01-15-2007 4:11 AM
Hi guys,
Can any one tell me what user profiles are given to end users? EX: SAP_ALL profile is given to BASIS guys.
THNX IN ADVANCE
01-15-2007 4:23 AM
Hi
In general, we will be concentrating more on "roles" rather than "profiles". but there are 2 critical profiles "SAP_ALL" & "SAP_NEW" which should be given only to administrators.
FYI,
+"
The SAP system contains predefined profiles, the most important of which are explained below:
· SAP_ALL: To assign all authorizations that exist in the SAP system to users, assign the profile SAP_ALL.
· SAP_NEW: Composite profile to bridge the differences in releases in the case of new or changed authorization checks for existing functions, so that your users can continue to work as normal.
SAP_APP: This profile contains all application authorizations. It is not included in the standard SAP system, however you can generate it with the report REGENERATE_SAP_APP. "+
more on this.. refer this doc..
http://help.sap.com/saphelp_erp2005vp/helpdata/en/52/6715af439b11d1896f0000e8322d00/frameset.htm
hope this info helps.
with regards,
Rajesh.
award suitable points
01-15-2007 4:23 AM
Hi
In general, we will be concentrating more on "roles" rather than "profiles". but there are 2 critical profiles "SAP_ALL" & "SAP_NEW" which should be given only to administrators.
FYI,
+"
The SAP system contains predefined profiles, the most important of which are explained below:
· SAP_ALL: To assign all authorizations that exist in the SAP system to users, assign the profile SAP_ALL.
· SAP_NEW: Composite profile to bridge the differences in releases in the case of new or changed authorization checks for existing functions, so that your users can continue to work as normal.
SAP_APP: This profile contains all application authorizations. It is not included in the standard SAP system, however you can generate it with the report REGENERATE_SAP_APP. "+
more on this.. refer this doc..
http://help.sap.com/saphelp_erp2005vp/helpdata/en/52/6715af439b11d1896f0000e8322d00/frameset.htm
hope this info helps.
with regards,
Rajesh.
award suitable points
01-25-2007 6:19 PM
01-15-2007 7:16 AM
Hi Ashok,
End users should never be given SAP ALL and profiles...
They shd always be assigned with Roles created according to thier work profile and apart from it nothing more shd be provided.
Please check SOX compliance docs on the Internet for more info .
Hope it helps.
Br,
Sri
Award points for helpful answers
01-15-2007 11:47 AM
Hi kumar
if U give T-code end user first u create a role for this
We create a role T code PFCG .There are Two Role
(1). Single Role
(2).Composite Role
Single role : -a single role is nothing but a role.
composite role : -its a collection of single roles
Single Role :-http://help.sap.com/saphelp_erp2005vp/helpdata/en/52/6714b6439b11d1896f0000e8322d00/frameset.htm
Composite Role :-
http://help.sap.com/saphelp_erp2005vp/helpdata/en/42/271d24d86211d2961a0000e82de14a/frameset.htm
Is created with the profile generator and allows the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.
Now u give t code a End user in menu of Role its depend ur requirement.
Thanks & Regards
Pankaj Kumar
01-15-2007 1:58 PM
Hi,
I would suggest you to sit together with the business consultant who did the customizing and design the role for the related users. For example you need to work together with a MM consultant to design the role for users in Purchase Department. The business consultant should know what transaction codes that need to be assigned to the users and the limitations in regards with the customizing he / she did.
It is also possible to adapt some SAP standard roles. Please call transaction code PFCG and search for 'SAP*', then you can see the list of them. Please make a copy of it and call ZSAP....... or whatever at your convenient. I would suggest you not to change the SAP standard roles.
If you have some users with the same role, but having different organizational assignment, you can create a standard role and some roles derived from it. For example I have a standard role for finance called STD_FIN, then I can create derived roles for the company in Indonesia as ID_FIN, for China as CN_FIN, etc.
Regards,
Agoes BP
01-25-2007 4:42 PM
Hi, Ashok
First identify the type of access desired by end-users and then relevant to that identify the Tcodes which would be required. Then you can create roles through TCode pfcg and then add the respective transactions to that roles. When you create a role automatically a profile gets created for it. SAP_ALL profile should be given onhly to select people. The basis guys can be given profiles like S_ADMIN.SHOW through which they will not have access to master data.
01-25-2007 6:20 PM
Hi
would suggest you hire a security specialist to educate you and your team.