Authorizations - Self Study Exercise 1.pdf

Download Authorizations - Self Study Exercise 1.pdf

Post on 11-Jan-2016

5 views

Category:

Documents

2 download

Embed Size (px)

TRANSCRIPT

<ul><li><p>At the conclusion of this exercise, you will be able to: Describe the components of the authorization object Create an Authorization Object Class and an Authorization Object </p><p>Authorization Objects are central in securing your SAP R/3 applications. Authorization objects are used in both programs and transactions to secure user activity. Creating custom authorization objects would be required if your company wanted to protect new development work and an SAP R/3 authorization object was not available. </p><p>1-1 Display the authorization objects classified under the object class: MM: Master Data (MM_G) (Menu Path: Tools ABAP Workbench, Development Other Tools Authorization Objects Objects) 1-1-1 How many authorization objects are there? </p><p> ___________________________________________________ </p><p>1-1-2 What is the authorization object M_MATE_STA used for? ___________________________________________________ </p><p>1-1-3 What are the fields that are to be checked for the authorization object M_MATE_STA? ___________________________________________________ </p><p>1-1-4 Where are these fields defined so that they could be used by this authorization object? ___________________________________________________ </p><p> 1-1-5 What are the available activities for the authorization object M_MATE_STA as stated in the documentation for the object? ___________________________________________________ </p><p>1-1-6 Verify this by reading the table TACTZ. ___________________________________________________ </p><p>(Menu Path: Tools ABAP Workbench, Overview Data Browser) </p><p>2-1 Go to the Information System in the ABAP Workbench. (Menu Path: Tools ABAP Workbench, Overview Information System) </p></li><li><p> 2-1-1 Select the report on authorization objects. Expand each section by selecting the folder icon. Environment Authorizations Authorization Objects (Double-Click) </p><p> 2-1-2 Enter the authorization object name M_MATE_STA, Press Execute Icon. 2-2 Select the authorization object and press the where used icon. </p><p>(Menu Path: Goto Where -Used List) 2-2-1 Is the authorization object being used in transactions? </p><p>___________________________________________________ </p><p>2-2-2 Double click on some of the transactions to see what values the authorization object fields are being checked for. </p><p>When an entry is left blank in the authorization check fields for transactions, it is considered not relevant or . In this case, the authorization check for starting MM06 will only verify that the user has an authorization for activity 06 of this authorization object. </p><p>2-2-3 Is the authorization object being used in programs? ___________________________________________________ </p><p> 2-2-4 Double click on some of the programs to see how the authorization object is being used in the source code. </p></li><li><p> 3-1 Create a custom Authorization Object Class and a custom Authorization Object. (Menu Path: Tools ABAP Workbench, Development Other Tools Authorization Objects Objects) </p><p>3-1-1 Create your own object class from the Object Class List screen: Object Class Description </p><p>ZC## Group ## Object Class Note: ##: Group number Press SAVE' when complete. </p><p>3-1-1 On the Create Object Catalog Entry' pop-up screen enter development class Z001. </p><p>The assignment to a development class allows this client independent object to be recorded in a change request. This will enable the object to be transported later to another system. You will be asked for a change request number which can create by pressing the Create' icon, entering a description and pressing the Save' icon. </p><p>3-2 Select your object class (Double-Click) from the Object Class List screen to enter the Authorization Object List screen. Create your own Authorization Object: </p><p>Authorization Object Description ZOBJ## Group ## Object Note: ##: Group number </p><p>3-2-1 Assign the following fields to your authorization object. Press save when complete. ACTVT ( Activity ) BUKRS ( Company Code ) </p><p>3-2-2 On the Create Object Catalog Entry' pop-up screen enter development class Z001. </p><p>You will be asked for a change request number. The change request number created for the Authorization Object class should already be displayed. Press the Continue' button to get past the pop-up screen. </p></li><li><p>Unit: Roles Topic: Creating Activity Group without Responsibilities </p><p>At the conclusion of this exercise, you will be able to: Create an Activity Group without Responsibilities </p><p>Various positions in your company require the capability to perform transactions in the SAP R/3 system. Roles and Responsibilities should be built to address the required authorizations for these positions. A position in your organization has been defined for maintaining materials. In this case, the activity requirements are unique to this material maintenance position, thus an activity group without responsibilities is required. </p><p>1-1 Create an Activity Group without responsibilities to support the material master data transactions: MM01, MM02, MM03. From the Maintain Activity Group screen, create an Activity Group: MAT##_AG (Menu: Tools Administration, User Maintenance Roles) 1-1-1 When asked to create with responsibilities, select No'. 1-1-2 Enter a description in the Activity Group Basic Data screen. 1-1-3 Save your Activity Group. </p><p>1-2 Go to the menu selection screen by pressing the Menu pushbutton. (Menu Path: Goto Menu). </p><p>Continued on next page </p></li><li><p> 1-2-1 Select the following transactions from the Company Menu: </p><p>Task Menu Path Create a material record (transaction MM01 ) </p><p>Logistics Material Management Material Master Material Create(General) Immediately </p><p>Change a material record (transaction MM02 ) </p><p>Logistics Material Management Material Master Material Change Immediately </p><p>Display a material record (transaction MM03 ) </p><p>Logistics Material Management Material Master Material Display Display Current </p><p>You may confirm the transaction codes by turning on the technical names (Menu Path: Edit Technical Names Technical Names ON) </p><p>1-2-2 Return to the Activity Group Basic Data screen. </p><p>1-3 Go to the Authorization Profile screen by pressing the Authorizations pushbutton. ( Menu Path: Goto Authorization Profile). 1-3-1 Enter the following organization level data: </p><p>Company code: 1000 Warehouse number: 001 Sales organization: 3000 Distribution Channel: 03 Plant: * </p><p>1-3-2 Review open authorizations (expand at yellow lights). For this example, set the remaining fields to Complete Authorizations'. </p><p>You would not normally do this. Each field must be properly investigated. There should not be a case where complete authorizations have been granted. </p><p>1-3-3 Generate the profile and assign the profile name Z:MATPG##. (Menu Path: Authorizations Generate) </p><p>1-3-4 Review the profile name using: Menu Path: Authorizations Profile Overview </p><p>1-3-5 Return to the Activity Group Basic Data screen. </p></li><li><p>Unit: Roles Topic: Activity Group with Responsibilites </p><p>At the conclusion of this exercise, you will be able to: Create an Activity Group with Responsibilities </p><p>Multiple positions in your organization have been defined for maintaining vendors for different company codes. In this case, the activity requirements are similar for each position, however, different authorization profiles are required for each position. This is due to each position having acces to different Company Codes. An activity group using responsibilities is required to meet this need. </p><p>1-1 Create an Activity Group with responsibilities to support the vendor master data transactions: FK01, FK02, FK03. Responsibilities are required for maintianing the company codes 1000 and 3000 seperately. From the Maintain Activity Group screen, create an Activity Group: VEND##_AG 1-1-1 When asked to create with responsibilities, select Yes'. 1-1-2 Enter a description in the Activity Group Basic Data screen. 1-1-3 Save your Activity Group. </p><p>1-2 Go to the menu selection screen by pressing the Menu pushbutton. (Menu Path: Goto Menu). 1-2-1 Select the following transactions from the Company Menu: </p><p>Task Menu Path Create a vendor record (transaction FK01) </p><p>Accounting Financial Accounting Accounts Payable Master Records Create </p><p>Continued on next page</p></li><li><p>Change a vendor record (transaction FK02) </p><p>Accounting Financial Accounting Accounts Payable Master Records Change </p><p>Display a vendor record (transaction FK03) </p><p>Accounting Financial Accounting Accounts Payable Master Records Display </p><p>You may confirm the transaction codes by turning on the technical names (Menu Path: Edit Technical Names Technical Names ON) </p><p>1-2-2 Save your work. 1-2-3 Return to the Activity Group Basic Datal screen. </p><p>1-3 Go to the Responsibilites screen by pressing the Responsiblities pushbutton. (Menu Path: Goto Responsibilities) Create a Responsibility for vendor maintenance of company code 1000:VND##_1000 (Menu Path: Responsibility Create). 1-3-1 Maintain the Authorization Profile for the Responsibility: VEND##_1000. </p><p>(Cursor must be on a responsiblility) Menu Path: Goto Authorization Profile </p><p>1-3-2 Enter the following organization level data: </p><p>Company code: 1000 1-3-3 Review open authorizations (expand at yellow lights). </p><p>For this example, set the remaining fields to Complete Authorizations'. </p><p>You would not normally do this. Each field must be properly investigated. There should not be a case where complete authorizations have been granted. </p><p>1-3-4 Save your work. 1-3-5 Generate the profile and assign the profile name RY:##_1000. </p><p>(Menu Path: Authorization Generate) 1-3-6 Return to the Responsibilites screen. </p></li><li><p> 1-4 Create a Responsibility for vendor maintenance of company code 3000: VND##_3000 1-4-1 Maintain the Authorization Profile for the Responsibility: VEND##_3000. 1-4-2 Enter the following organization level data: </p><p>Company code: 3000 1-4-3 Review open authorizations (expand at yellow lights). </p><p>For this example, set the remaining fields to Complete Authorizations'. 1-4-4 Generate the profile and assign the profile name RY:##_3000. 1-4-5 Return to the Responsibilites screen. </p></li><li><p>Unit: Roles Topic: Templates </p><p>At the conclusion of this exercise, you will be able to: Create a Template Assign a Template to a user </p><p>All users may be required to perform the same functions, such as printing, trouble shooting transactions, etc. Create a template that you can use when defining new users. </p><p>1-1 Create a template to grant access to standard user transactions and authorization objects. 1-1-1 Create a template: GR##_TMPL. The template should allow the user to </p><p>start the following basic transactions: SU3, SES0, SU53, SU56, SP01. You require the S_TCODE authorization object for this. </p><p>1-1-2 The template should allow the user to be able to print to the local printer. Use the template Print Authorizaitons (SAP_PRINT) for this. (Menu path: Edit Insert auth. From template). </p><p> Ask the instructor for the local printer name. </p><p>Complete the authorization for the authorizaiton object S_SPO_ACT (Use complete authorization for the remaining field) 1-1-3 Save your template. 1-1-4 On the Create Object Catalog Entry' pop-up screen enter development class </p><p>Z001 </p><p>You will be asked for a change request number. The change request number you created in a previous exercise should already be displayed. If not, select it by pressing the Own Requests' button. Press the Continue' button to get past the pop-up screen. </p><p>2-1 Add the template authorizations to the Roles and responsibilities you have created. Maintain the Activity Group MAT##_AG. </p></li><li><p> 2-1-1 Go to the authorization profile view. 2-1-2 Insert the template GR##_TMPL and review the authoirzaitons 2-1-3 Review the authorization profile values. 2-1-4 What is different in the authorizations listed below the S_TCODE </p><p>authorization object? ___________________________________________________ </p><p>2-1-5 What can be done about this? ___________________________________________________ </p><p> 2-1-6 Regenerate the profile. </p><p>2-2 Maintain activity group VND##_AG and repeat the process in 2-1 for responsibilities VND##_1000 and VND##_3000. </p></li><li><p>Unit: User Administration Topic: Creating User Administrators </p><p>At the conclusion of this exercise, you will be able to: Create a user group Create an activity group to grant authorizations for user maintenance </p><p>within your user group </p><p> Create a user administrator ID for your user group </p><p>User administrators take care of most tasks concerning user accounts. Tasks can be delegated based on the activities that can be performed on specific user groups. </p><p>1-1 Create a new user group for your users. (Menu Path: Tools Administration, User mainenance Users, Environment User Groups) 1-1-1 Create user group ZGROUP##. 1-1-2 Save your work. </p><p>2-1 Create an Activity Group to for user administration activities. 2-1-1 From the Maintain Activity Group screen, create an Activity Group: </p><p>ADM##_AG (Menu Path: Tools Administration, User maintenance Roles) </p><p>2-1-2 When asked to create with responsibilities, select No' 2-1-3 Enter a description in the Activity Group Basic Data screen. 2-1-4 Save your Activity Group. </p><p>2-2 Go to the authorization profile screen by pressing the Authorization pushbutton. (Menu Path: Goto Authorization Profile) 2-2-1 Select the template SAP_ADM_US </p></li><li><p> 2-2-2 Enter the following organization level data, if requested: </p><p>Plan Version: 01 </p><p>If a plan version has been assigned via implement guide, it will not be requested. This is also true for certain other organizational level fields. </p><p>2-2-3 Review authorizations, and assign the values stated for each of the following authorization objects: </p><p>Authorization Object: S_USER_GRP Field Name Value </p><p>ACTVT ( Activity ) 01 02 03 06 08 </p><p>User Group ZGROUP## </p><p>Authorization Object: S_USER_PRO Field Name Value </p><p>ACTVT ( Activity ) 03 22 </p><p>Profiles * </p><p>Authorization Object: PLOG (Human Resources) Field Name From To </p><p>Object Type O C P T S A </p><p>US RY </p><p>Authorization Object: S_USER_AUT: Inactive Remaining open values can be set to complete authorizations. </p><p>2-2-4 Save your work. 2-2-5 Generate the profile and assign the profile name S:USRADM##. </p><p>(Menu Path: Authorization Generate) </p><p>3-1 Create a User Administrator: USRADM## (Menu Path: Tools Administration, User Maintenance Users) </p></li><li><p> 3-1-1 Fill out the required fields, and assign the user to user Group: SUPER. 3-1-2 Assign the Activity Group ADM##_AG to the user. 3-1-3 Select Task Profile' view. 3-1-4 Select Add' within the Task Profile' View. 3-1-5 Select Activity Group. 3-1-6 Enter Activity Group name ADM##_AG </p><p>The profile(s) related to the activity group will automatically be inserted / removed when you press enter. </p><p>3-1-7 Go to the Profiles view. What profile has been inserted? ___________________________________________________ </p><p>3-1-8 Save the user ID. </p><p>3-2 Login to the system using your new user administrator: USRADM##. 3-2-1 Create a sample user ID: SAMPLE##. 3-2-2 Fill the required fields and assign the user group: ZGROUP## . Go to the </p><p>Logon data view to assign user groups. 3-2-3 S...</p></li></ul>