A user may need several authorizations to perform an
operation in the SAP system.
The SAP authorization concept, based on authorization
objects, has been realized to provide an understandable and simple procedure.
Users are assigned Roles and Profiles which contain Authorization
Objects
Profiles contain Authorization Objects and Roles contain
Profiles.
We can Create Roles using T-code PFCG.
Three Types of Roles available in SAP.
1) Single Roles
2) Composite Roles
3) Derived Roles
1) Single Roles: Roles
which contain authorization data and profile.
2) Composite Roles: collection of roles will call as
composite roles. These roles don’t contain any authorization data.
PFB screens for creation of single role, Composite Role
& Derived role:
Custom roles start with Z or Y.
SAP slandered roles starts with SAP*
Z[C/S][XX]:[XXXXXXXX]
; Where Z signifies that it's a custom role, [C/S] composite or simple role,
[XX] 2-character departmental designator, and [XXXXXXXX] a brief description.
Composite Role
in next topic will create and release transport request for these roles .
No comments:
Post a Comment