Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User profile

Go to solution
Former Member

‎01-15-2007 4:11 AM

0 Kudos

Hi guys,

Can any one tell me what user profiles are given to end users? EX: SAP_ALL profile is given to BASIS guys.

THNX IN ADVANCE

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎01-15-2007 4:23 AM

0 Kudos

Hi

In general, we will be concentrating more on "roles" rather than "profiles". but there are 2 critical profiles "SAP_ALL" & "SAP_NEW" which should be given only to administrators.

FYI,

+"

The SAP system contains predefined profiles, the most important of which are explained below:

· SAP_ALL: To assign all authorizations that exist in the SAP system to users, assign the profile SAP_ALL.

· SAP_NEW: Composite profile to bridge the differences in releases in the case of new or changed authorization checks for existing functions, so that your users can continue to work as normal.

SAP_APP: This profile contains all application authorizations. It is not included in the standard SAP system, however you can generate it with the report REGENERATE_SAP_APP. "+

more on this.. refer this doc..

http://help.sap.com/saphelp_erp2005vp/helpdata/en/52/6715af439b11d1896f0000e8322d00/frameset.htm

hope this info helps.

with regards,

Rajesh.

award suitable points

7 REPLIES 7

Go to solution
Former Member

‎01-15-2007 4:23 AM

0 Kudos

Hi

In general, we will be concentrating more on "roles" rather than "profiles". but there are 2 critical profiles "SAP_ALL" & "SAP_NEW" which should be given only to administrators.

FYI,

+"

The SAP system contains predefined profiles, the most important of which are explained below:

· SAP_ALL: To assign all authorizations that exist in the SAP system to users, assign the profile SAP_ALL.

· SAP_NEW: Composite profile to bridge the differences in releases in the case of new or changed authorization checks for existing functions, so that your users can continue to work as normal.

SAP_APP: This profile contains all application authorizations. It is not included in the standard SAP system, however you can generate it with the report REGENERATE_SAP_APP. "+

more on this.. refer this doc..

http://help.sap.com/saphelp_erp2005vp/helpdata/en/52/6715af439b11d1896f0000e8322d00/frameset.htm

hope this info helps.

with regards,

Rajesh.

award suitable points

Go to solution
Former Member
In response to Former Member

‎01-25-2007 6:19 PM

0 Kudos

Rajesh

i do NOT agree NO ONE should have SAP_ALL especially basis not!!!

Go to solution
Former Member

‎01-15-2007 7:16 AM

0 Kudos

Hi Ashok,

End users should never be given SAP ALL and profiles...

They shd always be assigned with Roles created according to thier work profile and apart from it nothing more shd be provided.

Please check SOX compliance docs on the Internet for more info .

Hope it helps.

Br,

Sri

Award points for helpful answers

Go to solution
former_member190272
Active Contributor

‎01-15-2007 11:47 AM

0 Kudos

Hi kumar

if U give T-code end user first u create a role for this

We create a role T code PFCG .There are Two Role

(1). Single Role

(2).Composite Role

Single role : -a single role is nothing but a role.

composite role : -its a collection of single roles

Single Role :-http://help.sap.com/saphelp_erp2005vp/helpdata/en/52/6714b6439b11d1896f0000e8322d00/frameset.htm

Composite Role :-

http://help.sap.com/saphelp_erp2005vp/helpdata/en/42/271d24d86211d2961a0000e82de14a/frameset.htm

Is created with the profile generator and allows the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.

Now u give t code a End user in menu of Role its depend ur requirement.

Thanks & Regards

Pankaj Kumar

Go to solution
former_member912992
Participant

‎01-15-2007 1:58 PM

0 Kudos

Hi,

I would suggest you to sit together with the business consultant who did the customizing and design the role for the related users. For example you need to work together with a MM consultant to design the role for users in Purchase Department. The business consultant should know what transaction codes that need to be assigned to the users and the limitations in regards with the customizing he / she did.

It is also possible to adapt some SAP standard roles. Please call transaction code PFCG and search for 'SAP*', then you can see the list of them. Please make a copy of it and call ZSAP....... or whatever at your convenient. I would suggest you not to change the SAP standard roles.

If you have some users with the same role, but having different organizational assignment, you can create a standard role and some roles derived from it. For example I have a standard role for finance called STD_FIN, then I can create derived roles for the company in Indonesia as ID_FIN, for China as CN_FIN, etc.

Regards,

Agoes BP

Go to solution
Former Member

‎01-25-2007 4:42 PM

0 Kudos

Hi, Ashok

First identify the type of access desired by end-users and then relevant to that identify the Tcodes which would be required. Then you can create roles through TCode pfcg and then add the respective transactions to that roles. When you create a role automatically a profile gets created for it. SAP_ALL profile should be given onhly to select people. The basis guys can be given profiles like S_ADMIN.SHOW through which they will not have access to master data.

Go to solution
Former Member

‎01-25-2007 6:20 PM

0 Kudos

Hi

would suggest you hire a security specialist to educate you and your team.