08-31-2010 6:55 AM
Hi Experts,
We are implementing security for my client. The below are the steps I
followed. Let me know if I am in right track..
- Getting the users list against their job titles for each module or work
stream
- Get the list of transaction codes proposed to be used by each module or
work stream
- Prepare a Role Matrix Template with transaction codes against job titles
and asked the module leads to fill this out for each work stream
- Get the list of cross functional T-codes by merging all the role matrix
sheets all work streams
- Group the T-codes to form parent roles based on the task and based on the
requested job titles for each module
- Group cross functional T-codes based on task and based on the job titles
requested and create parent roles for cross functional T-codes
I have the below queries regarding child role creation
- How do we normally get inputs for organizational restriction, is it based
on each T-code or based on each user?
- We have a scenario that few users may need access to all plants for few
T-codes and for the rest they need restricted only to their plant
Let me know what is the usual and effective approach, point out if I need to
get any inputs from business upfront, so that I can update them and also in
the schedule
--
With best regards,
atejeda
08-31-2010 9:45 PM
Franklin,
Thank you for your valuable answer. I will get together with my business/functional experts.
Sincerely,
atejeda
08-31-2010 9:28 PM
>
> - Group the T-codes to form parent roles based on the task and based on the
> requested job titles for each module
Nothing wrong in creating parent roles, but I always build parent role only if the role results with organizational levels.
> - Group cross functional T-codes based on task and based on the job titles
> requested and create parent roles for cross functional T-codes
Same here ie
build parent role only if the role results with organizational levels.
> I have the below queries regarding child role creation
> - How do we normally get inputs for organizational restriction, is it based
> on each T-code or based on each user?
It will be based on Organizational levels, like company code, sales org etc......
> - We have a scenario that few users may need access to all plants for few
> T-codes and for the rest they need restricted only to their plant
>
> Let me know what is the usual and effective approach, point out if I need to
> get any inputs from business upfront, so that I can update them and also in
> the schedule
Work with business /functional experts to map roles to define a work process role
> --
08-31-2010 9:45 PM
Franklin,
Thank you for your valuable answer. I will get together with my business/functional experts.
Sincerely,
atejeda