[1433] in SAPr3-news
Re: THE authorization Concept. (R3)
daemon@ATHENA.MIT.EDU (Kent518)
Tue May 28 01:37:45 1996
To: sapr3-news@MIT.EDU
Date: 28 May 1996 00:09:07 -0400
From: kent518@aol.com (Kent518)
You are correct, security within SAP is not easy.
Best advice, although simple is to practice KISS - keep it simple stupid.
Seriously, start by identifying transactions you desire for a particular
profile (ie. accounts payable clerk, receiver, etc.) and determine the
objects needed for each transaction. When you have a compilation of the
transactions and objects, you need to construct and revisit the profiles.
You are likely to have numerous overlaps and may have access to
transactions you did not intend. Best here to re-evaluate if it is
necessary to prevent access.
Also, try to identify "levels" of profiles that build upon each other.
This will make it easier and quicker to assemble. DO NOT CREATE CUSTOM
IDS FOR EACH USER. I work for a Fortune 150 company implementing
MM(purch) and FI/CO. We had 2 full time security persons plus alot of
work by the process team members working at least 2 months to establish
security controls.
Finally, the transaction /nsu53 is helpful in determining WHY a
transaction connot be accessed.
Hope this helps
