Roles for REACh Compliance
Hello,
Can any body please convey me the Roles need to be assing to USER in SU01 in order to give the complete REACH Complinace access in the system.
Thanking You
Amol
Hello Amol,
You need to use the template role /TDAG/RCS_TEMPLATE to create roles and adpt /TDAG/CP_PDM_MANAGER for compliance for product roles.
Then use SU01 trasaction to assign the above roles.
For Enterprise Portal permissions check - relevant roles like Product Manager, Substance manager, register and REACh Administrator and other roles.
Check workflow roles for Rough assessent, precise assement, real sub assessment and RCS compliance maintenance.
Besides above you may also need objects list for JCO connection for that please check SAP Note 1307310.
Take the help of BASIS and Netweaver consultants for these activities.
Also please refer SAP REACh Compliance Configuration document for user management and other configuration issues like workflow management, Xcelsius Integration etc.
Thanks
Jayakumar
Similar Messages
-
Hi Experts,
Is there any BI Content for REACH Compliance. Or any other work going on in this area within BI.
Regards
Meiyappanhi,
www.takesolutions.com/Documents/BI/events/TAKE-BO-XI-3-Webinar.pdf
http://www.zdnet.co.uk/tsearch/analyticstechnologybi.htm
www.itbusinessedge.com/item/?ci=28620
naresh -
SAP REACh Compliance Project Management Capabilities
Dear experts,
Do you have any list of the report names is SRC that can be used for project management? (i.e. Endpoint coverage, Status of registration at Substance level...)
Many thanks and best regards,
AlbertoDear Alberto
Here are the list of report names relevant for REACh
End Point - Information
End Point - Gap Matrix
Endpoint - Coverage Check
Besides Reporting, you also have couple export capabilities
Legal Process - Export Registrations
Substance Management -Costs
Substance Management - Export Internal and External Organization
Substance management - Export Priorities
Substance Management - Export Roles and Volumes (Quantities)
This is just a addition to SRC reporting capabilities -
If you want to make use of Compliance Workbench capabilities - here's the list
i) Compliance Status for Products
ii) Compliance status for Substances
iii) Product - Pure Substance Analysis
iv) Product - Chemical Data Analysis
v) Displaying pure substance lists for review.
Thanks
Jayakumar
Edited by: Jayakumar Indracanti on May 21, 2009 11:45 AM -
SAP Product and REACH Compliance 2.0 dese not add-on in SAP ECC 6.0 EHP5
hi experts,
I upgraded ECC 6.0 EHP5 and then try to add-on SAP Product and REACH Compliance 2.0 in SAP ECC 6.0 EHP5.
I aleady knew REACH 2.0 is available with ERP 6.0 EHP5 through Note 1389561 - SAP PRC 2.0: Installation and upgrade for ERP 6.0 and SAP Note 1456663 - SAINT: Enhancement Package 5 components on NW 7.02.
But unfortunately, When I try to install REACH 2.0 using SAINT, The error message was pop-up
========================================================================
OCS package SAPK-360COINTDAGBCA does not match the current software component vector
========================================================================
any idea pleas...
For reference
==========================
tp version : 720 patch 90
R3trans version : 720 patch 89
SPAM/SAINT : 7.02/43
SAP_BASIS : 702 sp 07
SAP/EA_APPL : 605 sp 04
Thanks and regards,
JunHi Jun,
You could check the upgrade logs and traces at the location ../usr/sap/<sid>/upg/abap/logs.
Check for the latest last changed logs. Mos probably a prerequisite package for the REACH 2.0 installation is not included in the upgrade. The detailed logs should mention which prerequisite is missing.
Fore reference see thread: EHP4 upgrade error on SAPK-603DHINEAPS
Regards,
Srikishan -
Hi I need help in creating role for DEVELOPERS and HCM GUYS in ERP DEV. sys
Hi Experts
I am working as a Support Security Consultant. Now I have assigned to another implemenation Project.
My client asks to create 2 roles in DEV. system the requirement is:
1) He asks to create a role for develpoers in dev system fro devepment activities ( report creation, screen creation..etc..) and these people don't modify the HR related tables
2) He asks to create role for HCM guys in development system to work on HCM Configuration and to work on HCM areas but these people should not involve into develpometn activites
My questions is what are the tcodes we have to maintain in the roles to reach his requirement.
I asked the same thing to my Client he doesn' t provide any information
Please anyone help me on this
Thanks
NareshHi,
for the first query please check auth object -Authorization Object S_TABU_DIS (Table Maintenance)
http://help.sap.com/saphelp_nw04s/helpdata/en/1e/e867408cd59b0ae10000000a155106/content.htm
No Worries
KG -
Tcodes & Roles for SAP GRC AC 5.3 SPM in R/3
Hello,
After installing part of the SAP GRC AC 5.3 SPM in the Tcode SAINT (R/3).
I want to know what Tcodes do I need to use the Tcode /VIRSA/VFAT.
Or what type of roles do I need. Is there some.
I have read the PDF "SAP Governance, Risk & Compliance Access Control 5.3 - 02 Post-Installation - SPM.pdf", and I have seen some roles. Are this the standard roles for the SPM in R/3?
Best Regards.
Pablo Mortera.Hi Pablo,
In 5.3 we can use the SPM by two different ways.
1. FFID based: In this you make a user as a FFID and then you use this FFID to perform all the actions.
User based roles are for the above.
3. Role based: In this you assign the roles(maintained in SPM) to the user.
Role based roles are for above.
The basic diffeence is in first one you use user (FFID) to perform the activities whereas in second you use role (which are maintained in SPM).
You can get more details of this in user guide and configuration guide.
Regards,
Shweta -
Investigate - ECC roles for retirement.
I am trying to investigate and find roles that can be retired in the ECC system. How do I come up with a list of roles that are ready for retirement (due to unuse or wrong naming convention, etc,etc)?
What are the questions I should be asking?
I have tried to follow the below approach, but it doesn´t seem to be effective enough:
note- From hereon, when I mention roles, it means Z-Roles only.
Please find the method I used to analysis the issue below:
Requirement: Investigate - ECC roles for retirement.
(Self made points below)
1. Document all roles in ECC, that have never been assigned to any user.
2. Document all the roles in ECC, that do not have any users assigned to
it since atleast one year.
3. Document all the roles in ECC, that are forbidden to be assigned to
any roles.
4. Document all the roles in ECC, that do not follow the standard naming
convention defined by the organisation.
My question - Should I extend this list?
Analysis:
Transactions used extensively during analysis:
SE16 Data browser
SUIM User Information system
S_BCE_68001425 Roles by Complex Criteria
PFCG Role Maintenence
Tables user extensively during analysis:
AGR_AGRS Roles in Composite Roles
AGR_DEFINE Role definition
AGR_USERS Assignment of roles to users
Actions taken, to reach the solution:
1. Single Roles - Without assignment in the last one year ( There has been no user assignment to these roles for atleast one
year and no changes have been done to the role during this time.
These roles are currently without any user assigned to them.
2.Forbidden roles: These roles are not to be assigned to any users and it
can be strongly recommended that they should be retired.
There are currently no user assignement for this roles.
3. Wrong Naming convention : Roles that donot follow the
standard role naming conventions (as defined). These roles should be
retired.Hi..
Last month we did this clean up activity. But after a lot of meandering here and there, like what has been stated, finally i decided to take help of the functional consultants of each module of SAP and removed all unwanted roles - from end users. It was a massive exercise, esp when roles were assigned indirectly, but finally we could clean up a bit.
But for some reasons, the back end team has kept the roles on the system and roles have not been deleted or completely removed from the system itself. May be as part of 2nd phase of clean up, we would do that.
And also that was the reason why we felt - as to whether it is ok, to make any role as non-editable, and identify it, all those roles in one go, for a direct clean up at a later date. But I was not able to categorize that way.
In case you have some other better ideas of cleaning up the system completely, please share your thoughts too. It would be very helpful.
Thanks
indu -
Lock Role for Changes till the transport is released
Issue : since roles are managed by multiple security administrators, changes are moving against the sequence.
We have multiple security administrators, is there a way to lock a role for changes until the task/ req is released.
Example Scenario :
Security admin 1 : if there is a change request to add SU01 to the role: Z_TESTROLE, Security admin adds it and creates a Change request but does not release it.
Security Admin 2 : the security admin 2 will get a Change req for the same role Z_TESTROLE to add a tcode PFCG to it. Security admin 2 does his job and moves his transport now even though the first transport does not move the change made by the first security admin moves with the transport for the second admin.
We have multiple security administrators, is there a way to lock a role for changes until the task/ req is released.Hi all,
Thanks for your responses.we follow a change procedure but I guess its just needs to be refined. Everybody figured out that this is a coordination issue but I was asked to research on any technical ability to handle this.
Here is a brief overview of our process :
1) BPO approves the change
2) Role owner support manager approves the change
then the Change request comes to 3)Security Manager for her approval.
I feel from Sox prespective the 3rd approval in not manadatory.
I'm I correct ??? where can I find Sox guide for SAP ?
Recap of the incident:
1)A change ticket is created for the t-code creation and a task is created for the role in which this report is to be added.
State I role Z_TESTROLE is with ZMMR0025
After adding the new report ZMMR0055 the old report ZMMR0025 is removed.
State II
The role Z_TESTROLE has tcode ZMMR0055
now this is tested in development system by the requestor.
Before this goes into PRD via QA a newsflash is sent to all the endusers (so that they know which t-code to use)
Meanwhile if another security administrator works (suppose adds a new tcode or changes an authorization) on this while the role is in state II changes made by Admin 1 are transported along with the second change.
State II + new changes = State III
When the role reaches PRD in state III result is the end user losses access to the required functionality ZMMR0025 before ZMMR0055 is made available.
I hope Im clear , please let me know if I need to be more specific on any part.
I appreciate your help.
regards,
Salman. -
E-Recruiting 6.0: Business Partner Role For Branches
Hi Experts,
In the IMG, SAP E-Recruiting > Basic Settings > Enterprise Structure > Define Business Partner Role for Branches
Can anyone help in the following:
1) What is the purpose of Business Partner Role and how does it relate the Branches? Or how can i make use of it?
2) If i am going to maintain the Company & Branches via the Administrator function instead of IMG, do I still need to configure this step: Define Business Partner Role for Branches
Thanks. Will reward points for any helpful tips.
WilliamHello William,
the Business Partner is an application / module which belongs to the base components of the SAP. It is used and partly extended by various other applications / modules. Next to E-Recruiting it is used for example by CRM and the financial service solution (FS-CS, FS-PM, FS-RI). All of these modules can put their data for a person or an organization into the same tables. Depending on the installation / system environment or even within one single module the requirements for available fields and business checks as on authorization differ between kinds of business partners (e.g. in FS-CS the commission solution for the financial service sector knows external agents and internal employees which have to be treated differently). The business partner is the element to assign the logical / business role in which a person is handled by the system.
For E-Recruiting you have 2 kinds of business partners, too. On the one and there are people being candidates and on the other hand there are branches of your company which hire people. The configuration allows you to seperate them if you need to identify anywhen which business partner is a branch and which is a candidate. So far I never tried if this is really working as there is no real use for this I never set it up. The attributes and the business checks are the same anyways.
Hope that helps a bit to understand the context
Best Regards
Roman Weise
PS: please remember that you have to maintain the branches via administrator bsp application. Using the IMG entry won't work. -
Roles for Contact Person in MM-SUS Scenario
Hi !
When we create a contact person using the Create user option in SUS, we assign the roles to the contact person. These roles are basically the standard SAP roles for SUS. We have created Z-roles ( a copy of the standard roles) to restrict cetain txns for users and would like to assign these Z-roles to the contact person . How can we ensure that the Z-roles are displayed instead of the standard roles ?
RegardsHi
<u><b>Please go through these complete SUS-MM Configuartion detail links, which will definitely help -></b></u>
<u>Roles:</u>
SAP deliver standard roles with authorisations, if You want to maintain your own go to transaction PFCG.
There are two type of role:
- single role
- composite role - (one or more single roles)
To roles You can assign transaction codes, reports, URL links, etc. SAP System automatically creates the authorisations that you can set on Authorisations tab page.
<u>Authorisation:</u>
Authorization profiles must be generated before you can assign them to users. An authorization is generated for each authorization level in the browser view, and an authorization profile for the whole role as represented in the browser view.
Re: Clarifications on EBP-SUS and MM-SUS Scenario
Re: Cancellation from SUS hangs in XI interface
Re: Vendor Replication in SUS scenario
Re: SUS-MM for service items
Re: Central Person already exists
SUS and Central User Admin
Re: User roles.
<b>Please look at following links for Roles and Authorizations </b>
<u>Links for user roles:</u>
http://help.sap.com/saphelp_nw2004s/helpdata/en/52/6714b6439b11d1896f0000e8322d00/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/42/271d24d86211d2961a0000e82de14a/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/e4/15e48efd6c11d296430000e82de14a/frameset.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/d3/559a4271c80a31e10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/4e/52b74065448431e10000000a1550b0/frameset.htm
<u>For profiles and authorisations:</u>
http://help.sap.com/saphelp_nw2004s/helpdata/en/52/67151e439b11d1896f0000e8322d00/frameset.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/20/efcbfed8a511d397110000e82de14a/frameset.htm
Regards
- Atul -
Error during create CR for MDGC "Enter a relevant role for creation of customer master data"
Hello Experts,
I am unable to create a Customer CR in 'MDG 6.1 Customer UI' , the UI throws an error saying "Enter a relevant role for creation of customer master data".It looks like it is expecting me to mention the BP role ( like FLCU01 Customer or FLCU00 FI Customer ) , but I don't see that BP role section in the Customer UI to mention .
While creating the vendor CR , I am able to enter the BP role ( like FLVN01 vendor or FLVN00 FI Vendor ) in the UI BP Role section.
Following are the UI's for Customer and Vendor
Customers BS_OVP_BP: BS_OVP_CU > OVP: BS_CU_OVP - I do not see BP role section here.
Vendors BS_OVP_BP: BS_OVP_SP > OVP: BS_SP_OVP - This is working fine , I see BP role section here.
Please advice what I am missing here , what should I do for the successful CR creation . Should I change the UI for Customers or do I need to do anything in CVI configuration.
Thanks,Hi Abdullah,
You were right in the first place the UIBB is missing , the UIBB 'Role' was present in the 'Search Customer' page but not available in the 'Create Customer CR' page , so I created the 'Role' UIBB again and was able to create the CR now . Not sure how it got deleted in the first place , is there any options where we reset the UI screen to the default initial configuration
But after approving the CR , only the Business Partner BP is getting created and the Customer is not getting created . Not sure what might be the issue now. Is there any config that tells to automatically create customer when BP is created. I was able to create Vendor using the create Vendor CR before.
Thanks -
More than one role for a clip.Is it possible?
Is it possible assign more than one role for a clip?
thxOnly one video role, only one audio roll, per clip. Only one as these are "Media Stems", and when you work with Stems, only one roll per asset video, one per asset audio.
-
I'm a newbee, (Win Tech) Would like to know what command it is for reaching the reinstall menu at boot-up.
I do not meen cmd r menu wich just install OSX above the OS. I think I need a totally fresh installation.
Do you have any clue? Have several issues on a new MacBookPro but it's propably "PEBKAC" made..
UffeIt is Command+r or for the online internet system it is Command+option/Alt+r keys. Then you use Disk Utility to erase the macintosh partition, from the built in recovery hd, or you can repartition the drive as one partition from the online system.
To actually get to the online internet system you have to hold that key combo down until you see a globe on the screen. Otherwise it will just boot from the built in recovery hd on the internal drive. -
Help Required in Authorization Roles for Workbooks
Hi All,
In our project, we have a requirement of creating a role for users with below authorizations.
1. Can display and execute the workbooks in the role menu.
2. Can create copy workbooks ( Save as) in the role menu.
3. Can not delete the original and the copy workbooks from role menu.
We are using an authorization object S_RS_FOLD with u2018FALSEu2019 for restricting the user from deleting workbooks.
We also need to add one more object S_USER_AGR (without u2018Deleteu2019 property) to give the authorization of creating copy workbooks in the role menu.
Object S_RS_FOLD this is working fine without S_USER_AGR. But after adding S_USER_AGR (without delete property), user is again able to delete the workbooks.
So how can we achieve both the functionalities where user can not delete the workbook but can create copy workbooks in the role menu.
Thanks,
SachinRe: Adding report (query & workbook, templates) in roles
Go through this thread.
And in our Project we have created one role for accessing workbooks. in that end user can access the work book but saved one and user cannot resave or delete the work book.
we have added Auth objects S_TCODE and S_GUI.
in S_TCODE we have added RRMX and in S_GUI we have given 60(IMPORT) access to the users.
So that they can just share the workbook. nothing else can be done.
Try like this. Hope this would help you. -
Portal Run time error when created a seperate role for Transport package.
Hi Experts,
I have created a seperate role for Transport Package(import/export iviews).
Normally we have transport package functionality in system admin.
Below steps i followed for creating the new role(trans admin)
1.Copied SAP provided system admin role to a seperate folder.
2.Deleted reamining portal objects(like UWL, portal display etc ..) except transport packege workset.
3.Renamed the role to trans admin.
I have assigned that role to my self, it is working fine to me when i clcik on export and import.I have super admin role.
when i assign this role to some portal users, Export is not working.
when user clicks on Export role they are getting below error.
Portal Runtime Error
An exception occurred while processing a request for :
iView : N/A
Component Name : N/A
Access denied (Object(s): com.sap.portal.system/security/sap.com/NetWeaver.Portal/medium_safety/com.sap.portal.appdesigner.contentcatalog/components/Framework).
Exception id: 12:10_31/08/09_0031_21763550
See the details for the exception ID in the log file
By looking into exception iD also, same error access denied it is showing.
Please Advice.
Thanks
Sony.Hi Raghu,
Thanks for the reply.
I have given full permissions to all users to this trans admin role before itself.
Thanks in advance.
Sony.
Edited by: ambica sony on Aug 31, 2009 1:53 PM
Maybe you are looking for
-
Checking amount sum in file body
helo all here i got problem with my scenario. in my scneario iam processing file to bapi. before processing i need to check the amount present in file body and to compare with trailer sum if both r same then i need to set flag of bapi to yes otherwi
-
Hi, I had a query that "Is it possible to send one Msg to different receivers without using BPM...? And Is this done by Proxies ..if Yes ,how? Thanking you Guna
-
Can't manage my apps in itunes??
Got everything updated. iTunes shows all my apps and the screens but I can't do anything with them? It's like iTunes has frozen but it hasn't. Anyone else? ideas?? Thanks
-
Customization of CAT2 transaction - Very Urgent
Dear SDNers, We have created variant version for standard CAT2 transaction using SHDS trans code. (Just to hide some of the options from the end user to enhance the usability). To extend the usability, we need to do the following activity. In the
-
when i try to turn on my ipod, it tells me to connect to itunes and restore but a message pops up and says that i dont have an internet connection. the connection is on and it loads at 100mb per second.