Define System Authorization Standards for Project Team

Use

The purpose of this task is to define standards and policies for creating user master records for project team members. An appropriate authorization concept should be worked out for the implementation efforts in the system, both to allow the users access to all necessary activities in the system and to prevent users from making unintentional or unskilled changes in other system areas.

Procedure

When the development (DEV) system is first installed, configurators or customizers, developers, system administrators, recent trainees, and other project members comprise the bulk of the SAP users.

  1. Initial state
    Most users in a newly installed SAP System begin with the SAP_ALL authorization profile in their user master record. This profile allows a user to perform all tasks in an SAP System.
  2. First steps
    At this time, the authorization administrator should be learning the SAP authorization concept. Initially, it is recommended you use one of the SAP delivered activity group templates.
  3. Limiting the number of superusers
    There should be a very limited number of superusers in each system.
  4. Using the Profile Generator
    Using the Profile Generator, the security administrator develops activity groups and authorization profiles in the DEV system.
  5. Documentation of authorization design
    Documentation is especially important from the beginning. It helps future rollouts of the project go smoothly. Documentation is essential to pass on authorization administrator functions to other project members and is required by auditors.
  6. Cooperation with client copy activities
    The authorization administrator should work closely with the administrators who are responsible for client copies. End users, activity groups, authorization profiles, and authorizations are all client-specific.
  7. Cooperation with ABAP Development Workbench users
    The authorization administrator should work closely with the developers to enforce security standards for new ABAP
    programs and transactions.
  8. Cooperation with corporate auditors
    The authorization administrator should now consider involving the corporate auditors. It is recommended you involve the corporate auditors at the beginning so their requirements are incorporated in the development efforts.

You can use the following tools to help you carry out this task:

Result

An authorization concept for the duration of the implementation project has been defined. This concept is focused on the needs of the project teams in the development and quality assurance testing system.