Volker Lehnert, Katharina Bonitz, Larry Justice
Authorizations in SAP Software
Design and Configuration
Volker Lehnert, Katharina Bonitz, Larry Justice
Authorizations in SAP Software
Design and Configuration
- Gebundenes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
This book gives you a practical and comprehensive introduction to the design and management of authorizations in SAP. You'll learn how to develop a meaningful authorization concept that meets statutory requirements and is tailored to your business processes. And you'll learn how those processes are implemented as authorizations in your SAP system. In addition you'll gain insight into which tools and functions of the change management process in SAP play a role in designing and implementing an authorizations concept, and learn about SAP NetWeaver IdM, CUA, SAP BusinessObjects Access Control,…mehr
This book gives you a practical and comprehensive introduction to the design and management of authorizations in SAP. You'll learn how to develop a meaningful authorization concept that meets statutory requirements and is tailored to your business processes. And you'll learn how those processes are implemented as authorizations in your SAP system. In addition you'll gain insight into which tools and functions of the change management process in SAP play a role in designing and implementing an authorizations concept, and learn about SAP NetWeaver IdM, CUA, SAP BusinessObjects Access Control, and the UME. Finally, you'll discover how to implement an authorizations concept in various other SAP applications and components (SAP ERP, HCM, CRM, SRM, and BW).
1. Organizational PermissionsLearn how to develop a systematic differentiation of roles and permissions in SAP ERP. You'll alsolearn how to assign roles for the organizational management of SAP ERP HCM.
2. Legal FrameworksDiscover the legal and regulatory scenarios (i.e., accounting law and data governance) that arerelevant to your business, and how they fit into the authorization concept.
3. SAP Tools for Change ManagementMaster the essential tools for authorizations management, including the Role Manager, CUA,SAP BusinessObjects Access Control, SAP NetWeaver IdM, UME, and more.
4. Technical Basics and CustomizingLearn which features are relevant to user maintenance and the basic settings necessary for ameaningful functional separation.
5. Authorizations in SAP SystemsGain an in-depth understanding of the core processes of SAP ERP, as well as the specific requirements of SAP ERP HCM, SAP CRM, SAP SRM and SAP NetWeaver.
Highlights:
Organization and permissionsLegal frameworkTechnical principles of the change management processSystem preferences and customizingRole assignment via Organizational ManagementRole ManagerCentral User Administration (CUA)SAP NetWeaver Identity Management (IdM)SAP BusinessObjects Access ControlUser Management Engine (UME)Authorizations in HCM, CRM, SRM, and BWPermissions in Financial AccountingLogistics and administration
1. Organizational PermissionsLearn how to develop a systematic differentiation of roles and permissions in SAP ERP. You'll alsolearn how to assign roles for the organizational management of SAP ERP HCM.
2. Legal FrameworksDiscover the legal and regulatory scenarios (i.e., accounting law and data governance) that arerelevant to your business, and how they fit into the authorization concept.
3. SAP Tools for Change ManagementMaster the essential tools for authorizations management, including the Role Manager, CUA,SAP BusinessObjects Access Control, SAP NetWeaver IdM, UME, and more.
4. Technical Basics and CustomizingLearn which features are relevant to user maintenance and the basic settings necessary for ameaningful functional separation.
5. Authorizations in SAP SystemsGain an in-depth understanding of the core processes of SAP ERP, as well as the specific requirements of SAP ERP HCM, SAP CRM, SAP SRM and SAP NetWeaver.
Highlights:
Organization and permissionsLegal frameworkTechnical principles of the change management processSystem preferences and customizingRole assignment via Organizational ManagementRole ManagerCentral User Administration (CUA)SAP NetWeaver Identity Management (IdM)SAP BusinessObjects Access ControlUser Management Engine (UME)Authorizations in HCM, CRM, SRM, and BWPermissions in Financial AccountingLogistics and administration
Produktdetails
- Produktdetails
- SAP Press
- Verlag: Rheinwerk Verlag
- Seitenzahl: 684
- Erscheinungstermin: Juli 2010
- Englisch
- Abmessung: 690mm x 90mm
- Gewicht: 1204g
- ISBN-13: 9781592293421
- ISBN-10: 1592293425
- Artikelnr.: 28109970
- Herstellerkennzeichnung Die Herstellerinformationen sind derzeit nicht verfügbar.
- SAP Press
- Verlag: Rheinwerk Verlag
- Seitenzahl: 684
- Erscheinungstermin: Juli 2010
- Englisch
- Abmessung: 690mm x 90mm
- Gewicht: 1204g
- ISBN-13: 9781592293421
- ISBN-10: 1592293425
- Artikelnr.: 28109970
- Herstellerkennzeichnung Die Herstellerinformationen sind derzeit nicht verfügbar.
Lehnert, VolkerVolker Lehnert has worked at SAP for eight years. He has worked for SAP (Switzerland) AG since 2008, where he is a consultant on all topics concerning the authorization system, and continuously returns the authorization system to its core questions: business functions, organizational concepts, and legal requirements. Within this scope, his consulting work focuses on authorization concepts, SAP BusinessObjects Access Control, and the processes of User Life Cycle Management. Furthermore, Volker Lehnert is co-author of the data privacy guideline of the German-speaking SAP User Group (DSAG).
Stelzner, KatharinaKatharina Bonitz has worked as a technology consultant at SAP Deutschland AG since 2006, where her work focuses on the authorization concepts in the CRM environment. She works in national and international projects and regularly holds authorization workshops. She received a degree in engineeringfrom Leipzig University of Applied Sciences, Germany. Katharina Bonitz is the author of Chapter 13, User Management Engine, Chapter 15, Authorizationsin SAP CRM, and Chapter 16, Authorizations in SAP SRM.
Stelzner, KatharinaKatharina Bonitz has worked as a technology consultant at SAP Deutschland AG since 2006, where her work focuses on the authorization concepts in the CRM environment. She works in national and international projects and regularly holds authorization workshops. She received a degree in engineeringfrom Leipzig University of Applied Sciences, Germany. Katharina Bonitz is the author of Chapter 13, User Management Engine, Chapter 15, Authorizationsin SAP CRM, and Chapter 16, Authorizations in SAP SRM.
1... Introduction ... 23
PART I Business Concepts
2... Introduction and Concept Definition ... 29
... 2.1 ... Methodical Considerations ... 30
... 2.2 ... Compliance ... 33
... 2.3 ... Risk ... 34
... 2.4 ... Corporate Governance ... 38
... 2.5 ... Technical Versus Business Significance of the Authorization Concept ... 40
... 2.6 ... Technical Versus Business Roles ... 42
3 ... Organization and Authorizations ... 45
... 3.1 ... Example of an Organizational Differentiation ... 46
... 3.2 ... Introduction ... 48
... 3.3 ... Institutional Organization Concept ... 50
... 3.4 ... Instrumental Organization Concept ... 54
... 3.5 ... Consequences of the Examination of the Organization ... 72
... 3.6 ... Views of the Organizational Structure in SAP Systems ... 73
... 3.7 ... Organizational Levels and Structures in SAP ERP ... 83
... 3.8 ... Information on the Methodology in the Project ... 91
... 3.9 ... Summary ... 93
4 ... Legal Framework - Standardization Framework ... 95
... 4.1 ... Basic Principles of Internal and External Regulations ... 96
... 4.2 ... Internal Control System ... 100
... 4.3 ... Sources of Law for External Accounting ... 101
... 4.4 ... Data Privacy Laws ... 107
... 4.5 ... General Requirements for Authorization Concepts ... 115
... 4.6 ... Summary ... 121
5 ... Authorizations in the Process View ... 123
... 5.1 ... Process Overview ... 123
... 5.2 ... The Sales Process ... 125
... 5.3 ... The Procurement Process ... 131
... 5.4 ... Support Processes ... 136
... 5.5 ... Requirements of the Separation of Duties ... 139
... 5.6 ... Summary ... 140
PART II Tools and Authorization Maintenance in the SAP System
6 ... Basic Technical Principles of Authorization Maintenance ... 145
... 6.1 ... User/Authorization ........................................................ 145
... 6.2 ... Transaction - Program - Authorization Object ... 153
... 6.3 ... Role and Role Profiles ... 163
... 6.4 ... Analysis of Authorization Checks ... 193
... 6.5 ... Additional Role Types in SAP ERP .................................. 199
... 6.6 ... Summary ... 202
7 ... System Settings and Customizing ... 203
... 7.1 ... Maintaining and Using the Defaults for the Profile Generator ... 204
... 7.2 ... Upgrading Authorizations ... 218
... 7.3 ... Parameters for Password Rules ... 223
... 7.4 ... Customizing Settings for the Menu Concept ... 226
... 7.5 ... Authorization Groups ... 233
... 7.6 ... Parameter and Query Transactions ... 246
... 7.7 ... Promoting an Authorization Field to an Organizational Level ... 254
... 7.8 ... Developer and Authorization Trace ... 262
... 7.9 ... Creating Authorization Fields and Objects ... 265
... 7.10 ... Further Transactions of the Authorization Administration ... 269
... 7.11 ... Transferring Roles Between Systems or Clients ... 271
... 7.12 ... User Master Comparison ... 274
8 ... Role Assignment via Organizational Management ... 277
... 8.1 ... Basic Concept of SAP ERP HCM Organizational Management ... 278
... 8.2 ... Technical Prerequisites ... 281
... 8.3 ... Technical Implementation ... 281
... 8.4 ... Conceptual Special Feature ... 285
... 8.5 ... Summary ... 286
9 ... Automated Organizational Differentiation: The Role Generator ... 289
... 9.1 ... Challenge and Solution Approach ... 290
... 9.2 ... Implementation Example for the Area Role Concept ... 298
... 9.3 ... Integration, Restrictions, and Prospects ... 307
... 9.4 ... Summary ... 307
10 ... Central Administration of Users and Management of Authorizations ... 309
... 10.1 ... Basic Principles ... 310
... 10.2 ... Central User Administration ... 316
... 10.3 ... SAP BusinessObjects Access Control Compliant User Provisioning ... 325
... 10.4 ... SAP NetWeaver Identity Management ... 331
... 10.5 ... Summary ... 345
... 11 ... Authorizations: Standards and Analysis ... 347
... 11.1 Standards and Their Analysis ... 347
... 11.2 Critical Transactions and Objects ... 356
... 11.3 ... General Evaluations of Technical Standards ... 358
... 11.4 ... Summary ... 365
12 ... SAP BusinessObjects Access Control ... 367
... 12.1 ... Basic Principles ... 367
... 12.2 ... Risk Analysis and Remediation ... 371
... 12.3 ... Enterprise Role Management ... 377
... 12.4 ... Compliant User Provisioning ... 379
... 12.5 ... Superuser Privilege Management ... 381
... 12.6 ... Risk Terminator ... 383
... 12.7 ... Summary ... 384
... 13 ... User Management Engine ... 385
... 13.1 ... Overview of the UME ... 386
... 13.2 ... Authorization Concept of SAP NetWeaver AS Java ... 393
... 13.3 ... User and Role Administration Using the UME ... 399
... 13.4 ... Summary ... 406
PART III Authorization in Specific SAP Solutions
14 ... Authorizations in SAP ERP HCM ... 409
... 14.1 ... Basic Principles ... 409
... 14.2 ... Special Requirements of SAP ERP HCM ... 410
... 14.3 ... Authorizations and Roles ... 412
... 14.4 ... Authorization Main Switch ... 417
... 14.5 ... Organizational Management and Indirect Role Assignment ... 420
... 14.6 ... Structural Authorizations ... 421
... 14.7 ... Context-Sensitive Authorizations ... 426
... 14.8 ... Summary ... 429
15 ... Authorizations in SAP CRM ... 431
... 15.1 ... Basic Principles .............................................................. 432
... 15.2 ... Dependencies Between Business Role and PFCG Roles ... 442
... 15.3 ... Creating PFCG Roles Depending on the Business Roles ... 443
... 15.4 ... Assigning Business Roles and PFCG Roles ... 454
... 15.5 ... Sample Scenarios for Authorizations in SAP CRM ... 463
... 15.6 ... Troubleshooting in the CRM Web Client ... 491
... 15.7 ... Access Control Engine ... 494
... 15.8 ... Summary ... 507
16 ... Authorizations in SAP SRM ... 509
... 16.1 ... Basic Principles ... 509
... 16.2 ... Authorization Assignment in SAP SRM ... 512
... 16.3 ... Summary ... 531
... Authorizations in SAP NetWeaver BW ... 533
... 17.1 ... OLTP Authorizations ... 534
... 17.2 ... Analysis Authorizations ... 536
... 17.3 ... Modeling Authorizations in SAP NetWeaver BW ... 552
... 17.4 ... Summary ... 554
18 ... Processes in SAP ERP - Specific Authorizations ... 555
... 18.1 ... Basic Principles ... 556
... 18.2 ... Authorizations in Financial Accounting ... 558
... 18.3 ... Authorizations in Controlling ... 574
... 18.4 ... Authorizations in Logistics (General) ... 588
... 18.5 ... Authorizations in Purchasing ... 594
... 18.6 ... Authorizations in Sales and Distribution ... 601
... 18.7 ... Authorizations in Technical Processes ... 605
... 18.8 ... Summary ... 616
19 ... Project Concepts and Approaches ... 617
... 19.1 ... Authorization Concept in the Project Context ... 617
... 19.2 ... Procedure Model ... 620
... 19.3 ... SAP Best Practices Template Role Concept ... 628
... 19.4 ... Content of an Authorization Concept ... 636
... 19.5 ... Summary ... 642
Appendices ... 643
... A ... List of Abbreviations ... 645
... B ... Glossary ... 649
... C ... Bibliography ... 661
... D ... The Authors ...
Index ... 665
PART I Business Concepts
2... Introduction and Concept Definition ... 29
... 2.1 ... Methodical Considerations ... 30
... 2.2 ... Compliance ... 33
... 2.3 ... Risk ... 34
... 2.4 ... Corporate Governance ... 38
... 2.5 ... Technical Versus Business Significance of the Authorization Concept ... 40
... 2.6 ... Technical Versus Business Roles ... 42
3 ... Organization and Authorizations ... 45
... 3.1 ... Example of an Organizational Differentiation ... 46
... 3.2 ... Introduction ... 48
... 3.3 ... Institutional Organization Concept ... 50
... 3.4 ... Instrumental Organization Concept ... 54
... 3.5 ... Consequences of the Examination of the Organization ... 72
... 3.6 ... Views of the Organizational Structure in SAP Systems ... 73
... 3.7 ... Organizational Levels and Structures in SAP ERP ... 83
... 3.8 ... Information on the Methodology in the Project ... 91
... 3.9 ... Summary ... 93
4 ... Legal Framework - Standardization Framework ... 95
... 4.1 ... Basic Principles of Internal and External Regulations ... 96
... 4.2 ... Internal Control System ... 100
... 4.3 ... Sources of Law for External Accounting ... 101
... 4.4 ... Data Privacy Laws ... 107
... 4.5 ... General Requirements for Authorization Concepts ... 115
... 4.6 ... Summary ... 121
5 ... Authorizations in the Process View ... 123
... 5.1 ... Process Overview ... 123
... 5.2 ... The Sales Process ... 125
... 5.3 ... The Procurement Process ... 131
... 5.4 ... Support Processes ... 136
... 5.5 ... Requirements of the Separation of Duties ... 139
... 5.6 ... Summary ... 140
PART II Tools and Authorization Maintenance in the SAP System
6 ... Basic Technical Principles of Authorization Maintenance ... 145
... 6.1 ... User/Authorization ........................................................ 145
... 6.2 ... Transaction - Program - Authorization Object ... 153
... 6.3 ... Role and Role Profiles ... 163
... 6.4 ... Analysis of Authorization Checks ... 193
... 6.5 ... Additional Role Types in SAP ERP .................................. 199
... 6.6 ... Summary ... 202
7 ... System Settings and Customizing ... 203
... 7.1 ... Maintaining and Using the Defaults for the Profile Generator ... 204
... 7.2 ... Upgrading Authorizations ... 218
... 7.3 ... Parameters for Password Rules ... 223
... 7.4 ... Customizing Settings for the Menu Concept ... 226
... 7.5 ... Authorization Groups ... 233
... 7.6 ... Parameter and Query Transactions ... 246
... 7.7 ... Promoting an Authorization Field to an Organizational Level ... 254
... 7.8 ... Developer and Authorization Trace ... 262
... 7.9 ... Creating Authorization Fields and Objects ... 265
... 7.10 ... Further Transactions of the Authorization Administration ... 269
... 7.11 ... Transferring Roles Between Systems or Clients ... 271
... 7.12 ... User Master Comparison ... 274
8 ... Role Assignment via Organizational Management ... 277
... 8.1 ... Basic Concept of SAP ERP HCM Organizational Management ... 278
... 8.2 ... Technical Prerequisites ... 281
... 8.3 ... Technical Implementation ... 281
... 8.4 ... Conceptual Special Feature ... 285
... 8.5 ... Summary ... 286
9 ... Automated Organizational Differentiation: The Role Generator ... 289
... 9.1 ... Challenge and Solution Approach ... 290
... 9.2 ... Implementation Example for the Area Role Concept ... 298
... 9.3 ... Integration, Restrictions, and Prospects ... 307
... 9.4 ... Summary ... 307
10 ... Central Administration of Users and Management of Authorizations ... 309
... 10.1 ... Basic Principles ... 310
... 10.2 ... Central User Administration ... 316
... 10.3 ... SAP BusinessObjects Access Control Compliant User Provisioning ... 325
... 10.4 ... SAP NetWeaver Identity Management ... 331
... 10.5 ... Summary ... 345
... 11 ... Authorizations: Standards and Analysis ... 347
... 11.1 Standards and Their Analysis ... 347
... 11.2 Critical Transactions and Objects ... 356
... 11.3 ... General Evaluations of Technical Standards ... 358
... 11.4 ... Summary ... 365
12 ... SAP BusinessObjects Access Control ... 367
... 12.1 ... Basic Principles ... 367
... 12.2 ... Risk Analysis and Remediation ... 371
... 12.3 ... Enterprise Role Management ... 377
... 12.4 ... Compliant User Provisioning ... 379
... 12.5 ... Superuser Privilege Management ... 381
... 12.6 ... Risk Terminator ... 383
... 12.7 ... Summary ... 384
... 13 ... User Management Engine ... 385
... 13.1 ... Overview of the UME ... 386
... 13.2 ... Authorization Concept of SAP NetWeaver AS Java ... 393
... 13.3 ... User and Role Administration Using the UME ... 399
... 13.4 ... Summary ... 406
PART III Authorization in Specific SAP Solutions
14 ... Authorizations in SAP ERP HCM ... 409
... 14.1 ... Basic Principles ... 409
... 14.2 ... Special Requirements of SAP ERP HCM ... 410
... 14.3 ... Authorizations and Roles ... 412
... 14.4 ... Authorization Main Switch ... 417
... 14.5 ... Organizational Management and Indirect Role Assignment ... 420
... 14.6 ... Structural Authorizations ... 421
... 14.7 ... Context-Sensitive Authorizations ... 426
... 14.8 ... Summary ... 429
15 ... Authorizations in SAP CRM ... 431
... 15.1 ... Basic Principles .............................................................. 432
... 15.2 ... Dependencies Between Business Role and PFCG Roles ... 442
... 15.3 ... Creating PFCG Roles Depending on the Business Roles ... 443
... 15.4 ... Assigning Business Roles and PFCG Roles ... 454
... 15.5 ... Sample Scenarios for Authorizations in SAP CRM ... 463
... 15.6 ... Troubleshooting in the CRM Web Client ... 491
... 15.7 ... Access Control Engine ... 494
... 15.8 ... Summary ... 507
16 ... Authorizations in SAP SRM ... 509
... 16.1 ... Basic Principles ... 509
... 16.2 ... Authorization Assignment in SAP SRM ... 512
... 16.3 ... Summary ... 531
... Authorizations in SAP NetWeaver BW ... 533
... 17.1 ... OLTP Authorizations ... 534
... 17.2 ... Analysis Authorizations ... 536
... 17.3 ... Modeling Authorizations in SAP NetWeaver BW ... 552
... 17.4 ... Summary ... 554
18 ... Processes in SAP ERP - Specific Authorizations ... 555
... 18.1 ... Basic Principles ... 556
... 18.2 ... Authorizations in Financial Accounting ... 558
... 18.3 ... Authorizations in Controlling ... 574
... 18.4 ... Authorizations in Logistics (General) ... 588
... 18.5 ... Authorizations in Purchasing ... 594
... 18.6 ... Authorizations in Sales and Distribution ... 601
... 18.7 ... Authorizations in Technical Processes ... 605
... 18.8 ... Summary ... 616
19 ... Project Concepts and Approaches ... 617
... 19.1 ... Authorization Concept in the Project Context ... 617
... 19.2 ... Procedure Model ... 620
... 19.3 ... SAP Best Practices Template Role Concept ... 628
... 19.4 ... Content of an Authorization Concept ... 636
... 19.5 ... Summary ... 642
Appendices ... 643
... A ... List of Abbreviations ... 645
... B ... Glossary ... 649
... C ... Bibliography ... 661
... D ... The Authors ...
Index ... 665
1... Introduction ... 23
PART I Business Concepts
2... Introduction and Concept Definition ... 29
... 2.1 ... Methodical Considerations ... 30
... 2.2 ... Compliance ... 33
... 2.3 ... Risk ... 34
... 2.4 ... Corporate Governance ... 38
... 2.5 ... Technical Versus Business Significance of the Authorization Concept ... 40
... 2.6 ... Technical Versus Business Roles ... 42
3 ... Organization and Authorizations ... 45
... 3.1 ... Example of an Organizational Differentiation ... 46
... 3.2 ... Introduction ... 48
... 3.3 ... Institutional Organization Concept ... 50
... 3.4 ... Instrumental Organization Concept ... 54
... 3.5 ... Consequences of the Examination of the Organization ... 72
... 3.6 ... Views of the Organizational Structure in SAP Systems ... 73
... 3.7 ... Organizational Levels and Structures in SAP ERP ... 83
... 3.8 ... Information on the Methodology in the Project ... 91
... 3.9 ... Summary ... 93
4 ... Legal Framework - Standardization Framework ... 95
... 4.1 ... Basic Principles of Internal and External Regulations ... 96
... 4.2 ... Internal Control System ... 100
... 4.3 ... Sources of Law for External Accounting ... 101
... 4.4 ... Data Privacy Laws ... 107
... 4.5 ... General Requirements for Authorization Concepts ... 115
... 4.6 ... Summary ... 121
5 ... Authorizations in the Process View ... 123
... 5.1 ... Process Overview ... 123
... 5.2 ... The Sales Process ... 125
... 5.3 ... The Procurement Process ... 131
... 5.4 ... Support Processes ... 136
... 5.5 ... Requirements of the Separation of Duties ... 139
... 5.6 ... Summary ... 140
PART II Tools and Authorization Maintenance in the SAP System
6 ... Basic Technical Principles of Authorization Maintenance ... 145
... 6.1 ... User/Authorization ........................................................ 145
... 6.2 ... Transaction - Program - Authorization Object ... 153
... 6.3 ... Role and Role Profiles ... 163
... 6.4 ... Analysis of Authorization Checks ... 193
... 6.5 ... Additional Role Types in SAP ERP .................................. 199
... 6.6 ... Summary ... 202
7 ... System Settings and Customizing ... 203
... 7.1 ... Maintaining and Using the Defaults for the Profile Generator ... 204
... 7.2 ... Upgrading Authorizations ... 218
... 7.3 ... Parameters for Password Rules ... 223
... 7.4 ... Customizing Settings for the Menu Concept ... 226
... 7.5 ... Authorization Groups ... 233
... 7.6 ... Parameter and Query Transactions ... 246
... 7.7 ... Promoting an Authorization Field to an Organizational Level ... 254
... 7.8 ... Developer and Authorization Trace ... 262
... 7.9 ... Creating Authorization Fields and Objects ... 265
... 7.10 ... Further Transactions of the Authorization Administration ... 269
... 7.11 ... Transferring Roles Between Systems or Clients ... 271
... 7.12 ... User Master Comparison ... 274
8 ... Role Assignment via Organizational Management ... 277
... 8.1 ... Basic Concept of SAP ERP HCM Organizational Management ... 278
... 8.2 ... Technical Prerequisites ... 281
... 8.3 ... Technical Implementation ... 281
... 8.4 ... Conceptual Special Feature ... 285
... 8.5 ... Summary ... 286
9 ... Automated Organizational Differentiation: The Role Generator ... 289
... 9.1 ... Challenge and Solution Approach ... 290
... 9.2 ... Implementation Example for the Area Role Concept ... 298
... 9.3 ... Integration, Restrictions, and Prospects ... 307
... 9.4 ... Summary ... 307
10 ... Central Administration of Users and Management of Authorizations ... 309
... 10.1 ... Basic Principles ... 310
... 10.2 ... Central User Administration ... 316
... 10.3 ... SAP BusinessObjects Access Control Compliant User Provisioning ... 325
... 10.4 ... SAP NetWeaver Identity Management ... 331
... 10.5 ... Summary ... 345
... 11 ... Authorizations: Standards and Analysis ... 347
... 11.1 Standards and Their Analysis ... 347
... 11.2 Critical Transactions and Objects ... 356
... 11.3 ... General Evaluations of Technical Standards ... 358
... 11.4 ... Summary ... 365
12 ... SAP BusinessObjects Access Control ... 367
... 12.1 ... Basic Principles ... 367
... 12.2 ... Risk Analysis and Remediation ... 371
... 12.3 ... Enterprise Role Management ... 377
... 12.4 ... Compliant User Provisioning ... 379
... 12.5 ... Superuser Privilege Management ... 381
... 12.6 ... Risk Terminator ... 383
... 12.7 ... Summary ... 384
... 13 ... User Management Engine ... 385
... 13.1 ... Overview of the UME ... 386
... 13.2 ... Authorization Concept of SAP NetWeaver AS Java ... 393
... 13.3 ... User and Role Administration Using the UME ... 399
... 13.4 ... Summary ... 406
PART III Authorization in Specific SAP Solutions
14 ... Authorizations in SAP ERP HCM ... 409
... 14.1 ... Basic Principles ... 409
... 14.2 ... Special Requirements of SAP ERP HCM ... 410
... 14.3 ... Authorizations and Roles ... 412
... 14.4 ... Authorization Main Switch ... 417
... 14.5 ... Organizational Management and Indirect Role Assignment ... 420
... 14.6 ... Structural Authorizations ... 421
... 14.7 ... Context-Sensitive Authorizations ... 426
... 14.8 ... Summary ... 429
15 ... Authorizations in SAP CRM ... 431
... 15.1 ... Basic Principles .............................................................. 432
... 15.2 ... Dependencies Between Business Role and PFCG Roles ... 442
... 15.3 ... Creating PFCG Roles Depending on the Business Roles ... 443
... 15.4 ... Assigning Business Roles and PFCG Roles ... 454
... 15.5 ... Sample Scenarios for Authorizations in SAP CRM ... 463
... 15.6 ... Troubleshooting in the CRM Web Client ... 491
... 15.7 ... Access Control Engine ... 494
... 15.8 ... Summary ... 507
16 ... Authorizations in SAP SRM ... 509
... 16.1 ... Basic Principles ... 509
... 16.2 ... Authorization Assignment in SAP SRM ... 512
... 16.3 ... Summary ... 531
... Authorizations in SAP NetWeaver BW ... 533
... 17.1 ... OLTP Authorizations ... 534
... 17.2 ... Analysis Authorizations ... 536
... 17.3 ... Modeling Authorizations in SAP NetWeaver BW ... 552
... 17.4 ... Summary ... 554
18 ... Processes in SAP ERP - Specific Authorizations ... 555
... 18.1 ... Basic Principles ... 556
... 18.2 ... Authorizations in Financial Accounting ... 558
... 18.3 ... Authorizations in Controlling ... 574
... 18.4 ... Authorizations in Logistics (General) ... 588
... 18.5 ... Authorizations in Purchasing ... 594
... 18.6 ... Authorizations in Sales and Distribution ... 601
... 18.7 ... Authorizations in Technical Processes ... 605
... 18.8 ... Summary ... 616
19 ... Project Concepts and Approaches ... 617
... 19.1 ... Authorization Concept in the Project Context ... 617
... 19.2 ... Procedure Model ... 620
... 19.3 ... SAP Best Practices Template Role Concept ... 628
... 19.4 ... Content of an Authorization Concept ... 636
... 19.5 ... Summary ... 642
Appendices ... 643
... A ... List of Abbreviations ... 645
... B ... Glossary ... 649
... C ... Bibliography ... 661
... D ... The Authors ...
Index ... 665
PART I Business Concepts
2... Introduction and Concept Definition ... 29
... 2.1 ... Methodical Considerations ... 30
... 2.2 ... Compliance ... 33
... 2.3 ... Risk ... 34
... 2.4 ... Corporate Governance ... 38
... 2.5 ... Technical Versus Business Significance of the Authorization Concept ... 40
... 2.6 ... Technical Versus Business Roles ... 42
3 ... Organization and Authorizations ... 45
... 3.1 ... Example of an Organizational Differentiation ... 46
... 3.2 ... Introduction ... 48
... 3.3 ... Institutional Organization Concept ... 50
... 3.4 ... Instrumental Organization Concept ... 54
... 3.5 ... Consequences of the Examination of the Organization ... 72
... 3.6 ... Views of the Organizational Structure in SAP Systems ... 73
... 3.7 ... Organizational Levels and Structures in SAP ERP ... 83
... 3.8 ... Information on the Methodology in the Project ... 91
... 3.9 ... Summary ... 93
4 ... Legal Framework - Standardization Framework ... 95
... 4.1 ... Basic Principles of Internal and External Regulations ... 96
... 4.2 ... Internal Control System ... 100
... 4.3 ... Sources of Law for External Accounting ... 101
... 4.4 ... Data Privacy Laws ... 107
... 4.5 ... General Requirements for Authorization Concepts ... 115
... 4.6 ... Summary ... 121
5 ... Authorizations in the Process View ... 123
... 5.1 ... Process Overview ... 123
... 5.2 ... The Sales Process ... 125
... 5.3 ... The Procurement Process ... 131
... 5.4 ... Support Processes ... 136
... 5.5 ... Requirements of the Separation of Duties ... 139
... 5.6 ... Summary ... 140
PART II Tools and Authorization Maintenance in the SAP System
6 ... Basic Technical Principles of Authorization Maintenance ... 145
... 6.1 ... User/Authorization ........................................................ 145
... 6.2 ... Transaction - Program - Authorization Object ... 153
... 6.3 ... Role and Role Profiles ... 163
... 6.4 ... Analysis of Authorization Checks ... 193
... 6.5 ... Additional Role Types in SAP ERP .................................. 199
... 6.6 ... Summary ... 202
7 ... System Settings and Customizing ... 203
... 7.1 ... Maintaining and Using the Defaults for the Profile Generator ... 204
... 7.2 ... Upgrading Authorizations ... 218
... 7.3 ... Parameters for Password Rules ... 223
... 7.4 ... Customizing Settings for the Menu Concept ... 226
... 7.5 ... Authorization Groups ... 233
... 7.6 ... Parameter and Query Transactions ... 246
... 7.7 ... Promoting an Authorization Field to an Organizational Level ... 254
... 7.8 ... Developer and Authorization Trace ... 262
... 7.9 ... Creating Authorization Fields and Objects ... 265
... 7.10 ... Further Transactions of the Authorization Administration ... 269
... 7.11 ... Transferring Roles Between Systems or Clients ... 271
... 7.12 ... User Master Comparison ... 274
8 ... Role Assignment via Organizational Management ... 277
... 8.1 ... Basic Concept of SAP ERP HCM Organizational Management ... 278
... 8.2 ... Technical Prerequisites ... 281
... 8.3 ... Technical Implementation ... 281
... 8.4 ... Conceptual Special Feature ... 285
... 8.5 ... Summary ... 286
9 ... Automated Organizational Differentiation: The Role Generator ... 289
... 9.1 ... Challenge and Solution Approach ... 290
... 9.2 ... Implementation Example for the Area Role Concept ... 298
... 9.3 ... Integration, Restrictions, and Prospects ... 307
... 9.4 ... Summary ... 307
10 ... Central Administration of Users and Management of Authorizations ... 309
... 10.1 ... Basic Principles ... 310
... 10.2 ... Central User Administration ... 316
... 10.3 ... SAP BusinessObjects Access Control Compliant User Provisioning ... 325
... 10.4 ... SAP NetWeaver Identity Management ... 331
... 10.5 ... Summary ... 345
... 11 ... Authorizations: Standards and Analysis ... 347
... 11.1 Standards and Their Analysis ... 347
... 11.2 Critical Transactions and Objects ... 356
... 11.3 ... General Evaluations of Technical Standards ... 358
... 11.4 ... Summary ... 365
12 ... SAP BusinessObjects Access Control ... 367
... 12.1 ... Basic Principles ... 367
... 12.2 ... Risk Analysis and Remediation ... 371
... 12.3 ... Enterprise Role Management ... 377
... 12.4 ... Compliant User Provisioning ... 379
... 12.5 ... Superuser Privilege Management ... 381
... 12.6 ... Risk Terminator ... 383
... 12.7 ... Summary ... 384
... 13 ... User Management Engine ... 385
... 13.1 ... Overview of the UME ... 386
... 13.2 ... Authorization Concept of SAP NetWeaver AS Java ... 393
... 13.3 ... User and Role Administration Using the UME ... 399
... 13.4 ... Summary ... 406
PART III Authorization in Specific SAP Solutions
14 ... Authorizations in SAP ERP HCM ... 409
... 14.1 ... Basic Principles ... 409
... 14.2 ... Special Requirements of SAP ERP HCM ... 410
... 14.3 ... Authorizations and Roles ... 412
... 14.4 ... Authorization Main Switch ... 417
... 14.5 ... Organizational Management and Indirect Role Assignment ... 420
... 14.6 ... Structural Authorizations ... 421
... 14.7 ... Context-Sensitive Authorizations ... 426
... 14.8 ... Summary ... 429
15 ... Authorizations in SAP CRM ... 431
... 15.1 ... Basic Principles .............................................................. 432
... 15.2 ... Dependencies Between Business Role and PFCG Roles ... 442
... 15.3 ... Creating PFCG Roles Depending on the Business Roles ... 443
... 15.4 ... Assigning Business Roles and PFCG Roles ... 454
... 15.5 ... Sample Scenarios for Authorizations in SAP CRM ... 463
... 15.6 ... Troubleshooting in the CRM Web Client ... 491
... 15.7 ... Access Control Engine ... 494
... 15.8 ... Summary ... 507
16 ... Authorizations in SAP SRM ... 509
... 16.1 ... Basic Principles ... 509
... 16.2 ... Authorization Assignment in SAP SRM ... 512
... 16.3 ... Summary ... 531
... Authorizations in SAP NetWeaver BW ... 533
... 17.1 ... OLTP Authorizations ... 534
... 17.2 ... Analysis Authorizations ... 536
... 17.3 ... Modeling Authorizations in SAP NetWeaver BW ... 552
... 17.4 ... Summary ... 554
18 ... Processes in SAP ERP - Specific Authorizations ... 555
... 18.1 ... Basic Principles ... 556
... 18.2 ... Authorizations in Financial Accounting ... 558
... 18.3 ... Authorizations in Controlling ... 574
... 18.4 ... Authorizations in Logistics (General) ... 588
... 18.5 ... Authorizations in Purchasing ... 594
... 18.6 ... Authorizations in Sales and Distribution ... 601
... 18.7 ... Authorizations in Technical Processes ... 605
... 18.8 ... Summary ... 616
19 ... Project Concepts and Approaches ... 617
... 19.1 ... Authorization Concept in the Project Context ... 617
... 19.2 ... Procedure Model ... 620
... 19.3 ... SAP Best Practices Template Role Concept ... 628
... 19.4 ... Content of an Authorization Concept ... 636
... 19.5 ... Summary ... 642
Appendices ... 643
... A ... List of Abbreviations ... 645
... B ... Glossary ... 649
... C ... Bibliography ... 661
... D ... The Authors ...
Index ... 665