Scribd Logo
Upload

Welcome to Scribd!

  • Enclosure 5.1.2

    Uploaded by

    sakthy82
    36 views4 pages
    dfgdfg

    Original Title

    enclosure 5.1.2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    dfgdfg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    36 views4 pages

    Enclosure 5.1.2

    Uploaded by

    sakthy82
    dfgdfg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Enclosure 5.1.

    2: Assignment of System Authorisations in SAP R/3


    At the moment this list is under discussion because HI/Basis support intends to restrict some
    of the authorisations, especially with respect to user administration and authorisation
    administration. The current status will be published in the IT Security section of the Henkel
    Intranet.

    checkpoint Authorisation * only for:


    * to be adjusted for the appropriate SAP version
    user administration
    create users S_TCODE with TCODE 'SU01' - central user administration,
    S_USER_GRP with activity '01' - system administrators

    delete users S_TCODE with TCODE 'SU01' - central user administration,


    S_USER_GRP with activity '06' - system administrators

    change users (assign profiles) S_TCODE with TCODE 'SU01' - central user administration,
    S_USER_GRP with activity '02' - local user administrators
    S_USER_PRO with activity '22' (restricted to user groups)
    - system administrators

    change passwords S_TCODE with TCODE 'SU01' - central user administration,


    S_USER_GRP with activity '02' - local user administrators
    (restricted to user groups)
    - Help Desk
    - application responsibles
    - system administrators

    revoke users S_TCODE with TCODE 'SU01' - central user administration,


    S_USER_GRP with activity '05' - local user administrators
    (restricted to user groups)
    - Help Desk
    - application responsibles
    - system administrators

    authorisation administration
    create profiles S_TCODE with TCODE 'SU02' - authorisation administrators
    S_USER_PRO with activity '01' and '07'
    create activity groups S_TCODE with TCODE 'PFCG' - authorisation administrators
    S_USER_AGR with activity '01'
    S_USER_PRO with activity '01' and '07'
    create/delete authorisations S_TCODE with TCODE 'SU03' - authorisation administrators
    S_USER_AUT with activity '01' or '06'
    change profiles S_TCODE with TCODE 'SU02' - authorisation administrators
    S_USER_PRO with activity '02' and '07'
    change activity groups S_TCODE with TCODE 'PFCG' - authorisation administrators
    S_USER_AGR with activity '02'
    S_USER_PRO with activity '02' and '07'
    change authorisations S_TCODE with TCODE 'SU03' - authorisation administrators
    S_USER_AUT with activity '02'

    1
    Change Management
    execute imports TA Tool: ZS03 - system administrators
    TMS: - emergency user
    S_TCODE with TCODE 'STMS'
    S_CTS_ADMI
    change changeability of clients S_TCODE with TCODE ‘SCC4‘ - system administrators
    S_TABU_DIS with activity ‘02‘ and Table - emergency user
    class 'SS'
    S_TABU_CLI with 'X'
    change system changeability S_TCODE with TCODE ‘SE06‘ or 'SE03' - system administrators
    S_CTS_ADMI with function ‘INIT‘ and ‘SYSC‘ - emergency user
    S_TRANSPRT with activity '03' and
    TTYPE='*'

    authorisation for development S_TCODE with ‘SE38‘ - system administrators


    S_DEVELOP with activity '01' or '02' and - emergency user
    object type 'PROG'

    Debugging with Replace S_DEVELOP with activity ‘02‘ and object type - emergency user
    ‘DEBUG‘

    update basic tables via standard S_TCODE with TCODE 'SM30' or 'SM31' - system administrators
    transactions S_TABU_DIS with activity '02' and table class - emergency user
    'SS'

    Basic Functions
    update profile parameters S_TCODE with TCODE ‘RZ10‘ - system administrators
    S_RZL_ADM with activity '01'
    stop application servers S_TCODE with TCODE ‘RZ03‘ - system administrators
    S_RZL_ADM with activity '01'
    stop working processes S_TCODE with TCODE 'SM04' or 'SM50' - system administrators
    S_ADMI_FCD with function 'PADM' - emergency user

    revoke transactions S_TCODE with TCODE ‘SM01‘ - system administrators


    S_ADMI_FCD with function 'TLCK' - emergency user

    reading spool orders from other S_TCODE with TCODE = 'SP01' - system administrators
    users S_SPO_ACT with spool action 'DISP' - application responsibles
    S_ADMI_FCD with function 'SP01' or 'SP0R' - emergency user

    reading spool orders from other S_TCODE with TCODE 'SP11‘ or ‘SP12‘ - system administrators
    users out of TemSe S_TMS_ACT with STMSACT=‘REA‘, - application responsibles and
    STMSOWNER=‘GRP‘ or ‘OCL‘, end users, restricted to special
    STMSOBJECT=‘SPOOL*‘ groups (if possible)

    planning background jobs with S_BTCH_NAM or S_BTCH_ADM with - system administrators


    other user ID marking 'Y' - application responsibles
    - emergency user

    2
    delete change documents S_TCODE with TCODE 'SE38' or 'SA38' and - nobody
    S_SCD0 with activity '06' or '12'

    delete revoke entries S_TCODE with TCODE ‘SM12‘ - system administrators


    S_ENQUE with activity 'DLFU' or 'ALL' - application responsibles
    - emergency user

    delete vouchers S_TCODE with TCODE 'SM13' - system administrators


    S_ADMI_FCD with function 'UADM' - application responsibles
    - emergency user
    delete clients S_TCODE with TCODE ‘SCC5‘ - system administrators
    S_TABU_CLI = ‘X‘

    Interfaces
    update RFC connections S_TCODE with TCODE 'SM59' - system administrators
    S_ADMI_FCD with function 'NADM' - ALE/EDI responsibles
    - emergency user

    update ALE distribution model S_TCODE with TCODE ‘SALE‘ - system administrators
    B_ALE_MODL with activity '01 or '02' - ALE/EDI responsibles
    - emergency user

    edit IDOCs S_TCODE with TCODE ‘WE02‘ - system administrators


    S_IDOCMONI with activity '02' - ALE/EDI responsibles
    - emergency user

    execute batch input S_TCODE with TCODE ‘SM35‘ - system administrators


    (background execution) S_BDC_MONI=‘ABTC‘ - application responsibles
    - emergency user

    create logical system commands S_TCODE with TCODE ‘SM69‘ - system administrators
    S_RZL_ADM with activity ‘01‘ or '02'
    S_LOG_COM
    execute logical system S_TCODE with TCODE ‘SM49‘ - system administrators
    commands S_LOG_COM - application responsibles
    - emergency user

    3
    Definition of Roles in the
    granting process:
    system administrators responsibles for the SAP system(s)
    (partly with special Admin-ID)

    application responsibles responsibles for a module or process

    central user administration responsibles for creating user IDs and assigning user authorisations

    decentral user administration responsibles for assigning user authorisations within their department

    help desk responsible for resetting passwords and revoking user IDs

    ALE/EDI responsibles IT members with special tasks

    Authorisation administrators Responsible for the SAP authorisation profiles

    You might also like