Transcript
Page 1: Authorizations - Self Study Exercise 1.pdf

At the conclusion of this exercise, you will be able to:

• Describe the components of the authorization object

• Create an Authorization Object Class and an Authorization Object

Authorization Objects are central in securing your SAP R/3 applications.

Authorization objects are used in both programs and transactions to secure

user activity.

Creating custom authorization objects would be required if your company

wanted to protect new development work and an SAP R/3 authorization

object was not available.

1-1 Display the authorization objects classified under the object class: MM: Master

Data (MM_G)

(Menu Path: Tools ABAP Workbench, Development Other Tools Authorization

Objects Objects)

1-1-1 How many authorization objects are there?

___________________________________________________

1-1-2 What is the authorization object M_MATE_STA used for?

___________________________________________________

1-1-3 What are the fields that are to be checked for the authorization object

M_MATE_STA?

___________________________________________________

1-1-4 Where are these fields defined so that they could be used by this

authorization object?

___________________________________________________

1-1-5 What are the available activities for the authorization object

M_MATE_STA as stated in the documentation for the object?

___________________________________________________

1-1-6 Verify this by reading the table TACTZ.

___________________________________________________

(Menu Path: Tools ABAP Workbench, Overview Data Browser)

2-1 Go to the Information System in the ABAP Workbench.

(Menu Path: Tools ABAP Workbench, Overview Information System)

Page 2: Authorizations - Self Study Exercise 1.pdf

2-1-1 Select the report on authorization objects. Expand each section by selecting

the folder icon.

Environment Authorizations Authorization Objects (Double-Click)

2-1-2 Enter the authorization object name M_MATE_STA, Press Execute Icon.

2-2 Select the authorization object and press the where used icon.

(Menu Path: Goto Where -Used List)

2-2-1 Is the authorization object being used in transactions?

___________________________________________________

2-2-2 Double click on some of the transactions to see what values the

authorization object fields are being checked for.

When an entry is left blank in the authorization check fields for

transactions, it is considered not relevant or <Dummy>. In this

case, the authorization check for starting MM06 will only verify that

the user has an authorization for activity 06 of this authorization

object.

2-2-3 Is the authorization object being used in programs?

___________________________________________________

2-2-4 Double click on some of the programs to see how the authorization object is

being used in the source code.

Page 3: Authorizations - Self Study Exercise 1.pdf

3-1 Create a custom Authorization Object Class and a custom Authorization Object.

(Menu Path: Tools ABAP Workbench, Development Other Tools Authorization

Objects Objects)

3-1-1 Create your own object class from the Object Class List screen:

Object Class Description

ZC## Group ## Object Class

Note: ##: Group number

Press ‘SAVE' when complete.

3-1-1 On the ‘Create Object Catalog Entry' pop-up screen enter development class

Z001.

The assignment to a development class allows this client

independent object to be recorded in a change request. This will

enable the object to be transported later to another system. You will

be asked for a change request number which can create by pressing

the ‘Create' icon, entering a description and pressing the ‘Save' icon.

3-2 Select your object class (Double-Click) from the Object Class List screen to enter

the Authorization Object List screen. Create your own Authorization Object:

Authorization Object Description

ZOBJ## Group ## Object

Note: ##: Group number

3-2-1 Assign the following fields to your authorization object. Press save when

complete.

ACTVT ( Activity )

BUKRS ( Company Code )

3-2-2 On the ‘Create Object Catalog Entry' pop-up screen enter development

class Z001.

You will be asked for a change request number. The change request

number created for the Authorization Object class should already be

displayed. Press the ‘Continue' button to get past the pop-up screen.

Page 4: Authorizations - Self Study Exercise 1.pdf

Unit: Roles

Topic: Creating Activity Group without Responsibilities

At the conclusion of this exercise, you will be able to:

• Create an Activity Group without Responsibilities

Various positions in your company require the capability to perform

transactions in the SAP R/3 system. Roles and Responsibilities should be

built to address the required authorizations for these positions.

A position in your organization has been defined for maintaining

materials. In this case, the activity requirements are unique to this

material maintenance position, thus an activity group without

responsibilities is required.

1-1 Create an Activity Group without responsibilities to support the material master

data transactions: MM01, MM02, MM03. From the Maintain Activity Group

screen, create an Activity Group: MAT##_AG

(Menu: Tools Administration, User Maintenance Roles)

1-1-1 When asked to create with responsibilities, select ‘No'.

1-1-2 Enter a description in the Activity Group Basic Data screen.

1-1-3 Save your Activity Group.

1-2 Go to the menu selection screen by pressing the Menu pushbutton.

(Menu Path: Goto Menu).

Continued on next page

Page 5: Authorizations - Self Study Exercise 1.pdf

1-2-1 Select the following transactions from the Company Menu:

Task Menu Path

Create a material record

(transaction MM01 ) Logistics Material Management Material

Master Material Create(General)

Immediately

Change a material record

(transaction MM02 ) Logistics Material Management Material

Master Material Change Immediately

Display a material record

(transaction MM03 ) Logistics Material Management Material

Master Material Display Display Current

You may confirm the transaction codes by turning on the technical

names (Menu Path: Edit Technical Names Technical Names ON)

1-2-2 Return to the Activity Group Basic Data screen.

1-3 Go to the Authorization Profile screen by pressing the Authorizations pushbutton.

( Menu Path: Goto Authorization Profile).

1-3-1 Enter the following organization level data:

Company code: 1000

Warehouse number: 001

Sales organization: 3000

Distribution Channel: 03

Plant: *

1-3-2 Review open authorizations (expand at yellow lights).

For this example, set the remaining fields to ‘Complete Authorizations'.

You would not normally do this. Each field must be properly

investigated. There should not be a case where complete

authorizations have been granted.

1-3-3 Generate the profile and assign the profile name Z:MATPG##.

(Menu Path: Authorizations Generate)

1-3-4 Review the profile name using: Menu Path: Authorizations Profile

Overview

1-3-5 Return to the Activity Group Basic Data screen.

Page 6: Authorizations - Self Study Exercise 1.pdf

Unit: Roles

Topic: Activity Group with Responsibilites

At the conclusion of this exercise, you will be able to:

• Create an Activity Group with Responsibilities

Multiple positions in your organization have been defined for maintaining

vendors for different company codes. In this case, the activity

requirements are similar for each position, however, different

authorization profiles are required for each position. This is due to each

position having acces to different Company Codes. An activity group

using responsibilities is required to meet this need.

1-1 Create an Activity Group with responsibilities to support the vendor master data

transactions: FK01, FK02, FK03. Responsibilities are required for maintianing the

company codes 1000 and 3000 seperately. From the Maintain Activity Group

screen, create an Activity Group: VEND##_AG

1-1-1 When asked to create with responsibilities, select ‘Yes'.

1-1-2 Enter a description in the Activity Group Basic Data screen.

1-1-3 Save your Activity Group.

1-2 Go to the menu selection screen by pressing the Menu pushbutton.

(Menu Path: Goto Menu).

1-2-1 Select the following transactions from the Company Menu:

Task Menu Path

Create a vendor record

(transaction FK01) Accounting Financial Accounting

Accounts Payable Master Records Create

Continued on next page

Page 7: Authorizations - Self Study Exercise 1.pdf

Change a vendor record

(transaction FK02) Accounting Financial Accounting

Accounts Payable Master Records

Change

Display a vendor record

(transaction FK03) Accounting Financial Accounting

Accounts Payable Master Records

Display

You may confirm the transaction codes by turning on the technical

names (Menu Path: Edit Technical Names Technical Names ON)

1-2-2 Save your work.

1-2-3 Return to the Activity Group Basic Datal screen.

1-3 Go to the Responsibilites screen by pressing the Responsiblities pushbutton. (Menu

Path: Goto Responsibilities) Create a Responsibility for vendor maintenance of

company code 1000:VND##_1000 (Menu Path: Responsibility Create).

1-3-1 Maintain the Authorization Profile for the Responsibility: VEND##_1000.

(Cursor must be on a responsiblility)

Menu Path: Goto Authorization Profile

1-3-2 Enter the following organization level data:

Company code: 1000

1-3-3 Review open authorizations (expand at yellow lights).

For this example, set the remaining fields to ‘Complete

Authorizations'.

You would not normally do this. Each field must be properly

investigated. There should not be a case where complete

authorizations have been granted.

1-3-4 Save your work.

1-3-5 Generate the profile and assign the profile name RY:##_1000.

(Menu Path: Authorization Generate)

1-3-6 Return to the Responsibilites screen.

Page 8: Authorizations - Self Study Exercise 1.pdf

1-4 Create a Responsibility for vendor maintenance of company code 3000:

VND##_3000

1-4-1 Maintain the Authorization Profile for the Responsibility: VEND##_3000.

1-4-2 Enter the following organization level data:

Company code: 3000

1-4-3 Review open authorizations (expand at yellow lights).

For this example, set the remaining fields to ‘Complete Authorizations'.

1-4-4 Generate the profile and assign the profile name RY:##_3000.

1-4-5 Return to the Responsibilites screen.

Page 9: Authorizations - Self Study Exercise 1.pdf

Unit: Roles

Topic: Templates

At the conclusion of this exercise, you will be able to:

• Create a Template

• Assign a Template to a user

All users may be required to perform the same functions, such as printing,

trouble shooting transactions, etc. Create a template that you can use

when defining new users.

1-1 Create a template to grant access to standard user transactions and authorization

objects.

1-1-1 Create a template: GR##_TMPL. The template should allow the user to

start the following basic transactions: SU3, SES0, SU53, SU56, SP01. You

require the S_TCODE authorization object for this.

1-1-2 The template should allow the user to be able to print to the local printer.

Use the template Print Authorizaitons (SAP_PRINT) for this.

(Menu path: Edit Insert auth. From template).

Ask the instructor for the local printer name.

Complete the authorization for the authorizaiton object S_SPO_ACT (Use

complete authorization for the remaining field)

1-1-3 Save your template.

1-1-4 On the ‘Create Object Catalog Entry' pop-up screen enter development class

Z001

You will be asked for a change request number. The change request

number you created in a previous exercise should already be

displayed. If not, select it by pressing the ‘Own Requests' button.

Press the ‘Continue' button to get past the pop-up screen.

2-1 Add the template authorizations to the Roles and responsibilities you have created.

Maintain the Activity Group MAT##_AG.

Page 10: Authorizations - Self Study Exercise 1.pdf

2-1-1 Go to the authorization profile view.

2-1-2 Insert the template GR##_TMPL and review the authoirzaitons

2-1-3 Review the authorization profile values.

2-1-4 What is different in the authorizations listed below the S_TCODE

authorization object?

___________________________________________________

2-1-5 What can be done about this?

___________________________________________________

2-1-6 Regenerate the profile.

2-2 Maintain activity group VND##_AG and repeat the process in 2-1 for

responsibilities VND##_1000 and VND##_3000.

Page 11: Authorizations - Self Study Exercise 1.pdf

Unit: User Administration

Topic: Creating User Administrators

At the conclusion of this exercise, you will be able to:

• Create a user group

• Create an activity group to grant authorizations for user maintenance

within your user group

• Create a user administrator ID for your user group

User administrators take care of most tasks concerning user accounts.

Tasks can be delegated based on the activities that can be performed on

specific user groups.

1-1 Create a new user group for your users.

(Menu Path: Tools Administration, User mainenance Users, Environment User

Groups)

1-1-1 Create user group ZGROUP##.

1-1-2 Save your work.

2-1 Create an Activity Group to for user administration activities.

2-1-1 From the Maintain Activity Group screen, create an Activity Group:

ADM##_AG

(Menu Path: Tools Administration, User maintenance Roles)

2-1-2 When asked to create with responsibilities, select ‘No'

2-1-3 Enter a description in the Activity Group Basic Data screen.

2-1-4 Save your Activity Group.

2-2 Go to the authorization profile screen by pressing the Authorization pushbutton.

(Menu Path: Goto Authorization Profile)

2-2-1 Select the template SAP_ADM_US

Page 12: Authorizations - Self Study Exercise 1.pdf

2-2-2 Enter the following organization level data, if requested:

Plan Version: 01

If a plan version has been assigned via implement guide, it will not

be requested. This is also true for certain other organizational level

fields.

2-2-3 Review authorizations, and assign the values stated for each of the

following authorization objects:

Authorization Object: S_USER_GRP

Field Name Value

ACTVT ( Activity ) 01

02

03

06

08

User Group ZGROUP##

Authorization Object: S_USER_PRO

Field Name Value

ACTVT ( Activity ) 03

22

Profiles *

Authorization Object: PLOG (Human Resources)

Field Name From To

Object Type O

C

P

T

S

A

US

RY

Authorization Object: S_USER_AUT: Inactive

Remaining open values can be set to complete authorizations.

2-2-4 Save your work.

2-2-5 Generate the profile and assign the profile name S:USRADM##.

(Menu Path: Authorization Generate)

3-1 Create a User Administrator: USRADM##

(Menu Path: Tools Administration, User Maintenance Users)

Page 13: Authorizations - Self Study Exercise 1.pdf

3-1-1 Fill out the required fields, and assign the user to user Group: SUPER.

3-1-2 Assign the Activity Group ADM##_AG to the user.

3-1-3 Select ‘Task Profile' view.

3-1-4 Select ‘Add' within the ‘Task Profile' View.

3-1-5 Select Activity Group.

3-1-6 Enter Activity Group name ADM##_AG

The profile(s) related to the activity group will automatically be

inserted / removed when you press enter.

3-1-7 Go to the Profiles view. What profile has been inserted?

___________________________________________________

3-1-8 Save the user ID.

3-2 Login to the system using your new user administrator: USRADM##.

3-2-1 Create a sample user ID: SAMPLE##.

3-2-2 Fill the required fields and assign the user group: ZGROUP## . Go to the

Logon data view to assign user groups.

3-2-3 Save the user ID.

3-3 Once you've created the user, can you:

3-3-1 Change the user's password?

3-3-2 Lock the user?

3-3-3 Attempt to maintain another groups SAMPLE## user. Are you successful?

___________________________________________________

Page 14: Authorizations - Self Study Exercise 1.pdf

4-1 Create the following User ID's to be used later on:

NOTE: Do NOT assign any task profiles to these users!

4-1-1 Material Master User.

User ID: MAT##

User Group: ZGROUP##

4-1-2 Vendor Master User for Company 1000.

User ID: VEND##_C1

User Group: ZGROUP##

4-1-3 Vendor Master User for Company 3000.

User ID: VEND##_C3

User Group: ZGROUP##

Page 15: Authorizations - Self Study Exercise 1.pdf

Unit: Case Studies

Topic: Controlling Configuration Tables

At the conclusion of this exercise, you will be able to:

• Control access to tables via the standard maintenance tools: SE16,

SM30, and SM31 using Table authorization groups

Authorization Groups are used to control large groups of data that needs

to be secured. Examples of authorization groups are: Table Authorization

Groups, Material Authorization Groups, Document Authorizaiton Groups.

Program Authorization groups. These Authorization Groups are typically

maintained via the Implementation Guide (IMG).

1-1 Create authorizations so that a user can view specific tables in transaction SE16.

The user needs the ability to display two tables: the company code table and the

business area table. Those table names are V_T001 (company code) and V_TGSB

(business area). Read the documentation for the authorization object S_TABU_DIS

(Object Class: Basis Administration).

(Menu Path: Tools ABAP Workbench, Development Other Tools Authorzations

Objects)

1-1-1 What does the documentation say about S_TABU_DIS? (Object Class:

Basis:Administration)

___________________________________________________

1-1-2 What activities are allowed?

___________________________________________________

1-1-3 What is table TDDAT?

___________________________________________________

1-2 Find the authorization group assigned to table V_T001 and V_TGSB.

1-2-1 Go to the data browser (Transaction SE16).

(Menu Path: Tools ABAP Workbench, Overview Data Browser)

1-2-2 Enter table TDDAT and press on the table contents square button.

1-2-3 In the TABNAME field enter V_T001. Press the execute button. Note the

authorization group in the CCLASS field.

Page 16: Authorizations - Self Study Exercise 1.pdf

1-2-4 Repeat for TABNAME V_TGSB. Note the authorization group in the

CCLASS field.

1-3 Create the Activity Group SAMPLE##_AG

1-3-1 Go to the menu selection screen by pressing the Menu pushbutton. Select

the following transactions from the Company Menu:

Task Menu Path

Data Browser (transaction

SE16 ) Tools ABAP Workbench, Overview

Data Browser

1-3-2 Save your work.

1-3-3 Return to the Activity Group Detail screen.

1-4 Go to the authorization profile screen by pressing the Authorization pushbutton.

Review open authorizations. Assign the following values for the authorization

object S_TABU_DIS:

Authorization Object S_TABU_DIS

Field Name Value

ACTVT ( Activity ) 03

Authorization Group FCOR

1-4-1 Insert authorizations from your template GR##_TMPL

(Menu Path: Edit Insert Authorizations Template)

1-4-2 Save your work.

1-4-3 Generate the profile and use the default name for the profile.

(Menu Path: Authorizations Generate)

1-4-4 Return to the Activity Group detail screen.

1-5 Go to the Agent assignment screen by pressing the Agent Assigment pushbutton.

Assign the profile to the sample user: SAMPLE##.

1-5-1 Update the user master record.

(Menu Path: Authorizations Compare User Master)

1-6 Login as SAMPLE##. Go to SE16 and answer the following questions:

1-6-1 Can you display table V_T001? Why?

___________________________________________________

1-6-2 Can you change table V_T001? Why?

___________________________________________________

1-6-3 Can you display table V_TGSB? Why?

___________________________________________________

Page 17: Authorizations - Self Study Exercise 1.pdf

1-6-4 Can you change table V_TGSB? Why?

___________________________________________________

1-6-5 Can you display table V_TVKO? Why?

___________________________________________________

Page 18: Authorizations - Self Study Exercise 1.pdf

Unit: Case Studies

Topic: Controlling Program Access using Reporting Trees

At the conclusion of this exercise, you will be able to:

• Control program access using reporting trees

Reporting trees are utilized to allow users to execute reports, and save

lists. Nodes in a reporting tree can be protected using program

Authorization Groups, checked against the authorization object

S_PROGRAM.

Reporting trees can also be made available to web pages. This would

allow an internet user, after supplying a SAP R/3 login, to launch reports

via the web. ABAP programs can only be executed via the web if an

authorization group has been assigned to the attributes. SAP R/3

programs may be assigned authorization groups via the programs

RSCSAUTH and RSABAUTH.

1-1 From the CA940-## user ID, use transaction SERP to change the report tree for

your group number. You wish to grant the user access to only part of the tree, and

take away the access from the rest:

Table TR-1

Group Application Transaction

code

Report

Tree

1 Cash Budget Management FMRB FMCB

2 Consolidation GC50 FILC

3 Controlling orders KOC2 OPA1

4 Cost & Revenue Element Accounting KALM RCL1

5 Cost Center Acct'g KSBB RKS1

6 Customers F.99 FIAR

7 General Ledger F.97 FIGL

8 Investm.Mgt. IMI0 IMFA

9 Profit.Center Acct'g KE5A PCA1

Continued on next page

Page 19: Authorizations - Self Study Exercise 1.pdf

10 Project information system CJR1 PS01

11 Spec.Purp.GL GD00 FISL

12 Vendors F.98 FIAP

1-1-1 Double-click on the first line of the tree.

1-1-2 From this “Change Nodes” screen, go to the node attributes.

(Menu path: Node Attributes)

For the "New" group name enter UNAUTH. Hit enter then save.

1-1-3 Go back to the main screen: ‘Change Report Tree'

1-1-4 For one of the lower level nodes, perform the same procedure as above and

set the authorization group name to GRP##.

1-2 Modify your activity group SAMPLE##_AG.

1-2-1 Go to the menu selection screen by pressing the Menu pushbutton.

1-2-2 Select the following transactions from the Company Menu:

Task Menu Path

Transaction Code from

Table RT-1

???

Find your transaction code using the find utility (the binoculars in

the top toolbar)

Select this transaction by clicking on the checkbox to fill it in and set

the traffic light to green.

1-2-3 Return to the Activity Group Detail screen.

1-3 Go to the authorization profile screen via the selection screen.

(Menu path: Goto Authorization Profile w/ Selection)

The text below the authorization pushbutton will indicate that the profile needs

to be merged.

1-3-1 Select: Read old data and merge with new.

This allows you not to lose any previous authorizations that have

been assigned, and inherit the new authorizations based on:

New Menu Selections

New information in the configuration tables

1-3-2 You need to insert the S_PROGRAM authorization object manually.

(Menu path: Edit Insert auth. Insert manually).

1-3-3 From the Authorization Profile screen, find this “Manual” object and the

following field values:

Page 20: Authorizations - Self Study Exercise 1.pdf

Authorization Object S_PROGRAM

Field Name Value

Action SUBMIT

VARIANT

Authorization Group GRP##

1-3-4 Save your work.

1-3-5 Regenerate the profile.

1-4 Logoff the SAMPLE## user and log back on to get this new authorization (the

profile is already assigned to the user).

1-4-1 Test your reporting transaction by entering the transaction code for the your

reporting tree transaction (Table RT-1)

1-4-2 Try executing a report under the node you have assigned the program group

‘UNAUTH'.

Use transaction code SU53 and check which authorization check

failed.

1-4-3 Try executing a report under the node you have assigned the program group

‘GRP##' to.

If the report failed to run, use SU53 to see what additional

authorization is required. The message should be for an object other

than S_PROGRAM for group UNAUTH.

You have been granted access to navigate to the report via the report

tree, but may require additional authorization to run the report itself.

Page 21: Authorizations - Self Study Exercise 1.pdf

Unit: Case Studies

Topic: Structured Authorizations using an Organizational

Plan

At the conclusion of this exercise, you will be able to:

• Create an organizational plan

• Assign users to your organizational plan

• Assign Roles and responsibilities to your organizational plan

Structured authorizations can be used whether you have implemented the

Human Resources module or not. This solution allows the security team

to concentrate on assigning the appropriate authorizations to positions in

an organization, and not directly to users. This forces the business

community to properly define the roles and positions of all users in an

organization.

1-1 Create an organizational structure for your organization.

(Menu Path: Tools SAP Business Workflow Oranizational Plan, Simple

Maintenance Organizational Plan Create)

1-1-1 Create an organization unit Z##ORGPLAN.

1-1-2 Create subsidiary organizational units: (Select ‘Create' Icon)

Z##DepMAT

Z##DepVND

Z##DepADM

1-2 Go to the Staff Assignments View to create positions for your organizational units.

(Menu Path: Goto Staff Assignments)

1-2-1 Create a position Z##PosMat for your organizational unit Z##DepMAT.

Select ‘Create Position' while having your cursor on the org. unit

Z##DepMAT.

Normally, a job would be created and have multiple positions

assigned to it. If you ignore the warning message, the system will

allow you to create the postion without a job.

1-2-2 Create a position Z##Vnd1000 for your organizational unit Z##DepVND.

1-2-3 Create a position Z##Vnd3000 for your organizational unit Z##DepVND.

1-2-4 Create a position Z##PosAdm for your organizational unit Z##DepADM.

1-3 Assign the following holders to the positions as listed. Select ‘Assign Holder' while

having your cursor on the appropriate position.

Page 22: Authorizations - Self Study Exercise 1.pdf

User Position

MAT## Z##PosMat

VEND##_C1 Z##Vnd1000

VEND##_C3 Z##Vnd3000

USRADM## Z##PosAdm

1-4 Go to the Task Assignments view and assign the following responsibilities and

Roles to your positions:

1-4-1 Select ‘Task Profile' while having your cursor on the appropriate position.

1-4-2 From the Create Task screen, select ‘Assign Task' for Roles and ‘Assign

Responsibility' for Responsiblities.

Position Type Name

Z##PosMat Task MAT##_AG

Z##Vnd1000 Responsibility VND##_1000

Z##Vnd3000 Responsibility VND##_3000

Z##PosAdm Task ADM##_AG

1-5 Display the activity group MAT##AG.

1-5-1 Go to the Agent Assignment screen.

1-5-2 What is the activity group assigned to?

1-5-3 Perform the User Master Update to update the user record.

Note that the association of the activity group to the position has

already been maintained. This, however, does not effect the User

Master Records directly. So far, only the object relationships have

been maintained in the infotypes. The User Master Record must be

reconcoliated to receive the new profile assignment.

1-6 Display the activity group VEND##_AG

1-6-1 Go to the Responisbilites screen.

1-6-2 What are the responsibilities assigned to?

1-6-3 Perform the User Master Update to update the user record.

1-7 Display the activity group ADM##_AG

1-7-1 Go to the Agent Assignment screen.

1-7-2 What is the activity group assigned to?

1-7-3 Remove the direct assignment to user USRADM##.

Page 23: Authorizations - Self Study Exercise 1.pdf

1-7-4 Perform the User Master Update to update the user record.

Typically, you would execute the user master update program once,

without specifying an Activity Group. This would update all users

in the current client. Use transaction PFUD for this process.

Page 24: Authorizations - Self Study Exercise 1.pdf

Unit: Specialized Administration Topics

Topic: Troubleshooting Tools

At the conclusion of this exercise, you will be able to:

• Use the trouble shooting tools SU53 and SU56 to verify failed

authorization and user buffer contents.

1-1 Logon as your users and attempt to use the transactions they are authorized to.

1-1-1 Logon as: Vendor Master User for Company 1000. User ID:

VEND##_C1.Create a vendor using transaction FK01.

Use the following information: Vendor number 10##, Company Code: 1000.

Enter all required fields, press ‘Save' when complete.

1-1-2 Were you successful?

___________________________________________________

1-2 Logon as: Vendor Master User for Company 3000. User ID VEND##_C3. Try to

change the vendor, using transaction FK02, created by user VEND##_C1.

1-2-1 Were you successful?

___________________________________________________

1-2-2 What was the missing authorization and values?

___________________________________________________

1-3 Logon as: Material Master User. User ID: MAT##

1-3-1 Try to change an existing material using MM02. Were you successful?

___________________________________________________

1-3-2 Try to display a vendor using transaction FK01. Were you successful?

___________________________________________________

1-3-3 What are the contents of the user buffer?

___________________________________________________

Unit: Specialized Administration Topics

Topic: Transport And Control

Page 25: Authorizations - Self Study Exercise 1.pdf

At the conclusion of this exercise, you will be able to:

• Add Roles to Change Requests for transporting

1-1 Manually assign your Roles to a transport.

1-1-1 Go to the Roles Maintenance screen

Menu Path: Tools Administration, User Maintenance Roles

1-1-2 Enter the activity group MAT##AG and press the ‘Transport' Icon.

1-1-3 Create a new Change Request and note the number.

__________________________________________________

1-1-4 Enter the activity group VEND##_AG and press the ‘Transport' Icon. Use

the same Change Request as in 1-1-3.

1-1-5 Enter the activity group ADM##_AG. Use the same Change Request as in

1-1-3.

1-1-7 What is another mechanism for adding Roles to a change request?

___________________________________________________

1-1-8 Why were change requests not automatically requested for the Roles you

created initially?

2-1 Go to the Transport Organizer and view the Workbench Organizer to look at the

open requests.

(Menu Path: Tools Administration, Transports Transport Organizer)

2-1-1 Press ‘Workbench Organizer'. What objects are to be transported?

___________________________________________________

2-1-2 Return to the Transport Organizer

2-2 View the Customizing Organizer and look at the open requests.

2-2-1 What objects are to be transported?

___________________________________________________

Unit: Specialized Administration Topics

Topic: Information System/ Audit Information System

At the conclusion of this exercise, you will be able to:

• Execute reports in both Information System and Audit Information

System

Page 26: Authorizations - Self Study Exercise 1.pdf

1. Execute various programs in both the Information System and the Audit Information

System.


Top Related