Professional Documents
Culture Documents
Creating user accounts is accomplished via the "ser Maintenance #S"$%& transaction.
The rofile 'enerator # (C'& will be utili!ed to create )oles that reflect project responsibilities performed by project team members. Manual rofiles will also be used to secure access to the system for project team members. The )oles and rofiles will be assigned to individual "ser I*+s, user I*s will not be shared. -o default access will be given to project team members, users will have access only to the specific functions within the SA application as re.uired based on their job responsibilities.
CRM Development (AMZ) Client 770 (Development and Configuration) Team Member Roles A/A *eveloper /asis Administrator (unctional Configuration (unctional "ser #All Application access& Security Administrator Roles / Profiles to Assign *eveloper )ole0 *isplay *eveloper )ole0 *isplay Application )ole /ASIS Admin )ole Configuration )ole0 *isplay Application )ole0 *isplay *evelopment )ole *isplay Application )ole0 2nd "ser )oles Security Admin )ole
I Development (AMI) Client 00! (Development and Configuration) Team Member Roles A/A *eveloper /asis Administrator (unctional Configuration (unctional "ser #All Application access& Security Administrator Roles / Profiles to Assign *eveloper )ole0 *isplay *eveloper )ole0 *isplay Application )ole /ASIS Admin )ole Configuration )ole0 *isplay Application )ole0 *isplay *evelopment )ole *isplay Application )ole0 2nd "ser )oles Security Admin )ole
%454654$%3
/ *esign *ocs
<alidate <alidate S** S** and and Security Security )ole )ole design design
Sign91ff Sign91ff
Security Security *esign *esign *ocument *ocument #S**& #S**& End User Role Design Process
>es
-o
Changes= Changes= Changes= Changes=
-o 'roup 'roup authori!ations0 authori!ations0 navigations navigations and and content content logically logically to to map map to to position position
>es
*esign *esign /usiness /usiness )oles )oles and and Authori!ation Authori!ation )oles )oles
Configure Configure /usiness /usiness )oles )oles and and (C' (C' )oles )oles
Changes to roles must be approved by the project team and tested by a member of the project team. If a transaction is added to a role that transactions must be tested. If any transactions are removed from the role all remaining transactions in that role must be retested to ensure that the role is still wor7ing correctly. Any roles that have no transactions in them will be deleted.
II. Establish the Development Environment Security Settings A. Security 'aming $onvention
8ell9designed and organi!ed naming conventions provide much needed information and documentation for the Security Administrator. Consistent compliance with defined naming standards leads to more efficient0 effective0 organi!ed0 and cohesive security. (or the AMI project a standardi!ed naming convention will be used for each of the following objects: %. )oles 4. rofiles 3. ositions5;obs #composite roles& 6. Custom )eports0 Transactions0 Interfaces0 Authori!ation 1bjects0 and 2nhancements
%454654$%3
# Separator
The %st character0 identifies the object as a AMI9defined Customer5<endor role o 2 ? 2CC 2nd "ser role o C ? C)M 2nd "ser role o ? I 2nd "ser )ole The 4nd character identifies the rocess Indicator o @ ? @) Team o ( ? (inance & reporting Team o ? rocure to payment Team o * ? Construction & *evelopment team The 3rd through Ath character identifies a uni.ue code for 2nd "ser roles for e.g. 3$%0 3$40 4$% The Bth character will use underscore#C& as a separator The Dth through %$th characters will be used to define a meaningful code #e.g. $$$$ for Master roles and %$%$ for a derived role with company code %$%$ restriction&
)ole names can be up to 3$ characters in length0 the first %$ of which will be identical to the rofile nameF.
The %st character0 G0 identifies the object as a custom AMI defined )ole The 4nd character will use a colon #:& as a separator. The 6th through Bth characters identify a brief description of the technical role for the non9production environments #i.e. S2C for security0 C(' for Configuration0 *2< for *evelopment&. The D th character0 an underscore #C&0 is used as a separator The Hth through%$th characters represent the System I* that the technical role will be assigned in #i.e. AMI0 AM"0 AMG0 etcI&
SAP Com(osite Role $)ob' Naming Standards ;obs are a collection of individual roles and may be up to 3$ characters in length. /elow is a sample naming convention for ;obs #Composite )oles&. , Customi!ed Composite )ole ! Composite )ole Type """ System I* """"""" *escription of ;ob
%454654$%3
The %st character0 >0 identifies the object as a AMI9defined job #composite role& The 4nd character identifies the separator The 3rd character identifies the system I* i.e. AM"0 AMG0 AMI The 6th through 3$th characters will be used to define a meaningful job description #e.g. Configuration&
Also0 several System I*s used by the /asis Team to perform batch processing have SA CAJJ and SA C-28 assigned. 1ne cannot log on with the System I* directly into SA . The following System I*s eKist in the systems and are assigned SA CAJJ or SA C-28 in *evelopment: -ser I. AJ2)2M1T2 /ASIS/ATC@ /ull Name S>ST2M I* /atch I* for /asis Profile SA CAJJ5SA C-28 SA CAJJ5SA C-28
A*S"S2) /ATC@CIIn general0 project team members do not have SA CAJJ and SA C-28 assigned in *evelopment. An eKception can be made for project team members0 including several SA /asis team members0 who re.uire significant access to the system at all times. This eKception should be based on a decision by rogram Management.
%454654$%3
AJ$H
S"IM
%454654$%3
)S"S)3$6 )S"S)6$$ )S"S)6$% )S"S)6$4 )S"S)6$3 )S"S)6$6 )S"S)6$A )S"S)6$B )S"S)6$BC1J* )S"S)6$H )S"S)6$M )S"S)64% )S"S)A$$ )S"S)MMH )S"S)2NTI*
1bject SCTC1*2 )eload Table TSTCA (rom Table TSTCACC Test 2nvironment Authori!ation Chec7s #SA Systems 1nly& )eport to give all SA C IC users profile SCA.C IC *ownload user data for CA manager from Secude Assign rofile SCA.C IC to "ser SA C IC in Current Client Conversion rogram for Authori!ations of /asis *evelopment 2nvironment )eset all user buffers in all clients #uncritical& Automatically 'enerate rofile SA CAJJ Automatically 'enerate rofile SA CAJJ N )A: Conversion of "S1/N91L(JA'0 "S1/N9 M1*I(I2* for upgrade tool S"4B Transfer all translated titles to generated transaction codes Clean9up report: TSTC9CI-(1 if no chec7 in TSTCA "ser Administration: Compare "sers in Central System Call )eporting Tree Info System Set the 2Kternal Security -ame for All "sers
%454654$%3
the screen. The system will display the following information: Authori!ation 1bject0 Authori!ation needed0 and Authori!ation available for the "ser.
%454654$%3