erdci user authorization
TRANSCRIPT
-
8/18/2019 ERDCI USER Authorization
1/79
SAP R/3 BASIS
TrainingUser &
Authorization
-
8/18/2019 ERDCI USER Authorization
2/79
USER Concept(1)
One of the basic part of R/3 Security is user concept .
After installation of R/3 and client creation, one of the first step is
create users in the new client.
It must be noted that Users are Client dependent
User in one client is not be a user of another client.
They are valid for only the client they were created or assigned.
User Name and user attributes comprises the User aster Records
!y default SA" comes with two super users
SA"#
$$IC
These two super users are available for every client in R/3 system when a new
client is created. But the nature of these two super user are slightly different.
S!" has all the authori#ation
$$%& is authori#ed to administer the R/3 repository.
Transaction coe !or User "aintenance SU#1 $a%igation n 'enu
Tools --> Administration --> User Maintenance --> Users
-
8/18/2019 ERDCI USER Authorization
3/79
User "aster Recor(1)
User Master Record consists of following information'
User Name
ssigned &lient
!assword (&hangeable in future)
&ompany ddress
User Type
Start *enu
+ogon +anguage
!ersonal !rinter Setting
Time ,one
ctivity -roups
uthori#ations
piration $ate
$efault !arameter Setting
User master record maintain throu%h the transaction code SU&'.
An user can be assi%ned to many acti(ity %roups ) an acti(ity %roup
can be assi%n to many users.
-
8/18/2019 ERDCI USER Authorization
4/79
Passor Restriction(1)
"assword can not be word *sap+ or *pass+ .
"assword can not be%in with any seuence of three characterscontained in the user-id lie R0$SI12 user can not set password
starts with R0 ,R0$,0$S ,SI .
"assword can not be%in with 3 identical characters. I.e. aaamy or bbbt.
hen a user chan%es his password ,he may not use any of the lastfi(e passwords.
-
8/18/2019 ERDCI USER Authorization
5/79
Passor Restriction()
inimum password len%th can be set by the by the parameter
lo%in/min4password4ln% 5value 3 6.
Administrator can set the password e7piration date by the parameter
lo%in/password4e7piration4time 5no of days6 .
8umber of incorrect lo%ons allowed for a user master record until
the lo%on procedure is terminated , can be set by the parameter
lo%in/fails4to4session4end 5value 3 6.
8umber of incorrect lo%ons allowed for a user master record untillo%on is re9ected for this user, can be set by lo%in/fails4to4user4loc
5value 3 6. 1he loc is released at midni%ht.
rdisp/%ui4auto4lo%out 5in seconds6 parameter sets automatically lo%out
if user not uses sap%ui defined time.if set & then ne(er automaticallylo%out.
-
8/18/2019 ERDCI USER Authorization
6/79
User sap* & ++IC (1)
SA" R/3 system includes in the default installation two super users
*$$IC+ ) *SA"#+ .
sap# user created with the password *&:&;'
-
8/18/2019 ERDCI USER Authorization
7/79
User sap* & ++IC()
SAP* 000 ,001,066DDIC 000, 001
EARLYWATCH 066
+e!au,t users co'ing a!ter ne insta,,ation
-
8/18/2019 ERDCI USER Authorization
8/79
Create User Step 1
Use The Transaction Code SU01 or !ser "aintenance #
Choose this $!tton
or create ne% !ser
Choose this $!tton
or create ne% !ser
-
8/18/2019 ERDCI USER Authorization
9/79
Create User Step 2
Enter User InoEnter User Ino
-
8/18/2019 ERDCI USER Authorization
10/79
Create User Step 3
Enter these
i"&ortant data
Enter these
i"&ortant data
-
8/18/2019 ERDCI USER Authorization
11/79
Create User Step 4Choose Ro'e ro"
the "en!
Choose Ro'e ro"
the "en!
-
8/18/2019 ERDCI USER Authorization
12/79
-
8/18/2019 ERDCI USER Authorization
13/79
Create User Step 6User can set
USERPara"eters
User can set
USERPara"eters
Ater enterin( a'' data choose sa+e $!tton
-
8/18/2019 ERDCI USER Authorization
14/79
-
8/18/2019 ERDCI USER Authorization
15/79
Acti%it 2roup(1) or R-E
0A role or acti(ity %roup is a collection of R/3 transactions,authori@ations and additional ob9ects .
0Administrator can create ,display ,chan%e ,copy ) transport a Role .01ransaction code "CB used to maintain Role.
Composite Acti(ity Broup or Role
0Composite acti(ity %roups are made up of a collection of acti(ity %roups.
0Users assi%ned to a composite acti(ity are automatically added to the
acti(ity %roups durin% a user comparison.
0Composite acti(ity %roups themsel(es do not contain any authori@ation
data .
US0R Assi%nment
Users can be assi%ned to a sin%le acti(ity %roups or to composite acti(ity
%roups which mostly represent 9ob roles .
Users that assi%n to an acti(ity %roup may e7ecute the transactions,
reports , or any other tas in the acti(ity %roup with the correspondin%
Authori@ations.
-
8/18/2019 ERDCI USER Authorization
16/79
Create Role Step 1
Use Transaction code "CB to maintain role /activity group
Choose theo&tion Create
Choose the
o&tion Create
-
8/18/2019 ERDCI USER Authorization
17/79
Create Role Step 2
1#Enter The
Descri&tion
1#Enter The
Descri&tion
.#Choose the
o&tion "E$U
.#Choose the
o&tion "E$U
/o% to create the ro'e choose 'enu
Created !ser
na"e %i''dis&'a)
Created !ser
na"e %i''
dis&'a)
-
8/18/2019 ERDCI USER Authorization
18/79
Create Role Step 3
To create RLEChoose an) oneTo create RLEChoose an) one
We can choose an) one or a'' o&tion at a ti"e#
-
8/18/2019 ERDCI USER Authorization
19/79
Create Role Step 4
We choose
three ro" the"en! #
We choose
three ro" the"en! #
We choose accordin( o!r Re!ire"ent ro" -SAP "E$U0#
-
8/18/2019 ERDCI USER Authorization
20/79
Create Role Step 5
!r three se'ected "en! a&&eared on Ro'e "en! #
1#!r chosenthree %i'' co"e
on ro'e "en!
1#!r chosenthree %i'' co"e
on ro'e "en!.#A(ain %e
choose
Transaction
.#A(ain %e
choose
Transaction
-
8/18/2019 ERDCI USER Authorization
21/79
Create Role Step 6Assi(n the
transaction coes
!sin( the $!tton
Assign Transaction
Assi(n the
transaction coes
!sin( the $!tton
Assign Transaction
-
8/18/2019 ERDCI USER Authorization
22/79
Create Role Step 7
Then chosen
transaction code
a&&eared on
Ro,e "enu
Then chosen
transaction code
a&&eared on
Ro,e "enu
-
8/18/2019 ERDCI USER Authorization
23/79
Create Role Step 8
1#Choose
Authorizationsro" TA2
1#Choose
Authorizationsro" TA2
.#Choose the $!tton
-Change authorization ata0
.#Choose the $!tton
-Change authorization ata0
-
8/18/2019 ERDCI USER Authorization
24/79
Create Role Step 91#Choose
Range o! %a,ues
r
u,, Authorization
1#Choose
Range o! %a,ues
r
u,, Authorization
-
8/18/2019 ERDCI USER Authorization
25/79
Create Role Step 10These a!thori3ation %i''
co"e on the RLE
These a!thori3ation %i''
co"e on the RLE
-
8/18/2019 ERDCI USER Authorization
26/79
Create Role Step 11Chan(e the
a!thori3ations sa%e
Co,or ha%e change
Chan(e the
a!thori3ations sa%e
Co,or ha%e change
Sa+e the &roi'e (i+e the
na"e o the &roi'e
Sa+e the &roi'e (i+e the
na"e o the &roi'e
-
8/18/2019 ERDCI USER Authorization
27/79
Create Role Step 12
4et the "essa(e
-Pro!i,es create0
4et the "essa(e
-Pro!i,es create0
-
8/18/2019 ERDCI USER Authorization
28/79
Create Role Step 13
Assi(n the -USER5To %ho" this ro'e
ha+e to assi(n
Assi(n the -USER5
To %ho" this ro'eha+e to assi(n
Choose the o&tion
-USER C"PARE0
Choose the o&tion
-USER C"PARE0
Choose the o&tion
-Co'p,ete co'pare0
Choose the o&tion
-Co'p,ete co'pare0
-
8/18/2019 ERDCI USER Authorization
29/79
Create Role Step 14
&en the !ser to
%ho" the ro'e ha+e to
assi(n
&en the !ser to
%ho" the ro'e ha+e to
assi(n
-
8/18/2019 ERDCI USER Authorization
30/79
Create Role Step 15
Assi(ned &roi'e
a&&eared on the !ser
Proi'e 'ist
Assi(ned &roi'e
a&&eared on the !ser
Proi'e 'ist
-
8/18/2019 ERDCI USER Authorization
31/79
-
8/18/2019 ERDCI USER Authorization
32/79
Create Role Step 17
Choose one ro'e ro"
-Be!ore create or sap
e!ine ro,e0
Choose one ro'e ro"
-Be!ore create or sap
e!ine ro,e0
-
8/18/2019 ERDCI USER Authorization
33/79
Create Role Step 18
Choose the
o&tions ro"
the 'ist
Choose the
o&tions ro"
the 'ist
-
8/18/2019 ERDCI USER Authorization
34/79
Create Role Step 19
1#Chosen "en!
Co"es to the
ro'e "en!
1#Chosen "en!
Co"es to the
ro'e "en!
.# /o% choose
-ro' Area "enu0
.# /o% choose
-ro' Area "enu0
gain create role from area menu using "CB
C l S 20
-
8/18/2019 ERDCI USER Authorization
35/79
Create Role Step 20
Choose one PC14Choose one PC14
-
8/18/2019 ERDCI USER Authorization
36/79
Create Role Step 21
Choose the o&tion-Pa)ro''5Choose the o&tion-Pa)ro''5
-
8/18/2019 ERDCI USER Authorization
37/79
Create Role Step 22
Chosen o&tion
-Pa)ro''5 %i'' co"e
Chosen o&tion
-Pa)ro''5 %i'' co"e
$o per!or' the step 5
-
8/18/2019 ERDCI USER Authorization
38/79
CREATE R-E USI$2 SPR 6Step 1
Choose2T
Pro7ect
"anage'ent
Choose2T Pro7ect
"anage'ent
Use Transaction Coe SPR to create a ne pro7ect
-
8/18/2019 ERDCI USER Authorization
39/79
CREATE R-E USI$2 SPR 6Step
A,, create pro7ect i,, sho 8
ChooseTo create ne pro7ect
ChooseTo create ne pro7ect
Choose
2i%e ne na'e
Choose2i%e ne na'e
-
8/18/2019 ERDCI USER Authorization
40/79
CREATE R-E USI$2 SPR 6Step 3
Enter the +ATE
here
Enter the +ATE
here
-
8/18/2019 ERDCI USER Authorization
41/79
CREATE R-E USI$2 SPR 6Step 4
S&eci) the scope o
the &roect
S&eci) the scope o
the &roect
Se'ect the "od!'es
%hich are re!ired
Se'ect the "od!'es
%hich are re!ired
Choose the $!ttonChoose the $!tton
-
8/18/2019 ERDCI USER Authorization
42/79
CREATE R-E USI$2 SPR 6Step 9
1# Se'ect the o&tion4enerate Proect I741# Se'ect the o&tion4enerate Proect I74
.# Choose this o&tion.# Choose this o&tion8#Proect creation start
in $ac9(ro!nd#
8#Proect creation start
in $ac9(ro!nd#
-
8/18/2019 ERDCI USER Authorization
43/79
CREATE R-E USI$2 SPR 6Step :
ProectPR;
-
8/18/2019 ERDCI USER Authorization
44/79
CREATE R-E USI$2 SPR 6Step =
Use the transaction code P:C4 to assi(n the
a!thori3ations re'ated to a &artic!'ar &roect#
Choose create o&tion
or ne% ro'e
Choose create o&tion
or ne% ro'e
-
8/18/2019 ERDCI USER Authorization
45/79
CREATE R-E USI$2 SPR 6Step 5
1#Choose the na+i(ation
Uti,ities Custo'izing Auth
1#Choose the na+i(ation
Uti,ities Custo'izing Auth
.# This screen %i'' a&&ear .# This screen %i'' a&&ear
8# Choose >A08# Choose >A0
;# This screen a&&ears
Choose -I"2 PR;ECT0
;# This screen a&&ears
Choose -I"2 PR;ECT0
-
8/18/2019 ERDCI USER Authorization
46/79
CREATE R-E USI$2 SPR 6Step ?
Choose one &roect ro" the 'ist
e#(# PR;
-
8/18/2019 ERDCI USER Authorization
47/79
CREATE R-E USI$2 SPR 6Step 1#
A'' transaction code re'ated to
the &roect PR;
-
8/18/2019 ERDCI USER Authorization
48/79
Use the transaction coe SU93(1)One user ,tring to Work on transation o!e "#08 $%ut &e isnot aut&ori'e! to !oing t&at (o) $
This "essa(e %i''
co"e, I the !ser ha+e
no a!thori3ation or the
TC
This "essa(e %i''
co"e, I the !ser ha+e
no a!thori3ation or theTC
-
8/18/2019 ERDCI USER Authorization
49/79
-
8/18/2019 ERDCI USER Authorization
50/79
Authorization structure(1)
User 7aster
Record
User 7aster
Record
Co"&osite
Proi'e
Co"&osite
Proi'eA!thori3ation
Proi'e
A!thori3ation
Proi'e
A!thori3ation
$ect
A!thori3ation
$ectA!thori3ationsA!thori3ations
A!thori3ation
:ie'ds
A!thori3ation
:ie'ds
Proi'e>
Co"&osite
Proi'e
Proi'e>
Co"&osite
Proi'e
A h i i (1)
-
8/18/2019 ERDCI USER Authorization
51/79
Authorization(1)
Authori@ation system of sap R/3 system is the %eneral term which%roups all the technical ) mana%ement elements for %rantin% accesspri(ile%es to users to enforce the R/3 system security.
!y enterin% some authori@ation profile to a user, mainly administrator%i(e to user some access on sap particular sap ob9ect.
Authori@ation profile are %roup of authori@ations .Instead of %i(in%each authori@ation to a user ,administrator %i(es authori@ation profile to
a user.
Authori@ation profiles can be simple or composite .composite profilescontain other profiles.
Authori@ation profile uses an acti(ation method.hen authori@ation orprofiles are created or modified ,they must be acti(ated to becomeeffecti(e.
"rofiles are assi%ned to users in the user master record.
A th i ti ()
-
8/18/2019 ERDCI USER Authorization
52/79
Authorization()
1he Authori@ations determine which acti(ities a user can perform .
1he system administrator cannot decide which business authori@ation
user needs because it is up to the user department to decide the ind ofpermissions the user should be %i(en to carry out his business tass.1heuser department decide which authori@ation need the user.1he systemadministrator assi%ns that authori@ation to the user as per the userdepartment reuest.
0ach authori@ation is based on authori@ation ob9ect.
Authori@ation ob9ect consists of authori@ation fields and possible(alues.
!ecause of the (astness of the R/3 system and its functional ran%e,the
authori@ation ob9ects are further di(ided into areas called as Ob9ectclass.
An Authori@ation allows to carry out an R/3 tas based on a set of field(alues in an authori@ation ob9ect
Authori@ations allow to determine the number of specific (alues or(alue ran%es for a field.
AC11 is an authori@ation field which present almost all authori@ationob9ect
A ti iti " i
-
8/18/2019 ERDCI USER Authorization
53/79
Acti%ities @ "eaning01 : Create or Generate 42 : Convert to DB02 : Change 43 : Release03 : Display 50 : Move05 : Lock 51 : MM : nitiali!e pe0" : Delete 5# : Distri$%te0& : 'ctivate( Generate "0 : )port0* : Display change +oc%)ents "4 : Generate11 : Change n%)$er range stat%s "5 : Reorgani!e13 : nitiali!e n%)$er levels &0 : '+)inister1" : ,-ec%te &1 : 'naly!e
1& : Maintain n%)$er range o$.ect &5 : Re)ove21 : /ransport &* : 'ssign22 : ,nter( ncl%+e( 'ssign #0 : Copy23 : Maintain '" : Rea+ ith lter24 : 'rchive '& : rite ith lter33 : Rea+ '* : rocess )ass +ata34 : rite DL : Donloa+3" : ,-ten+e+ )aintenance L : ploa+3& : 'ccept 0 : 'ccept CCM CM+ata40 : Create in DB 1 : ,+it CCM CM +ata41 : Delete in DB 2 : Maintain CCM CM)etho+s
12 : Maintain 6 generate change +oc%)ents "* : Mo+el # all possible (alues
A th i ti (3)
-
8/18/2019 ERDCI USER Authorization
54/79
Authorization(3)
e can assi%n authori@ation (alues to these fields .1he (alues of thefield decide what data would access by the user to whom this ob9ectassi%ned.
IE-+ A-UEIE-+ A-UE
Customer type5CUS11?"06 #
Acti(ity5AC116 &=
# all possible (alues , &= display only
A th i ti !i, (1)
-
8/18/2019 ERDCI USER Authorization
55/79
Authorization pro!i,e(1)
An authori@ation profile consists %roup of authori@ation ob9ect .I.e a%roup of access pri(ile%es.
User authori@ations are not directly assi%ned to the user masterrecords.Instead these authori@ations are assi%ned as authori@ationprofiles.
Chan%in% the contents of the authori@ations inside a profile affects allusers that are %i(en that profile when this is acti(ated.
A users authori@ations are loaded into the user buffer only when they
lo%on.Chan%es affect all users to whom this profile is assi%ned and taeeffect only when the user lo%s on.
8umber of profiles %enerated depends on the number ofauthori@ations in each acti(ity %roup .
A ma7imum 'D& authori@ations fit into a profile .If there are more than
'D& authori@ations,an additional profile is %enerated.
Authori@ation profiles be%innin% with a 1 ,lie 1-S-80'.hen morethan profile created then the name will be 1-S-80'4' ,1-S-80'4=
C it !i, (1)
-
8/18/2019 ERDCI USER Authorization
56/79
Co'posite pro!i,e(1)
Composite profiles are sets of authori@ation profiles both simple )composite.
A composite profile can contain an unlimited number of profiles.
Composite profiles are suitable for users who ha(e differentresponsibilities or 9ob tass in the system
ain% modification to any of the profiles in the list of compositeprofiles directly affects the access pri(ile%es of all users ha(in% thatcomposite profile in the user master record.
A th i ti .7 t !i ,(1)
-
8/18/2019 ERDCI USER Authorization
57/79
Authorization .7ect !ie,(1)
authorization fields represent values for individual system elements which are
supposed to undergo authorization checking to verify a user's authorization.
The activity field in an authorization object defines the possible actions which could
be performed over a particular application object.
An authorization field can be for example a user group, a company code,a
purchasing group , a development class or an application area or an activity.
or example activity !" always #isplay . $f an authorization contains two fields such
as %&(A)* %+ A%T-T, again values in company code is values in A%T-T
is !" ,then a user containing this authorization can only display all company codes.
)ot all authorization objects have the A%T-T authorization field.
Authorization .7ect(1)
-
8/18/2019 ERDCI USER Authorization
58/79
Authorization .7ect(1)An authori@ation ob9ect can contain a ma7imum of '& authori@ationfields.
Users are permitted to perform a system function only after passin% thetest for e(ery field in the authori@ation ob9ect.
Authori@ation ob9ects are %rouped in ob9ect classes belon%in% todifferent application areas which are used to limit the search forob9ects,thus main% it faster to na(i%ate amon% the many R/3 systemob9ects.
SA" predefined authori@ation ob9ects should not be modified ordeleted,e7cept if instructed by the SA" support personnel.
$eletin% or chan%in% standard authori@ation ob9ects can cause se(ereerrors in the pro%rams that chec those ob9ects.
or e7ample ,
40 stands for the ob9ect class aterials ana%ement-"urchasin%
1here is an authori@ation ob9ect 4!0S140EB for die orderin% .
4!0S140EB ob9ect consists of = authori@ation fields
'. AC11 to define user acti(ity with (alues +&=+ ,+&3+
=. 0EBR to define purchasin% %roup with (alues *7y@+ ,+abc+ .
If act(t ha(e (alues &= for chan%e ,&3 for display and, user can maintainonly purchasin% %roup *7y@+ ,+abc+ can not create new purchasin% %roup.
I$+ USERS B A++RESS +ATA
-
8/18/2019 ERDCI USER Authorization
59/79
I$+ USERS B A++RESS +ATAUse Transaction coe S
-
8/18/2019 ERDCI USER Authorization
60/79
g g
Use Transaction coe S"3# "aintain Ta.,e USR4#
here >*0 su.stitutes a group o! characters & >0 a sing,e character 8
To a%oi the use o! passors hich start ith si'i,ar ors 8
User can not !se these strin(
as a &ass%ord
User can not !se these strin(
as a &ass%ord
Ro,e assigne to hich Users(1)
-
8/18/2019 ERDCI USER Authorization
61/79
Ro,e assigne to hich Users(1)
Use Transaction coe? SE35 Progra' @RSUSR#=#$a%igation Path
Too,s A'inistration User "aintenance In!or'ation Sste'
Ro,es B Ro,e $a'e
Ro,e assigne to hich Users()
-
8/18/2019 ERDCI USER Authorization
62/79
Ro,e assigne to hich Users()
Ater Enterin( the Ro'e %e (et the o''o%in( screen
We (et USER ASSI2$"E$T , PRI-E ASSI2$"E$TD TRA$SACTI$ C+E
'ist %hich assi(ned to the Ro,e#
Ro,e assigne to hich Users(3)
-
8/18/2019 ERDCI USER Authorization
63/79
Ro,e assigne to hich Users(3)
-ist o! users hich assigne to the Particu,ar Ro,e
Ro,e assigne to hich Users(4)
-
8/18/2019 ERDCI USER Authorization
64/79
Ro,e assigne to hich Users(4)
-ist o! Pro!i,es assigne to the particu,ar Ro,e
Ro,e assigne to hich Users(9)
-
8/18/2019 ERDCI USER Authorization
65/79
Ro,e assigne to hich Users(9)
-ist o! Transaction coes assigne to the particu,ar Ro,e
"aintaining the .7ect C,ass
-
8/18/2019 ERDCI USER Authorization
66/79
"aintaining the .7ect C,assUsing t&e transation o!e SU03 User an -aintain t&e
o)(et lass
A%ai,a.,e authorizations o! the ,ogon user(1)
-
8/18/2019 ERDCI USER Authorization
67/79
A%ai,a.,e authorizations o! the ,ogon user(1)Using t&e transation o!e SU56 *e get t&e .aut&ori'ation/ .aut&ori'ation o)(et/ assigne! to a user$
Do!$'e C'ic9 on the
Authorization o.7ect
to (et the detai's #
Do!$'e C'ic9 on the
Authorization o.7ect
to (et the detai's #
A%ai,a.,e authorizations o! the ,ogon user()
-
8/18/2019 ERDCI USER Authorization
68/79
g ( )
Do!$'e C'ic9 on the
-per'itte %a,ues0 to
(et the detai's #
Do!$'e C'ic9 on the
-per'itte %a,ues0 to
(et the detai's #
Authorization !ie,s
corres&ondin( to the
A!thori3ation $ect#
Authorization !ie,s
corres&ondin( to theA!thori3ation $ect#
A%ai,a.,e authorizations o! the ,ogon user(3)
-
8/18/2019 ERDCI USER Authorization
69/79
A%ai,a.,e authorizations o! the ,ogon user(3)
Do!$'e C'ic9 on the
Authorizations to (et
the detai's #
Do!$'e C'ic9 on the
Authorizations to (et
the detai's #
To get the etai,s o! an Authorization .7ect(1)
-
8/18/2019 ERDCI USER Authorization
70/79
To get the etai,s o! an Authorization .7ect(1)
Use Transaction Code SE35 then Use &ro(ra" ? RSUSR#4#
Consider an A!thori3ation o$ect S
-
8/18/2019 ERDCI USER Authorization
71/79
To get the etai,s o! an Authorization .7ect()
Authorization .7ect
& corres&ondin(
.7ect C,ass#
Authorization .7ect
& corres&ondin(
.7ect C,ass#
-
8/18/2019 ERDCI USER Authorization
72/79
To get the etai,s o! an Authorization .7ect(4)
-
8/18/2019 ERDCI USER Authorization
73/79
To get the etai,s o! an Authorization .7ect(4)
Use Transaction Code SU#3
+ou.,e c,ic on o.7ectc,ass BC
-
8/18/2019 ERDCI USER Authorization
74/79
o get t e eta s o a ut o at o .7ect( )
Use Transaction Code SU#3
I'portant Authorization pro!i,es
-
8/18/2019 ERDCI USER Authorization
75/79
p p
SA"4A>> All authori@ation in R/3 system
SA"480 1o create new ob9ects
S4A.CUS1OIF Customi@in% 5for all system settin% acti(ity6
S4A.$00>O" $e(elopers with all authori@ations to wor in A!A" !.
S4A.S2O !asis G$isplay authori@ation only
S4A.US0R System Administrator
S4A!A"4A>> All authori@ations for A!A"
S4A$I4S"O4A spool Gall administration authori@ation
S4A$I4S"O4$ spool Gde(ice administration
S4A$I4S"O40 spool Ge7tended administration
S4A$I4S"O4H spool G9ob administration for all clients
S4A$I4S"O41 spool G$e(ice type administration
S"E I"PRTA$T TAB-ES
-
8/18/2019 ERDCI USER Authorization
76/79
USR01 Contains t&e runti-e !ata o t&e user -aster
reor!s
USR02 &e ta)le ontaining logon inor-ation su& as t&e
pass*or!
USR03 "nlu!es t&e users a!!ress inor-ation
USR04 Contains users aut&ori'ations
USR05 "t is t&e users para-eter " ta)le
USR09 Contains user -enus
USR10 "t is t&e ta)le or user aut&ori'ation pro+les
USR11 Contains t&e !esriptie tets or pro+les
USR12 "t t&e user -aster aut&ori'ation alues ta)le
USR13 Contains t&e !esriptie s&ort tets or
aut&ori'ations
USR14 Contains t&e logon language ersions per user
USR30 "nlu!es a!!itional inor-ation or user -enus
TB; Authorization o.7ects ta.,e containing the authorization !ie,s !or each8
C Contains t&e list o stan!ar! atiities in t&e sste-$
TACTF
Is the ta.,e hich e!ines the re,ationship .eteen the authorization
o.7ects an the acti%ities in those o.7ects containing the Acti%it
authorization !ie,8
SC "s t&e transation o!e ta)le *&ere aut&ori'ation
o)(ets an! alues
Create a super user(1)
-
8/18/2019 ERDCI USER Authorization
77/79
p ( )
It is sap recommended do not use sap# ,create one super user .
0SA"4A>> is only profile definin% that user can create one super user )with the authori@ation of creation of a new ob9ect.
0SA"480 is the profile which %i(es the permission to create a newob9ect
Pro!i,e 2enerator
-
8/18/2019 ERDCI USER Authorization
78/79
0"rofile %enerator5"B6 tool helps the authori@ation administrator
create,%enerate ,and assi%n authori@ation profiles.0It is a(ailable from SA" r/3 (ersion 3.'B
0Chec the parameter auth/no4chec4in4some4cases ? usin% the 1CRF'' ,settin% before usin% first time profile %enerator .
Centra, User A'inistration
-
8/18/2019 ERDCI USER Authorization
79/79
" a sste- group onsists o !ierent R3 sste-s *it&-ultiple lient t&en t&eSa-e users an )e reate! seeral ti-es in eer lient an!
assigne! to atiitgroups $Central User !-inistration is !esigne! to arr outt&ese tasks in a entral sste- !istri)ute t&e !ata to allsste-s in t&e sste- group $