authorizations - self study exercise 1.pdf

Download Authorizations - Self Study Exercise 1.pdf

Post on 11-Jan-2016

5 views

Category:

Documents

2 download

Embed Size (px)

TRANSCRIPT

  • At the conclusion of this exercise, you will be able to: Describe the components of the authorization object Create an Authorization Object Class and an Authorization Object

    Authorization Objects are central in securing your SAP R/3 applications. Authorization objects are used in both programs and transactions to secure user activity. Creating custom authorization objects would be required if your company wanted to protect new development work and an SAP R/3 authorization object was not available.

    1-1 Display the authorization objects classified under the object class: MM: Master Data (MM_G) (Menu Path: Tools ABAP Workbench, Development Other Tools Authorization Objects Objects) 1-1-1 How many authorization objects are there?

    ___________________________________________________

    1-1-2 What is the authorization object M_MATE_STA used for? ___________________________________________________

    1-1-3 What are the fields that are to be checked for the authorization object M_MATE_STA? ___________________________________________________

    1-1-4 Where are these fields defined so that they could be used by this authorization object? ___________________________________________________

    1-1-5 What are the available activities for the authorization object M_MATE_STA as stated in the documentation for the object? ___________________________________________________

    1-1-6 Verify this by reading the table TACTZ. ___________________________________________________

    (Menu Path: Tools ABAP Workbench, Overview Data Browser)

    2-1 Go to the Information System in the ABAP Workbench. (Menu Path: Tools ABAP Workbench, Overview Information System)

  • 2-1-1 Select the report on authorization objects. Expand each section by selecting the folder icon. Environment Authorizations Authorization Objects (Double-Click)

    2-1-2 Enter the authorization object name M_MATE_STA, Press Execute Icon. 2-2 Select the authorization object and press the where used icon.

    (Menu Path: Goto Where -Used List) 2-2-1 Is the authorization object being used in transactions?

    ___________________________________________________

    2-2-2 Double click on some of the transactions to see what values the authorization object fields are being checked for.

    When an entry is left blank in the authorization check fields for transactions, it is considered not relevant or . In this case, the authorization check for starting MM06 will only verify that the user has an authorization for activity 06 of this authorization object.

    2-2-3 Is the authorization object being used in programs? ___________________________________________________

    2-2-4 Double click on some of the programs to see how the authorization object is being used in the source code.

  • 3-1 Create a custom Authorization Object Class and a custom Authorization Object. (Menu Path: Tools ABAP Workbench, Development Other Tools Authorization Objects Objects)

    3-1-1 Create your own object class from the Object Class List screen: Object Class Description

    ZC## Group ## Object Class Note: ##: Group number Press SAVE' when complete.

    3-1-1 On the Create Object Catalog Entry' pop-up screen enter development class Z001.

    The assignment to a development class allows this client independent object to be recorded in a change request. This will enable the object to be transported later to another system. You will be asked for a change request number which can create by pressing the Create' icon, entering a description and pressing the Save' icon.

    3-2 Select your object class (Double-Click) from the Object Class List screen to enter the Authorization Object List screen. Create your own Authorization Object:

    Authorization Object Description ZOBJ## Group ## Object Note: ##: Group number

    3-2-1 Assign the following fields to your authorization object. Press save when complete. ACTVT ( Activity ) BUKRS ( Company Code )

    3-2-2 On the Create Object Catalog Entry' pop-up screen enter development class Z001.

    You will be asked for a change request number. The change request number created for the Authorization Object class should already be displayed. Press the Continue' button to get past the pop-up screen.

  • Unit: Roles Topic: Creating Activity Group without Responsibilities

    At the conclusion of this exercise, you will be able to: Create an Activity Group without Responsibilities

    Various positions in your company require the capability to perform transactions in the SAP R/3 system. Roles and Responsibilities should be built to address the required authorizations for these positions. A position in your organization has been defined for maintaining materials. In this case, the activity requirements are unique to this material maintenance position, thus an activity group without responsibilities is required.

    1-1 Create an Activity Group without responsibilities to support the material master data transactions: MM01, MM02, MM03. From the Maintain Activity Group screen, create an Activity Group: MAT##_AG (Menu: Tools Administration, User Maintenance Roles) 1-1-1 When asked to create with responsibilities, select No'. 1-1-2 Enter a description in the Activity Group Basic Data screen. 1-1-3 Save your Activity Group.

    1-2 Go to the menu selection screen by pressing the Menu pushbutton. (Menu Path: Goto Menu).

    Continued on next page

  • 1-2-1 Select the following transactions from the Company Menu:

    Task Menu Path Create a material record (transaction MM01 )

    Logistics Material Management Material Master Material Create(General) Immediately

    Change a material record (transaction MM02 )

    Logistics Material Management Material Master Material Change Immediately

    Display a material record (transaction MM03 )

    Logistics Material Management Material Master Material Display Display Current

    You may confirm the transaction codes by turning on the technical names (Menu Path: Edit Technical Names Technical Names ON)

    1-2-2 Return to the Activity Group Basic Data screen.

    1-3 Go to the Authorization Profile screen by pressing the Authorizations pushbutton. ( Menu Path: Goto Authorization Profile). 1-3-1 Enter the following organization level data:

    Company code: 1000 Warehouse number: 001 Sales organization: 3000 Distribution Channel: 03 Plant: *

    1-3-2 Review open authorizations (expand at yellow lights). For this example, set the remaining fields to Complete Authorizations'.

    You would not normally do this. Each field must be properly investigated. There should not be a case where complete authorizations have been granted.

    1-3-3 Generate the profile and assign the profile name Z:MATPG##. (Menu Path: Authorizations Generate)

    1-3-4 Review the profile name using: Menu Path: Authorizations Profile Overview

    1-3-5 Return to the Activity Group Basic Data screen.

  • Unit: Roles Topic: Activity Group with Responsibilites

    At the conclusion of this exercise, you will be able to: Create an Activity Group with Responsibilities

    Multiple positions in your organization have been defined for maintaining vendors for different company codes. In this case, the activity requirements are similar for each position, however, different authorization profiles are required for each position. This is due to each position having acces to different Company Codes. An activity group using responsibilities is required to meet this need.

    1-1 Create an Activity Group with responsibilities to support the vendor master data transactions: FK01, FK02, FK03. Responsibilities are required for maintianing the company codes 1000 and 3000 seperately. From the Maintain Activity Group screen, create an Activity Group: VEND##_AG 1-1-1 When asked to create with responsibilities, select Yes'. 1-1-2 Enter a description in the Activity Group Basic Data screen. 1-1-3 Save your Activity Group.

    1-2 Go to the menu selection screen by pressing the Menu pushbutton. (Menu Path: Goto Menu). 1-2-1 Select the following transactions from the Company Menu:

    Task Menu Path Create a vendor record (transaction FK01)

    Accounting Financial Accounting Accounts Payable Master Records Create

    Continued on next page

  • Change a vendor record (transaction FK02)

    Accounting Financial Accounting Accounts Payable Master Records Change

    Display a vendor record (transaction FK03)

    Accounting Financial Accounting Accounts Payable Master Records Display

    You may confirm the transaction codes by turning on the technical names (Menu Path: Edit Technical Names Technical Names ON)

    1-2-2 Save your work. 1-2-3 Return to the Activity Group Basic Datal screen.

    1-3 Go to the Responsibilites screen by pressing the Responsiblities pushbutton. (Menu Path: Goto Responsibilities) Create a Responsibility for vendor maintenance of company code 1000:VND##_1000 (Menu Path: Responsibility Create). 1-3-1 Maintain the Authorization Profile for the Responsibility: VEND##_1000.

    (Cursor must be on a responsiblility) Menu Path: Goto Authorization Profile

    1-3-2 Enter the following organization level data:

    Company code: 1000 1-3-3 Review open authorizations (expand at yellow lights).

    For this example, set the remaining fields to Complete Authorizations'.

    You would not normally do this. Each field must be properly investigated. There should not be a case where complete authorizations have been granted.

    1-3-4 Save your work. 1-3-5 Generate the profile and assign the profile name RY:##_1000.

    (Menu Path: Authorizatio