we are trying to make Authorization Matrix for users authorizations , so what i need to know if is there any way i can get template list includes Tcodes and the Authorization objects corresponding to each Tcode , it will be a lot easier to make the roles .
please if anyone can advice how i can get the tcode list with its objects it will be great.
Goto transaction SU24. Select "Type of Application" as "Transaction", below give transaction code & execute it
You will see Authorization Objects listed. All that have been proposed as YES in the proposal column will be checked for that particular transaction code
You need to maintain the authorization for these particular Authorization Objects
Alternatively, you can see them in the table USOBT_C
Edited by: Siddhartha Varma on Jul 21, 2010 5:32 PM
Authorization Matrix - Not any table / programme will work for you in this case, you better maintain below checklist :
1) Gather company data : Organization Structure HR will help you in this. (you need to get all details on Organization values such as Company Code, Plant, Purchasing / Sales Organization etc.,
2) Prepare a sheet for every module (PP,MM,SD,FI,CO,HR etc.,)
3) Study the Organization structure & Identify the Job responsibility of the person in current organization & what function he / she will do in SAP.
4) A sheet contains T-codes & description (you can get list of tcodes from respective functional consultant), Role Name, Activity - create/change/display et.,
5) Don't add all t-codes Ex- PP : Add only those tcodes access by you users : End or Core users. Sometime it doesn;t make sense to give create / change / delete t-codes to a user who's only responsible for doing data entry job or a user who is responsible only for creating materials not approving / sending.
6) Make a sheet that maps you users to role
7) Always review / approve your Matirx from respective Functional Head, as a BASIS we can't take decision on Functional side.
8) Always test you roles in DEV / QAS (training client) assigned to a test user by your functional cunsultant.
9) Always remember of cross functionality authorizations (like some time they may
10) Always make sure that none of the user gets any BASIS activity authorization.
I gather above points from my experience where I was involved in designing Matrix, It can be defferent depends upon the organization.
This activity is very good for the beginning of the project well posted
but today almost all large enterprises use BPML from Solution Manager for all that you have listed.
One blueprint and realization stage example can be as below:
ARIS FLOW/VISIO - BPML( Solution Manager ) - Role build for each functional team.
AGR* tables will be a starting point for the question posted to get atleast a list of SAP delivered roles.
Franklin Jayasim wrote:
> but today almost all large enterprises use BPML from Solution Manager for all that you have listed.
Uptake is much slower than that in my experience. I am a huge fan of that approach but the market is way behind in terms of adoption and use of those tools.