To define and set up the security required for the project team members across the different systems in the solution landscape
1. Identify the users and theirs roles in the project team.
2. Develop and test the appropriate security profiles and roles.
3. Assign them to the team members.
4. Establish procedures to assign roles in future to new team members.
To help you carry out this task, use:
· Profile Generator
· SAP Solution Architect
· SAP Solution Architect comes with various predefined project roles that your can tailor to your requirements. For more information, see the SAP Solution Architect online help.
· See the Simplification Group link below for information the Authorizations Made Easy Guidebook
· Do not assign full privileges (SAP_ALL, SAP_NEW) to project team members unless expressly required.
· There should be a very limited number of superusers in each system. Treat superuser accounts like root in UNIX.
· Profile <company name>_ALL limits risk on the development system by enabling you to control:
· Who can create and maintain users, profiles, and authorizations
· Attempts to lock transactions, delete user sessions, stop work processes, and any other basic administration functions