesh

  Hi Ramesh,
  If you don't have security training/experience I suggest that you book yourself on course ADM940 which covers auth basics (including info on creating a role matrix etc).
  If you don't have this then make sure that you work with someone who has done this.  You would be very lucky to produce a reasonable design without either the training or using someone who knows what they are talking about.
  Other resources are the following publications (you can find them via google):
  Authorizations Made Easy (the 4.6 version is bit out of date but if you read & learn it you will be more than OK)
  SAP Security and Authorizations
  Risk Management and Compliance with Legal Regulations in the SAP Environment
  SAP Authorization System
  Design and Implementation of Authorization Concepts for SAP R/3 and SAP Enterprise Portals
  For a wide overview of security I would recommend the SAP Security and Authorizations book, as a design aid I personally feel that SAP Authorization System would be more appropriate for a newbie

• Portal error in SRM 7.0 -"There is no iView available for  system "SAP_SRM"

  Hi All,
  We have portal ( SAP EP 7.0) as the front end for SRM 7.0 ,We have integrated SRM with portal through the system alias SAP_SRM.
  With the PDP scenario the users are facing the below issue while they try to open any documents ( let it be RFx/contract).
  "There is no iView available for  system "SAP_SRM": object "cont". For more information, contact your administrator."
  We installed the latest JRE (1.6.0.17) in the machine , but it didn't fix the problem. It appears to be a a lorcal issue with the settings in browser as some people ( very few) are able to open the documents.
  Any pointers?
  Thanks
  Arun

  Hi Arun,
  Pls check the portal content and portal roles with iviews maintained properly or not.
  Pls chek this page for ivew and portal role matrix. and cross check with your portal roles.
  This might help you.
  http://help.sap.com/saphelp_srm70/helpdata/en/27/d1185fd9764001953386c6e10058ab/frameset.htm
  Regards
  Kiran

• ABAP Reports and SAP Query

  Hi Experts,
  I have question regarding ABAP Reports, SAP Query, and Transaction with variant.  How are we securing one the above reports that we assign them through pfcg.  We can secure custom program by custom transaction or define the auth group in S_PROGRAM auth object but in this case we have to assign SA38 in production. is that correct?
  Please help me understand difference between the ABAP reports and SAP query. Is the ABAP reports same as Program or they are different.
  Thanks in advance
  Faisal
  Edited by: Faisal on Jun 30, 2009 11:06 PM

  Hi,
  1) End user security (role matrix coordinate with process team)
  This role Matrix design is most important where we can put restrictions and use SoD.
  2) Secure Table (by auth group)
  Table TDDAT and use of transaction se54 for security tables to right auth Groups. Secure s_tabu_dis, s_tabu_cli.
  3) Secure program (as you said ABAP reports are referred to Program)
  Use of table TPGP and program RSCSAUTH for assignment of groups to Program. SA38 Running of SA38 requires a minimum SUBMIT in user Action. A user having SA38 is dangerous as he/she is now enabled to run any report. Hence protection in Auth Group is needed. Verify each and every program is having authority check statement and Auth Group or not before assigning sa38. As you mentioned its best to avoid SA38 and create CUSTOM TXN for each report.
  (We should also SECURE S_DEVELOP in Production properly along with ur points. Please Note).
  4) Secure some batch jobs roles for batch job
  Secure by s_btch* objects and less access to se36.
  5) Create support roles for cutover activity during Go-live
  That is always needed. Go ahead.
  6) Emergency roles & IT roles for support
  This is very much needed as a role of Mitigation and Fire Fighting for Temporary access. Ensure to enable ur audit parameters in RZ10 (rsau* sm20,RSLG* for sm21). Give emergency access but enable audit via sm19 and get audit reports from sm20 and sm21 immediately after the use of emergency access.
  There are also other auth objects we need to be care ful which is a long list and hope every body ensures that (s_cts,a_admi,s_trans, tables ssm_cust, prgn,t000) etc and a host of others. Besh wishes. Let us know if any issue.
  Regards
  Aveek.

• SAP Security On A New SAP Implementation

  Hi Gurus,
  I'm going to be part of a team that will be implementing SAP Security with a company that's implementing SAP. My experience has always just been on the maintenance and support and I was wondering security wise, what's involved during the implementation stage. What are the things to be done or considered when implementing SAP Security? Are there steps to be followed? What is the best strategy for implementing authorizations?
  Thanks in advance for answering my questions and enlightening my junior mind.
  JB

  Hi,
  SAP Security implimentation process follows the Authorisation Methodology. In this we need to follow the phases which are 
  1._Requirement_ :In this Implimenting parttner team comunicates with end user and prepare the S.O.D.  As per S.O.D implimenting partners prepare the _Role matrix ._
  2._Analsys:_ as per role matrix based on rules and regulations consultants educate the end user.
  3. *Implimentation* :   As per role matrix Single role,composite rople,derive role will be Develop and securing table ,reports.transaction which are critical.
  4. Quality check and test: developed roles are move to qulity system and testing will be done  as per approval from the decision maker role are move to the production server.
  5.Cutover: this roles are assigned to the users and system goes to live.
  Underlined and bold words plesase cocentrate deep.
  Thank you.

• Pre-Requisites for Implementing E Recruiting on ECC6.0

  Hi All,
  Can anyone please tell me what are the pre-requisites that are to be met to implement E-Recruitment on ECC6.0 (No EHP).
  And where can i find out the differences of Erecruitment on ECC6.0 and EHP6 (Functionalities that will be missed if we go without EHP6).
  Also is EP necessary to implement E recruitment. We even do not have ESS / MSS
  Our System is a Plane ECC (No EHP).
  Regards
  Syed

  Hello Ameen,
  Well ECC6.0 is R/3 Server and EHP6 is Portal server .
  E-recruitment works good with portal. It provides so may functionalities there .
  If u don't have EHP or don't want to use it .
  In that case u can Create Customized module pool  Application , but obviously u will not get feel and look and some other functionalities available over portal .
  You can create Role Matrix table, where u can save roles of Recruiter, manager and id password etc etc .
  Plus SAP has also provided traditional Recruitment in R/3 system, you can also use that . You can find that in SPRO .
  From EHP4 Sap moved on to Webdynpro abap  which was BSP till EHP3 , SO you can also use Webdynpro applications directly without portal . But there you need to customize more  . OR you can have Customised Webdynpro application for Recruitment also .
  Regards,
  Pran

• SAP Security handover from the Onshore Implementation team Documents

  Dear All,
  We are an Implementation & Support Team and we are getting SAP Security handover from the Onshore Implementation team where in future we ought to continue the Implementation.
  Please could you let me know what others documents which we require for handling the complete security landscape for our Scenario!
  CRM, BI, BS, SOLMAN, EP and PI
  Please suggest any other documents besides the below or any other specific details with respect to each Module,
  u2022           Enterprise-Wide Role Matrix
  u2022           Role Implementation Framework Prototype
  u2022           User Authorization and Strategy Management Procedures
  u2022           User Role and Authorization Concept Technical Design
  u2022           SAP Security Organization Hierarchy Requirements
  u2022           Transaction to Role Mapping
  u2022           Role to Position Mapping
  u2022           Available authorization policy documents
  u2022           Role matrix with segregation of Duties
  Many Thanks

  What do you have defined for your support?
  Presumably you have quoted a price per call but what do you cover and how do you calculate the charge to your client?
  Please let me know so that I can undercut your quote.
  Damn - forgot to ask who your client was and the contact name.
  Cheers
  David
  Edited by: David Berry on Feb 11, 2011 12:29 AM
  Edited by: David Berry on Feb 11, 2011 12:30 AM

• Plant authorization for Same Co. Code

  D friends,
  We’ve 2 plants in the same co code. Requirement is that user in Plant 1 should not have the authorization to enter Plant 2 in his Sales Order and vice-versa. We’re not able to control this through std. role matrix.
  Hence pls suggest how this restriction should be implemented?
  Thanks.

  Hi R Sgr,
  You talk  to your basis guy to define the role for particular user
  or
  Program SAPMV45A ,  you can find the Include MV45AFZZ
  Try in this user exit
  Regards
  Ramesh

• CRM Security Design Concepts

  Hello Gurus,
  My Client is in a process of CRM implementation, as a security consultant , I am gathering the data from the business for CRM Role Design.
  Can Anybody share their design methodology in CRM Security.
  Best practices..
  Thanks in Advance
  -Thanks
  Sam

  Hi Sam,
  In CRM CIC, mostly users will be accessing the CRM system via Web client. Generally an ECC or R/3 system would exist as the backend. In CRM 2007/7.0, there is a concept of Business roles (BR) & PFCG roles as described in my earlier post.
  Every end user in the CRM would be assigned a Business role. Business role is created by CRM Functional Consultant & is assigned at Oranizational model/level via transaction PPOMA_CRM and corresponding PFCG role would be assigned via transaction PFCG
  To create the Business role, matrix for the same would be provided by some Business Consultant in your Project. That will describe the kind of access would be given to the end-user-meaning: Work Centers, Navigational links, logical links etc. You then need to create the corresponding PFCG role for a Business role. If your Organizational model is in such a way that only one Business role is created & assigned to all users, then you need to create several PFCG roles & you need restrict access based on the requirement in these roles. Else if there are several Business roles, then mostly Business roles will take care on the access restriction, then you may need to have only one PFCG role - it depends on how the Organizational model is set up & depends on whether the maintenance burden is on the Functional Team or Security Team
  Also if ECC is your backend system, roles need to be created for ECC also & they would be mapped with CRM roles as all backend work will be done in ECC system, so role matrix of both systems need to be mapped by the Business Consultant in your Project, you would then create roles for CRM & ECC system

• Matrix users and roles

  Hi,
  is there any sap standard functionality to get a matrix of users and roles like this:
  Z_ACCOUNTING_ROLE-Z_BASIC_ROLE-Z_SALES_ROLE---Z_TREASURY_ROLE
  MEYER---XX--
  SMITH--XX--
  JACKSONXX--
  X
  Regards
  Walter Habich

  report S_BCE_68001400
  for so far I know there isn't but when you run the standard report S_BCE_68001400 which shows all the rolles of all the users (click on button roll when you have the list of users) it is quite simple to export it to excel. make a crosstable with the rolles in the top and the usernames at the left. and in the middle count the rolles (which is always 1)
  copy all with ctrl a
  make a new workspace
  and paste special with only values
  replace all the 1 in the crosstable data section with X
  select the row with all the rolles and turn the text 90%
  make the colum width fit to maximum
  and you have a splendid crosstable
  kind regards
  arthur de smidt
  Edited by: A. de Smidt on Jul 2, 2008 4:56 PM
  Edited by: A. de Smidt on Jul 2, 2008 4:58 PM

• User roles & responsibilities template (or Security Matrix Template)

  is there a template we can use within the AIM methodology to set up and organize users and their roles respecitive of different modules and components? If so, can someone point me in the right direction?

  Are you talking about not able to search roles when you are creating the template and want to assign that template to a particular role or that you are not able to search roles when you create the request for role?
  -Bikash