Scribd
Upload
53 views4 pages

Role Creation SAP

The document outlines the process of role creation and authorization management in SAP, detailing user roles based on business needs and the importance of authorization objects, fields, and values. It provides a step-by-step guide for creating roles, assigning transaction codes, and testing access for users. Additionally, it includes specific user requirements and associated SAP authorization objects for controlling access to various functionalities.

Uploaded by

Hadia Sheikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
53 views4 pages

Role Creation SAP

The document outlines the process of role creation and authorization management in SAP, detailing user roles based on business needs and the importance of authorization objects, fields, and values. It provides a step-by-step guide for creating roles, assigning transaction codes, and testing access for users. Additionally, it includes specific user requirements and associated SAP authorization objects for controlling access to various functionalities.

Uploaded by

Hadia Sheikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Role creation, authorization objects, fields and values

Aspect Description Key Points

Define user roles based on business - Gather business requirements- Create


Role Creation needs to control access to SAP Single, Composite, or Derived roles- Assign
transactions and data roles to users

Authorization Groups of fields that restrict access to - Identify required objects per transaction-
Objects SAP functionalities or data segments Objects have fields

Attributes inside authorization objects - Assign specific values- Avoid wildcards


Fields and Values
that specify precise access limits for tighter security- Enforce least privilege

User 1;
Purchase requisitions create, edit, display, release
Purchase order display
Service entry sheet create, edit, display
Reports zspr, zfpr, zspo display
User 2;
Purchase requisition create
Purchase order all
Service entry sheet all
User 3;
Pr all
Po all
Ses all
Reports all
Transaction codes (T-codes)
T-codes are used primarily in SAP (Systems, Applications, and Products) systems to quickly
access specific tasks and functions.
How to create roles

Step Action

1 Log in to SAP

2 Open transaction PFCG (Profile Generator in SAP)

3 Create a new role with a name

4 Add a description for the role

5 Add required transaction codes (T-codes)

6 Edit and generate authorizations

7 Assign the role to users

8 Test the role access with assigned users


Scenario

Step 1: User Requirements Analysis


Function User 1 User 2 User 3

Purchase Requisition Create, Edit, Display, Full


Create only
(PR) Release access

All
Full
Purchase Order (PO) Display only (create/edit/display
access
)

Service Entry Sheet Full


Create, Edit, Display All
(SES) access

Custom Reports (ZSPR, Full


Display only ❌
etc.) access

Purpose Object Why Important

M_BANF_BS Ensure users can only act on allowed


Control PR access
A PRs

M_BEST_BS Ensure user can only see or edit


Control PO access
A allowed POs

Limit scope by M_RECH_EK Restrict users to their purchasing


group G groups

Allow T-code Control which transactions user can


S_TCODE
execution run

Allow report
S_PROGRAM Control report execution permissions
running
Role Name Description Assigned To

Purchase Requisition (create, edit, User1, User2,


Z_MM_PR_USER
display, release) User3

Z_MM_PO_DISPLAY Purchase Order Display only User1

Purchase Order full access


Z_MM_PO_ALL User2, User3
(create/edit/display)

Service Entry Sheet (create, edit,


Z_MM_SES_USER User1
display)

Z_MM_SES_ALL Service Entry Sheet full access User2, User3

Z_MM_REPORT_US
Reports display (ZSPR, ZFPR, ZSPO) User1
ER

Z_MM_REPORT_ALL All reports access User3

Role Component SAP Authorization Object


PR_CREATE M_BANF_BSA
PR_EDIT M_BANF_BSA / M_BANF_EKG
PR_DISPLAY M_BANF_BSA
PR_RELEASE M_BANF_FRG
PO_CREATE M_BEST_BSA
PO_EDIT M_BEST_EKG
PO_DISPLAY M_BEST_BSA
PO_RELEASE M_EINK_FRG
SES_CREATE M_RECH_WRK
SES_EDIT M_RECH_WRK
SES_DISPLAY M_RECH_WRK
SES_RELEASE M_RECH_FRG
ZSPR_DISPLAY S_PROGRAM / S_TCODE
ZFPR_DISPLAY S_PROGRAM / S_TCODE
ZSPO_DISPLAY S_PROGRAM / S_TCODE

You might also like