05th May - Running notes
05th May - Running notes
What is an ERP?
Enterprise Resource Planning
Integrated System
Resources – Money/Materials/People
Flower Business:
Initial Stage:
Growth:
Adopting separate software:
Accounting
Warehouse system
HR Software
Production
Sales Vs Production
Integration is Key
Modularity
Real-Time data -
Common Database -
Connected Processes -
Manage Entire Company -
Enterprise-Wide Integration -
Consistent Look and Feel -
Benefits:
Higher Productivity -
Improved Inventory Management -
Better Insights -
Less complexity(IT Perspective) -
HIGH Security -
What is SAP?
SAP – Company (SAP SE)
SAP: Software(ERP)
SAP ERP
BWM:
SAP System => HUGE COMPLEX BUILDING (Financial data, customer order, employee
details, car designs etc.)
SAP Security => Entire Security System (Locks, Gaurds, access badges, Cameras etc etc)
1. Protection of Data
2. Access Controls
3. Compliance
Impact:
Prevents internal Frauds –
Ensures correct actions –
Protects senstive data –
Three-system landscape:
Development(DEV) –
Quality(QAS) -
Production(PRD) -
Sandbox(playground) -
Training systems –
DEV:
DEV =>
S/4 HANA => SD4
GRC => GD4
QA =>
S/4 HANA => SQ4
GRC => GQ4
Prod =>
S/4 HANA => SP4
GRC => GP4
DEV =>
S/4 HANA => SD4
Standard clients:
000 – Master reference.
001 – Exact copy of 000
066 – For SAP (Earlywatch service)
Default Users:
SAP* =>
DDIC =>
EARLYWATCH =>
Implementation Projects -
Support Projects -
Rollout Projects -
Upgrade Projects –
Coversion/Migration Projects -
Development Project –
1. User Administration
2. SAP Authorizations Overview
3. Role Maintenance(PFCG)
4. Authorization Maintenance (SU24, SU22, SU25)
5. Analyse Authorization issues (Troubleshooting)
6. Transporting Authorizations
7. Special Authorizations (RFC, Table level security, Critical authorizations etc.)
8. Security Audit Tools (SM19/SM20)
9. Optimization
User Administration:
Creating new accounts => Create a new accounts, copy from existing users
Modifying accounts => Lock/Unlock, Validity, Reset Password, User Attributes, User groups
etc. etc.
Managing Access => Roles assingments/removals.
Monitoring =>
User Types:
1. Dialog User –
2. System User –
3. Communcation User – (RFC – Remote Function Call)
4. Service User –
5. Reference User Type –
Selection Critirea:
Navigation:
SU01 =>
SU01
/nSE38
/nSE16
/oSE38
/oSE16
==============
To check code (or) directly execute the program => SE38(ABAP Editor)/SA38(Program
Execution)
Welcome
India
Password
123
BMW
Sumanth@BMW
BMW@108
Password policies:
TEST_SK_UA01
BMW
USR*
User Locks
0 – Not Locked
32 – Global Lock (CUA)
64 – Administration lock (System Administator)
128 – Incorrect login attempts
Cumulative -
Authorizations:
1. User Buffer
2. Authentication Vs Authorizations
3. Understand Authorization Components (Auth Class, Auth Objects, Auth Field&Values)
4. Roles & Profiles (Building blocks)
5. Different types of Roles (Single/Composite roles; Single – Master/Derived/Enabler etc)?
6. Role Building
Authentication Vs Authorizations
Autentication – Happens outside the system
Authorizations – Happens inside the system
****User Buffer:
(Authorization Container) – SU56
SAP Authorizations:
Components of an Authorizations:
Hierarchy
Auth Field values => Auth Fields => Auth Object => Auth Class => Auth Profiles => Role =>
User
Authorization Defaults:
SU01
VA01
Default Auth Values => Auth Objects/Auth Fields/Auth Default Field values
Using SU25 tcode => We copy all the data from SU22(USOBT & USOBX) to SU24(USOBT_C &
USOBX_C)
Create Role => Role Generation(Profile will get generated automatically by System)
Types of Roles:
Single Role – (Z_USER_ADMIN)
Master Roles
Derived Roles
Enabler Roles
Single Roles
Account Payable Supervisor => 10 different single roles (Comp role – Z_AP_SUPERVISOR)
===========
Role Maintenance:
Introduction
Navigation with PFCG
Creation of different roles (Role Building, role naming convention, single roles, composite
roles creation, Master(reference/template) and Derived Roles, Assignments/removals)
Role Menu Objects (Different Applications)
Authorization Maintenance in Roles (Auth Maint buttons, Auth Object status, Maint Org
levels, Where used list)
Role versions/Best practies of role building
Role Overview status
Mass Maintenance options roles – (PFCGMASSVAL)
Transfer of Roles (TR/Transport Request)
Summary
Introduction:
Accounts Payable Clerk – Process Invoices, Make Payemnts, View Vendor data etc.
Roles(Activity groups)
Roles Vs Profiles
Maitain auth in a role => Generate (System creates role profile) => Assign role to user =>
user buffer.
PFCG -
Overview
Role Naming:
Role type:
S – Single Role
M - Master Role
D – Derived Role
C – Composite Role
Z_S4H_S_SD _SALES_ORDER_00000
Z_FIR_M_ SD _XXXXXXX_CXXXX
Z_GRC_D_ SD _XXXXXXX_C1000
Composite Roles:
Master Role(Reference/Template/Parent):
“Store Inventory Manager” => Z:S4:M:SD:STORE_INV_MNGR_XXXX
MB52, MIGO, ZSPOILAGE etc etc.
Add tcodes and maintain authorizations.. (Maintain some dummy values for org levels in
Master role)