1. $XWKRUL]DWLRQV 0DGH (DV
8VHU 5ROH 7HPSODWHV DQG
*HQHUDWLQJ $XWKRUL]DWLRQ 3URILOHV
Release 4.6A/B
SAP Labs, Inc.
Palo Alto, California

2. &RSULJKW
© E 6$3 $* $OO ULJKWV UHVHUYHG
1HLWKHU WKLV GRFXPHQWDWLRQ QRU DQ SDUW RI LW PD EH FRSLHG RU UHSURGXFHG LQ DQ IRUP RU E DQ PHDQV RU
WUDQVODWHG LQWR DQRWKHU ODQJXDJH ZLWKRXW WKH SULRU FRQVHQW RI 6$3 $*
6$3 $* PDNHV QR ZDUUDQWLHV RU UHSUHVHQWDWLRQV ZLWK UHVSHFW WR WKH FRQWHQW KHUHRI DQG VSHFLILFDOO GLVFODLPV
DQ LPSOLHG ZDUUDQWLHV RI PHUFKDQWDELOLW RU ILWQHVV IRU DQ SDUWLFXODU SXUSRVH 6$3 $* DVVXPHV QR
UHVSRQVLELOLW IRU DQ HUURUV WKDW PD DSSHDU LQ WKLV GRFXPHQW 7KH LQIRUPDWLRQ FRQWDLQHG LQ WKLV GRFXPHQW LV
VXEMHFW WR FKDQJH ZLWKRXW QRWLFH 6$3 $* UHVHUYHV WKH ULJKW WR PDNH DQ VXFK FKDQJHV ZLWKRXW REOLJDWLRQ WR
QRWLI DQ SHUVRQ RI VXFK UHYLVLRQ RU FKDQJHV 6$3 $* PDNHV QR FRPPLWPHQW WR NHHS WKH LQIRUPDWLRQ
FRQWDLQHG KHUHLQ XS WR GDWH
7UDGHPDUNV
6$3 WKH 6$3 ORJR 5 5 $%$3 DQG RWKHU 6$3 UHODWHG SURGXFWV PHQWLRQHG KHUHLQ DUH UHJLVWHUHG RU
XQUHJLVWHUHG WUDGHPDUNV RI 6$3 $* $OO RWKHU SURGXFWV PHQWLRQHG LQ WKLV GRFXPHQW DUH UHJLVWHUHG RU
XQUHJLVWHUHG WUDGHPDUNV RI WKHLU UHVSHFWLYH FRPSDQLHV
6LPSOLILFDWLRQ *URXS
6$3 /DEV ,QF
'HHU UHHN 5RDG
3DOR $OWR $
ZZZVDSODEVFRPVLPSOH
VLPSOLIU#VDSFRP
3ULQWHG LQ WKH 8QLWHG 6WDWHV RI $PHULFD
,6%1 ;
7KLV ERRN XVHV (FR)/(;™ ODIODW ELQGLQJ :LWK WKLV ODIODW IHDWXUH³GHYHORSHG E
DQG H[FOXVLYHO DYDLODEOH DW -RKQVRQ 3ULQWLQJ 6HUYLFH -36

3. ³RX FDQ RSHQ WKLV ERRN
DQG NHHS LW RSHQ ZLWKRXW LW VQDSSLQJ VKXW RQ RX RX QHHG QRW ZRUU DERXW
EUHDNLQJ WKH VSLQH (FR)/(; PDNHV ERRNV OLNH WKLV RQH HDVLHU WR XVH

4. RQWHQWV DW D *ODQFH
$FNQRZOHGJHPHQWV [LLL
,QWURGXFWLRQ [Y
:KDW·V 1HZ LQ 5HOHDVH [[L
KDSWHU 5 6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSW ²
KDSWHU $XWKRUL]DWLRQV DQG $6$3 ²
KDSWHU 6HWWLQJ 8S WKH 3URILOH *HQHUDWRU ²
KDSWHU 8VHU $GPLQLVWUDWLRQ ²
KDSWHU 8VHU 5ROH 7HPSODWHV ²
KDSWHU $GYDQFHG 3URILOH *HQHUDWRU )XQFWLRQDOLW²
KDSWHU 3UHSDULQJ WKH 5 (QYLURQPHQW IRU *R/LYH²
KDSWHU ,QVHUWLQJ 0LVVLQJ $XWKRUL]DWLRQV²
KDSWHU $VVLJQLQJ $FWLYLW *URXSV ²
KDSWHU 6HWWLQJ 8S WKH $/( (QYLURQPHQW IRU HQWUDO 8VHU
$GPLQLVWUDWLRQ²
KDSWHU 6HWWLQJ 8S HQWUDO 8VHU $GPLQLVWUDWLRQ ²
KDSWHU 7LSV DQG 7URXEOHVKRRWLQJ ²
KDSWHU 6$3 6HFXULW $XGLW DQG /RJJLQJ²
KDSWHU 8SJUDGH ²
$SSHQGL[ $ 6$31HW ² 5 )URQWHQG 1RWHV $²
$SSHQGL[ % )UHTXHQWO $VNHG 4XHVWLRQV %²
$SSHQGL[ ,PSRUWDQW 6VWHP 3URILOH 3DUDPHWHUV ²
*ORVVDU *²
,QGH[ ,²
Authorizations Made Easy iii

5. iv

6. 'HWDLOHG 7DEOH RI RQWHQWV
$FNQRZOHGJHPHQWV [LLL
,QWURGXFWLRQ [Y
What Is this Book About? ................................................................................... xvi
Who Should Read this Book?............................................................................. xvi
How to Use this Guide ........................................................................................ xvii
Conventions......................................................................................................... xvii
:KDW·V 1HZ LQ 5HOHDVH [[L
Overview............................................................................................................... xxii
User Role Templates........................................................................................... xxii
Flexible User Menus............................................................................................ xxii
Composite Activity Groups............................................................................... xxiv
User Groups........................................................................................................ xxiv
Central User Administration ............................................................................. xxiv
KDSWHU 5 6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSW ²
Overview............................................................................................................... 1–2
The Authorization Concept ................................................................................ 1–4
Authorization Object .............................................................................................. 1–5
Authorization Object Fields ................................................................................... 1–6
Authorizations........................................................................................................ 1–6
Authorization Profiles ............................................................................................ 1–7
Naming Convention for Authorization Profiles........................................................ 1–7
User Master Records ............................................................................................ 1–7
Authorization Checks ............................................................................................ 1–8
Activating and Deactivating Authorization Checks in Transactions...................... 1–8
SAP* and DDIC Users ......................................................................................... 1–8
What Is the Profile Generator? .......................................................................... 1–9
Components of the Profile Generator ................................................................. 1–10
Activity Groups...................................................................................................... 1–10
Composite Activity Groups ................................................................................... 1–10
Derived Activity Groups ........................................................................................ 1–10
User Assignment .................................................................................................. 1–10
Generating the Profiles........................................................................................ 1–10
What Is an Activity Group? .............................................................................. 1–12
Activity Group Assignments ................................................................................ 1–12
R/3 login user IDs ............................................................................................... 1–12
Jobs ..................................................................................................................... 1–12
Positions.............................................................................................................. 1–13
Organizational units ........................................................................................... 1–13
What Is a User Role Template? .......................................................................... 1–13
Authorizations Made Easy v

7. Detailed Table of Contents
R/3 Tools for Security Implementation ........................................................... 1–14
Case Study: Security Strategy in a Three-System Environment ................. 1–15
Development System (DEV) ............................................................................... 1–15
Quality Assurance System (QAS) ....................................................................... 1–17
Training Client System (TRG)...............................................................................1–17
Production System (PRD) ................................................................................... 1–18
Setting Up the Authorization Administrators ................................................. 1–19
How the Administrators Work Together ..............................................................1–21
Policies and Procedures................................................................................... 1–21
User Administration ............................................................................................. 1–21
Policies ..................................................................................................................1–21
Procedures ............................................................................................................1–22
Roles and Responsibilities ....................................................................................1–22
System Security................................................................................................... 1–23
Policies ..................................................................................................................1–23
Procedures ............................................................................................................1–23
Roles and Responsibilities ....................................................................................1–24
Auditing Requirements ..................................................................................... 1–24
KDSWHU $XWKRUL]DWLRQV DQG $6$3 ²
Overview ............................................................................................................... 2–2
ASAP Roadmap ................................................................................................... 2–2
Authorizations in the Roadmap Structure ............................................................. 2–4
Knowledge Corner............................................................................................... 2–5
Questions and Answers Database (QAdb) .................................................... 2–6
What Is the QAdb?.............................................................................................. 2–6
How to Work with the QAdb................................................................................ 2–6
How to Generate the Authorization List from the QAdb ..................................... 2–6
Authorization List ................................................................................................ 2–6
What Is the Authorization List?.............................................................................. 2–6
How to Work with the Authorization List................................................................ 2–7
Generate Authorization List from the QAdb..........................................................2–7
Define User Roles ...................................................................................................2–8
Generate User Roles Overview ..............................................................................2–9
Build User Roles .....................................................................................................2–9
KDSWHU 6HWWLQJ 8S WKH 3URILOH *HQHUDWRU ²
Overview ............................................................................................................... 3–2
Confirming that the Profile Generator Is Active............................................... 3–2
Checking the Required Instance Profile Parameter.............................................. 3–2
Loading the USOBX_C and USOBT_C tables .................................................. 3–4
Initial Copying of SAP Defaults into the Customer Tables (SU25) ....................... 3–4
Transporting the Defaults ...................................................................................... 3–6
Getting Support from the SAPNet – R/3 Frontend Notes................................ 3–7
Accessing the Error Notes Database ....................................................................3–7
Printing Important SAPNet – R/3 Frontend Notes ................................................ 3–8
Applying Advance Corrections to Your R/3 System.............................................. 3–8
KDSWHU 8VHU $GPLQLVWUDWLRQ ²
Overview ............................................................................................................... 4–2
System Users ....................................................................................................... 4–2
vi Authorizations Made Easy

8. Detailed Table of Contents
External R/3 Users ................................................................................................ 4–3
Internal R/3 Users ................................................................................................. 4–3
Dialog...................................................................................................................... 4–3
Batch Data Communication.................................................................................... 4–3
Background............................................................................................................. 4–3
CPIC ....................................................................................................................... 4–4
Special R/3 Users.................................................................................................. 4–4
SAP* ....................................................................................................................... 4–4
DDIC ....................................................................................................................... 4–4
EarlyWatch ............................................................................................................. 4–4
Creating Users ...................................................................................................... 4–5
User Groups......................................................................................................... 4–5
Authorizations and Authorization Profiles ....................................................... 4–6
Mass Operations ................................................................................................. 4–6
Creating a New User (Client-Specific)............................................................... 4–7
Changing a User’s Password........................................................................... 4–10
Password Requirements ..................................................................................... 4–11
User Information System.................................................................................. 4–12
KDSWHU 8VHU 5ROH 7HPSODWHV ²
Overview............................................................................................................... 5–2
What Are User Role Templates? ....................................................................... 5–2
User Menu ............................................................................................................ 5–2
How to Work with User Role Templates ........................................................... 5–3
Starting Activity Group Maintenance (PFCG) ....................................................... 5–4
Using the SAP-Provided User Role Templates .................................................... 5–4
Copying and Modifying SAP-Provided User Role Templates............................. 5–10
Create your own User Role Templates............................................................... 5–22
Creating Composite Activity Groups ................................................................... 5–32
Tips for an Administrator ................................................................................. 5–35
Available User Role Templates........................................................................ 5–40
Release 4.6A ....................................................................................................... 5–40
Release 4.6B ....................................................................................................... 5–44
KDSWHU $GYDQFHG 3URILOH *HQHUDWRU )XQFWLRQDOLW²
Overview............................................................................................................... 6–2
Selecting Views/Types in Activity Group Maintenance .................................. 6–2
Exploring Advanced Profile Generator Functionality ..................................... 6–3
Creating and Changing the Hierarchy................................................................... 6–4
Inserting Transactions ............................................................................................ 6–5
Inserting Internet and Document Links ............................................................... 6–10
Inserting Reports ................................................................................................. 6–12
Displaying the Online Documentation for Activity Group Objects ...................... 6–15
Copying and Deriving Activity Groups ...........................................................6–16
Basics on Duplicating Activity Groups ................................................................ 6–16
Copying Activity Groups ...................................................................................... 6–17
Deriving Activity Groups ...................................................................................... 6–17
Selecting Workflow Tasks................................................................................ 6–21
What You Should Know About Workflow............................................................ 6–21
Deleting Activity Groups .................................................................................. 6–24
Release 4.6A/B vii YLL

9. Detailed Table of Contents
Postmaintaining User Role Templates............................................................ 6–25
Different Settings for the Maintenance View ....................................................... 6–25
Maintaining and Generating the Authorization Profiles................................ 6–26
Displaying an Overview of Generated Profiles .............................................. 6–30
Regenerating Authorization Profiles After Making Changes ....................... 6–32
Using Utilities to Change Generated Authorizations .................................... 6–36
Merging Authorizations........................................................................................ 6–36
Reorganizing Technical Names of Authorizations .............................................. 6–37
Customizing Authorizations............................................................................. 6–38
Assigning IMG Projects or Project Views to Activity Groups .............................. 6–38
KDSWHU 3UHSDULQJ WKH 5 (QYLURQPHQW IRU *R/LYH ²
Overview ............................................................................................................... 7–2
Transports Between Clients............................................................................... 7–2
Transports Between R/3 Systems ..................................................................... 7–3
Transporting Activity Groups ............................................................................ 7–3
Transporting Single Activity Groups Using the Activity Group Maintenance
Transaction........................................................................................................ 7–4
Mass Transport of Activity Groups ........................................................................ 7–6
Transporting Check Indicators and Field Values ............................................7–8
Transporting Authorization Templates ............................................................. 7–8
Transporting User Master Records ................................................................... 7–8
KDSWHU ,QVHUWLQJ 0LVVLQJ $XWKRUL]DWLRQV ²
Manually Postmaintaining Authorizations........................................................ 8–2
When to Insert Missing Authorizations?................................................................ 8–2
Case #1: Authorization Is Missing for Related Transactions ..................................8–2
Case #2: The Generated Profile Does Not Assign Any General Rights to the
User ....................................................................................................................8–2
Case #3: Cannot Select Transaction SU53 from the Menu in PFCG .....................8–2
How to Insert Missing Authorizations .................................................................... 8–3
Manually Inserting Authorizations..................................................................... 8–3
Using Selection Criteria ......................................................................................... 8–4
Inserting Manually.................................................................................................. 8–6
Inserting Authorizations from Templates ......................................................... 8–7
Creating a New Template...................................................................................... 8–7
Inserting Authorizations from a Template ........................................................... 8–10
Inserting Authorizations from a Profile........................................................... 8–12
Inserting Full Authorizations: Profile “YourCompany” ............................ 8–15
KDSWHU $VVLJQLQJ $FWLYLW *URXSV²
Overview ............................................................................................................... 9–2
Assigning Users to Activity Groups.................................................................. 9–3
Assigning Activity Groups to Users.................................................................. 9–6
Assigning PD Objects to Activity Groups ........................................................ 9–7
Assigning Activity Groups to PD Objects ...................................................... 9–10
Transferring Users from an IMG Project to an Activity Group ..................... 9–13
Updating Profiles in the User Master Records............................................... 9–15
viii Authorizations Made Easy

10. Detailed Table of Contents
Comparing User Master Data from Within Transaction PFCG........................... 9–15
Profile Comparisons Using Mass Compare (PFUD)........................................... 9–18
Report PFCG_TIME_DEPENDENCY to Schedule Time Dependency.............. 9–19
Creating a Sample Organizational Plan .......................................................... 9–21
Using the Classic R/3 Transaction ...................................................................... 9–22
Using the Enjoy Transaction ............................................................................... 9–27
Structural Authorizations ................................................................................. 9–28
KDSWHU 6HWWLQJ 8S WKH $/( (QYLURQPHQW IRU HQWUDO 8VHU
$GPLQLVWUDWLRQ²
Overview............................................................................................................. 10–2
Setting Up an ALE User.................................................................................... 10–3
Naming Logical Systems.................................................................................. 10–5
Assigning Logical Systems to Clients............................................................ 10–8
Defining Target System for RFC Calls .......................................................... 10–10
Distribution Model........................................................................................... 10–13
Generating Partner Profiles in the Central System ..................................... 10–16
Distributing Model View ................................................................................. 10–17
Generating Partner Profiles in the Client System........................................ 10–18
KDSWHU 6HWWLQJ 8S HQWUDO 8VHU $GPLQLVWUDWLRQ ²
Overview............................................................................................................. 11–2
Assigning the Central User Administration Distribution Model .................. 11–2
Testing Central User Administration .............................................................. 11–3
Migrating Existing Users to the Central System............................................ 11–7
Defining Field Attributes for User Maintenance ............................................ 11–9
Global User Manager ...................................................................................... 11–10
Structure of the Global User Manager .............................................................. 11–12
Using the Global User Manager........................................................................ 11–12
System Landscape with Existing Users ............................................................. 11–12
System Landscape Without Existing Users........................................................ 11–13
User Creation...................................................................................................... 11–14
Defining System Types and User Groups......................................................... 11–14
Modeling with the Global User Manager........................................................... 11–16
Authorization for the Global User Manager....................................................... 11–17
Distributing Data in the Global User Manager .................................................. 11–18
Immediate Distribution........................................................................................ 11–19
Scheduling Background Distribution................................................................... 11–19
KDSWHU 7LSV DQG 7URXEOHVKRRWLQJ ²
Overview............................................................................................................. 12–2
Tracing Authorizations with Transaction SU53 ............................................. 12–2
System Trace Using Transaction ST01........................................................... 12–4
Analyzing a Written Trace File ......................................................................... 12–9
Reducing the Scope of Authorization Checks............................................. 12–12
Overview............................................................................................................ 12–12
Enabling the Profile Generator.......................................................................... 12–12
Enabling/Disabling Other System-wide Checks ............................................... 12–12
Release 4.6A/B ix L[

11. Detailed Table of Contents
Enabling auth/tcodes_not_checked ....................................................................12–12
Enabling auth/rfc_authority_check......................................................................12–13
Globally Deactivating or Activating Authorization Checks ..................................12–13
Parameter Transactions......................................................................................12–18
Deactivating Authorization Checks Using SU24 ............................................... 12–18
Reducing the Scope of Authorization Checks................................................... 12–19
Maintaining Check Indicators for Transaction Codes .........................................12–20
Mass Change of Check Indicators ......................................................................12–28
Maintaining Authorizations in the Activity Groups...............................................12–32
KDSWHU 6$3 6HFXULW $XGLW DQG /RJJLQJ ²
Overview ............................................................................................................. 13–2
Audit Tools (SM20, SM19, SECR) .................................................................... 13–2
Security Audit Log (SM20)................................................................................... 13–2
Running the Audit Log...........................................................................................13–4
Setting Security Audit Log Parameters (SM19) .................................................. 13–5
Defining Filter Group 1 ..........................................................................................13–7
Defining Filter Group 2 ..........................................................................................13–7
Audit Information System (SECR)..................................................................... 13–11
Complete Audit....................................................................................................13–12
User-Defined Audit..............................................................................................13–16
User Security Audit Jobs ................................................................................... 13–18
Audit Tasks (SM21, STAT, ST03) ................................................................... 13–20
Reviewing Validity of Named Users .................................................................. 13–20
Reviewing Profiles for Accuracy and Permission Creep................................... 13–21
System Log (SM21)........................................................................................... 13–22
Statistic Records in CCMS (STAT) ................................................................... 13–24
ST03 – User Profile ........................................................................................... 13–26
Logging of Specific Activities............................................................................. 13–28
Logging Changes to Table Data .........................................................................13–28
Logging Changes to User Master Records, Profiles, and Authorizations 13–30
KDSWHU 8SJUDGH ²
Before Doing Any Upgrade .............................................................................. 14–2
Validation Steps After Upgrading Is Completed ............................................ 14–3
Converting Previously Created SU02 Profiles to Activity Groups............... 14–4
Creating an Activity Group from Manually Maintained Profiles........................... 14–4
Removing User Assignments from the Original SU02 Profile............................. 14–9
Upgrading from a Release Prior to 3.1x to 4.6 A/B ...................................... 14–11
Converting Existing Authorization Profiles for the Profile Generator ................ 14–11
Re-creating the Authorization Profiles from Scratch Using the Profile
Generator ...................................................................................................... 14–11
Upgrading from Release 3.0F to 4.6 A/B....................................................... 14–12
Upgrade from Releases 3.1G, 3.1H, 3.1I to 4.6 A/B...................................... 14–14
Upgrade from Releases 4.0x or 4.5x to 4.6 A/B............................................ 14–22
$SSHQGL[ $ 6$31HW ² 5 )URQWHQG 1RWHV $²
Overview ...............................................................................................................A–2
SAPNet – R/3 Frontend Notes ............................................................................A–3
x Authorizations Made Easy

12. Detailed Table of Contents
$SSHQGL[ % )UHTXHQWO $VNHG 4XHVWLRQV %²
Overview...............................................................................................................B–2
R/3 Initial Screen (SAP Easy Access Menu) and Favorites ............................B–2
Profile Generator Setup ......................................................................................B–3
Working with the PG and Profiles .....................................................................B–3
Authorization Checks (SU24).............................................................................B–5
Upgrade Procedure (SU25) ................................................................................B–7
Including Transactions or Reports ...................................................................B–7
Missing Authorizations.......................................................................................B–7
User Administration ............................................................................................B–8
Transporting ........................................................................................................B–8
Tables ...................................................................................................................B–8
$SSHQGL[ ,PSRUWDQW 6VWHP 3URILOH 3DUDPHWHUV ²
Incorrect Logons, Default Clients, and Default Start Menu............................C–2
Setting Password Length and Expiration.........................................................C–2
Specifying Impermissible Passwords...............................................................C–3
Securing SAP* Against Misuse..........................................................................C–3
Tracing Authorizations .......................................................................................C–3
Profile Generator and Transaction SU24..........................................................C–4
User Buffer ...........................................................................................................C–4
No Check on Object S_TCODE ..........................................................................C–4
No Check on Certain ABAP Objects .................................................................C–4
RFC Authority Check ..........................................................................................C–5
*ORVVDU *²
,QGH[ ,²
Release 4.6A/B xi [L

13. Detailed Table of Contents
xii Authorizations Made Easy

14. $FNQRZOHGJPHQWV
, ZLVK WR H[SUHVV DSSUHFLDWLRQ WR WKH IROORZLQJ LQGLYLGXDOV ZKR SURYLGHG WLPH PDWHULDO H[SHUWLVH DQG
UHVRXUFHV WR KHOS PDNH WKLV JXLGHERRN SRVVLEOH LQ DOSKDEHWLFDO RUGHU

15. 6$3 $* 1RUPDQ 'H /HHXZ 0DWKLDV .LQ]OHU (UZLQ 5RMHZVNL 0DUNXV 6FKPLGW +HLNR 6WRFN
6YHQ 6FKZHULQ:HQ]HO 7KRUVWHQ 9LHWK
6$3 $PHULFD 0DULD *UHJJ ´DVSHUµ :DL)X .DQ 'DQLHO%HQMDPLQ )LJ =DLGVSLQHU
6$3 /DEV $QLO -DLQ -RKQ .DQFOLHU 2OLYHU 0DLQND *DU 1DNDDPD .XUW :ROI
1LKDG $O)WDHK
6$3 /DEV ,QF
xiii

16. Acknowledgments
xivxiv Authorizations Made Easy

17. ,QWURGXFWLRQ
RQWHQWV
What Is this Book About? .......................................................................................xvi
Who Should Read this Book?.................................................................................xvi
How to Use this Guide............................................................................................xvii
Conventions ............................................................................................................xvii
xv

18. Introduction
What Is this Book About?
:KDW ,V WKLV %RRN $ERXW
7KLV JXLGHERRN LV GHVLJQHG WR KHOS RX VHW XS WKH DXWKRUL]DWLRQ HQYLURQPHQW LQ WKH
FXVWRPHU VVWHP XVLQJ WKH 3URILOH *HQHUDWRU 3*

19. ,W H[SODLQV ZKDW RX QHHG WR NQRZ WR
SHUIRUP WKLV WDVN DQG KHOSV RX XVH WKH VWDQGDUG WRROV SURYLGHG ZLWK RXU VVWHP
7KLV ERRN GRHV QRW FRYHU DXWKRUL]DWLRQV IRU DGGRQ FRPSRQHQWV RU 1HZ 'LPHQVLRQ
SURGXFWV ,W DOVR GRHV QRW FRYHU ,QWHUQHWUHODWHG DXWKRUL]DWLRQV HQFUSWLRQ DXWKHQWLFDWLRQ
DQG FUHGLW FDUG VHFXULW

20. 7KLV JXLGH UHIHUV WR 5HOHDVH $% RI WKH 6$3 5 6VWHP $OO VFUHHQVKRWV DUH IURP 5HOHDVH
$ XQOHVV RWKHUZLVH QRWHG
7KH VWUXFWXUH RI WKLV JXLGHERRN PDWFKHV WKH VHWXS RI WKH DXWKRUL]DWLRQ FRQFHSW SURJUHVVLQJ
IURP D QHZ 5 LQVWDOODWLRQ DOO WKH ZD WR DQ XSJUDGH ,I RX XSJUDGH IURP DQ ROGHU UHOHDVH
VHH FKDSWHU 8SJUDGH IRU PRUH LQIRUPDWLRQ
7KH JUDSKLF EHORZ SURYLGHV DQ URXJK RYHUYLHZ DERXW WKH 5 DXWKRUL]DWLRQ FFOH )RU D
PRUH GHWDLOHG LQIRUPDWLRQ RQ WKH DXWKRUL]DWLRQ FFOH DQG WKH WRROV XVHG VHH FKDSWHU 5
6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSW
Operations and
Evaluation Implementation
Continuous Improvement
Upgrade +
Preparing the R/3 Environment Production
Authorizations Scoping Ongoing
and Preparation for Go-Live Phase
Development
7KLV JXLGH SURYLGHV RX ZLWK WKH IROORZLQJ
7KH ELJ SLFWXUH VHFXULW DQG WKH DXWKRUL]DWLRQ FRQFHSW LQ 5

21. 7DVNV RX QHHG WR SHUIRUP GXULQJ DQG DIWHU LQVWDOODWLRQ RI 5 WR IDFLOLWDWH WKH XVH RI WKH
3*
7DVNV RX QHHG WR SHUIRUP DIWHU DQ XSJUDGH RI WKH 5 6VWHP
$OO WKH HVVHQWLDO VWHSV IRU VHFXULW LPSOHPHQWDWLRQ XVLQJ WKH 3* DQG HQWUDO 8VHU
$GPLQLVWUDWLRQ
7DVNV WR SUHSDUH IRU JRLQJ OLYH
$SSHQGL[HV ZLWK WKH PRVW LPSRUWDQW 6$31HW ² 5 )URQWHQG QRWHV IRU DXWKRUL]DWLRQV
DQG WKH PRVW IUHTXHQWO DVNHG TXHVWLRQV
:KR 6KRXOG 5HDG WKLV %RRN
7KLV JXLGH ZDV GHVLJQHG IRU WKH IROORZLQJ SHRSOH XVLQJ WKH 3* HLWKHU LQ DQ LPSOHPHQWDWLRQ
SURMHFW RU DV DQ RQJRLQJ UHIHUHQFH
%DVLV RQVXOWDQWV ZKR LQVWDOO 5 DQG VHW XS WKH VHFXULW DW FXVWRPHU VLWHV
xvixvi Authorizations Made Easy

22. Introduction
How to Use this Guide
$SSOLFDWLRQ RQVXOWDQWV ZKR ZDQW WR VWDUW XVLQJ WKH 3* DV WKH EDVLV IRU WKHLU FXVWRPHU
VHFXULW LPSOHPHQWDWLRQ
XVWRPHU ,7 DQG KHOS GHVN SHUVRQQHO
+RZ WR 8VH WKLV *XLGH
'HSHQGLQJ RQ RXU JHQHUDO 6$3 DQG DXWKRUL]DWLRQVSHFLILF NQRZOHGJH VWDUW ZLWK WKH
IROORZLQJ VHFWLRQV
,I RX KDYH OLWWOH RU QR NQRZOHGJH FRQFHUQLQJ VHFXULW DQG WKH DXWKRUL]DWLRQ FRQFHSW LQ
5 VWDUW ZLWK FKDSWHU 5 6VWHP 6HFXULW DQG WKH $XWKRUL]DWLRQ RQFHSW
(YHURQH HYHQ WKH H[SHUWV VKRXOG UHDG FKDSWHU 6HWWLQJ 8S WKH 3URILOH *HQHUDWRU
)DPLOLDULW ZLWK WKLV FKDSWHU HQVXUHV D FRPSOHWH VHWXS EHIRUH RX DFWXDOO VWDUW ZRUNLQJ
ZLWK WKH 3*
,I RX KDYH DOUHDG XVHG WKH 3* LQ 5HOHDVH )*+$%$ RU % ZH
VWURQJO UHFRPPHQG WKDW RX UHDG WKH FKDSWHU :KDWªV 1HZ LQ 5HOHDVH DQG WKH
DSSURSULDWH VHFWLRQ LQ FKDSWHU 8SJUDGH ,Q WKLV FKDSWHU ZH GLVFXVV WKH VWHSV WR EH
SHUIRUPHG EHIRUH RX FRQWLQXH ZRUNLQJ ZLWK WKH 3* DIWHU DQ 5 6VWHP XSJUDGH :H
SURYLGH LQIRUPDWLRQ IRU D VPRRWK WUDQVLWLRQ WR RXU QH[W UHOHDVH
5HDG FKDSWHUV ² DW OHDVW RQFH IRU LQIRUPDWLRQ UHODWHG WR WKH LPSOHPHQWDWLRQ RI VHFXULW
DQG XVLQJ WKH 3URILOH *HQHUDWRU $IWHU WKDW RX FDQ EURZVH WKH FKDSWHUV RQ SHUIRUPLQJ
VSHFLILF WDVNV
%HIRUH WUDQVSRUWLQJ DFWLYLW JURXSV UHDG FKDSWHU 3UHSDULQJ WKH 5 (QYLURQPHQW IRU *R
/LYH FDUHIXOO
KDSWHU 7LSV DQG 7URXEOHVKRRWLQJ KHOSV VROYH RQJRLQJ DXWKRUL]DWLRQ SUREOHPV RQFH
RX JR OLYH
HUWDLQ WHUPLQRORJ XVHU LQIRUPDWLRQ DQG VSHFLDO LFRQV DUH XVHG WKURXJKRXW WKLV JXLGH
7KH IROORZLQJ VHFWLRQV H[SODLQ KRZ WR LGHQWLI DQG XVH WKHVH KHOSIXO IHDWXUHV
RQYHQWLRQV
,Q WKH WDEOH EHORZ RX ZLOO ILQG VRPH RI WKH WH[W FRQYHQWLRQV XVHG WKURXJKRXW WKLV JXLGH
ROXPQ 7LWOH ROXPQ 7LWOH
6DQVVHULI LWDOLF 6FUHHQ QDPHV RU RQVFUHHQ REMHFWV EXWWRQV
ILHOGV VFUHHQ WH[W HWF

23. Monospace 8VHU LQSXW WH[W WKH XVHU WSHV YHUEDWLP

24. 1DPH → 1DPH 0HQX VHOHFWLRQ 1DPH LV WKH PHQX QDPH
DQG 1DPH LV WKH LWHP RQ WKH PHQX
Release 4.6A/B xvii
xvii

25. Introduction
Conventions
6DPSOH 5 5HOHDVH 6FUHHQ
Menu Bar
Standard Toolbar
Screen Title
♦ Application Toolbar
User menu
SAP standard menu
♣ Workplace Menu
Workplace
Status Bar
♦ $SSOLFDWLRQ WRROEDU
7KH VFUHHQVKRWV VKRZQ LQ WKLV JXLGH DUH EDVHG RQ IXOO XVHU DXWKRUL]DWLRQ 6$3B$//

26. 'HSHQGLQJ RQ RXU DXWKRUL]DWLRQV VRPH RI WKH EXWWRQV RQ RXU DSSOLFDWLRQ WRROEDU PD
QRW EH DYDLODEOH
♣ :RUNSODFH PHQX
'HSHQGLQJ RQ RXU DXWKRUL]DWLRQV RXU ZRUNSODFH PHQX PD ORRN GLIIHUHQW IURP
VFUHHQVKRWV LQ WKLV JXLGH ZKLFK DUH EDVHG RQ 6$3B$// 7KH 8VHU PHQX DQG 6$3 VWDQGDUG
PHQX EXWWRQV SURYLGH GLIIHUHQW YLHZV RI WKH ZRUNSODFH PHQX
,Q WKLV JXLGHERRN RX OHDUQ KRZ WR EXLOG XVHU PHQXV
1RWH ,Q WKLV JXLGHERRN ZH VKRZ WKH WHFKQLFDO QDPHV RI HDFK WUDQVDFWLRQ 7R PDWFK RXU
VHWWLQJV FKRRVH ([WUDV → 6HWWLQJV DQG VHOHFW 6KRZ WHFKQLFDO QDPHV
xviii Authorizations Made Easy
xviii

27. Introduction
Conventions
6SHFLDO ,FRQV
7KURXJKRXW WKLV JXLGH VSHFLDO LFRQV LQGLFDWH LPSRUWDQW PHVVDJHV %HORZ DUH EULHI
H[SODQDWLRQV RI HDFK LFRQ
([HUFLVH FDXWLRQ ZKHQ SHUIRUPLQJ WKLV WDVN RU VWHS $Q H[SODQDWLRQ RI ZK RX VKRXOG EH
FDUHIXO LV LQFOXGHG
7KLV LQIRUPDWLRQ KHOSV RX XQGHUVWDQG WKH WRSLF LQ JUHDWHU GHWDLO ,W LV QRW QHFHVVDU WR
NQRZ WKLV LQIRUPDWLRQ WR SHUIRUP WKH WDVN
7KHVH PHVVDJHV SURYLGH KHOSIXO KLQWV DQG VKRUWFXWV WR PDNH RXU ZRUN IDVWHU DQG HDVLHU
Release 4.6A/B xix
xix

28. Introduction
Conventions
xx xx Authorizations Made Easy

29. :KDW·V 1HZ LQ 5HOHDVH
RQWHQWV
Overview ..................................................................................................................xxii
User Role Templates...............................................................................................xxii
Flexible User Menus ...............................................................................................xxii
Composite Activity Groups...................................................................................xxiv
User Groups ...........................................................................................................xxiv
Central User Administration .................................................................................xxiv
xxi

30. What’s New in Release 4.6
Overview
2YHUYLHZ
7KLV FKDSWHU SURYLGHV D EULHI GHVFULSWLRQ RI WKH QHZ IXQFWLRQDOLW LQ DXWKRUL]DWLRQUHODWHG
WRSLFV LQ WKH 5 5HOHDVH
)RU VWHSEVWHS SURFHGXUHV DQG GHWDLOHG LQIRUPDWLRQ RQ VSHFLILF WRSLFV SOHDVH VHH WKH
DSSURSULDWH FKDSWHUV DV UHIHUHQFHG
)RU WKH ODWHVW LQIRUPDWLRQ RX VKRXOG DOZDV FKHFN WKH UHOHDVH QRWHV IRU 5HOHDVH
8VHU 5ROH 7HPSODWHV
:LWK 5HOHDVH $ 6$3 GHOLYHUV RYHU XVHU UROH WHPSODWHV 7KH XVHU UROH WHPSODWHV DUH
SUHGHILQHG DFWLYLW JURXSV FRQVLVWLQJ RI WUDQVDFWLRQV UHSRUWV DQG ZHE DGGUHVVHV RX KDYH
WKUHH PHWKRGV WR ZRUN ZLWK XVHU UROH WHPSODWHV
8VH DV GHOLYHUHG
RS DQG FKDQJH WKHP WR VXLW RXU QHHGV
UHDWH RXU RZQ DFWLYLW JURXSV IURP VFUDWFK
2QFH XVHUV DUH DVVLJQHG WR RQH RU PRUH DFWLYLW JURXSV DQG ORJ RQWR WKH VVWHP WKH VHH
WKHLU XVHU PHQX $V VKRZQ LQ WKH JUDSKLF RQ WKH QH[W SDJH WKLV XVHU PHQX FRQWDLQV RQO
WKRVH LWHPV VXFK DV WUDQVDFWLRQV UHSRUWV DQG ZHE DGGUHVVHV WKH QHHG WR SHUIRUP WKHLU
GDLO WDVNV 8VHUV FDQ DOVR DGG WKHLU PRVW IUHTXHQWO XVHG WUDQVDFWLRQV WR D )DYRULWHV PHQX
IRU TXLFNHU DFFHVV
)OH[LEOH 8VHU 0HQXV
$V RI 5HOHDVH $ WKH VVWHP GLVSODV D VSHFLILF XVHU PHQX LQ WKH IRUP RI D WUHH DIWHU XVHUV
ORJ RQ WR WKH VVWHP VHH JUDSKLF RQ QH[W SDJH

31. 7KLV XVHU PHQX LV EDVHG RQ WKH XVHU UROH
WHPSODWH RU DFWLYLW JURXS WKH XVHU LV DVVLJQHG WR 8VHUV QR ORQJHU KDYH WR QDYLJDWH WKURXJK
XQQHFHVVDU 5 IXQFWLRQV IRU ZKLFK WKH KDYH QR DXWKRUL]DWLRQ 7KH FRPSDQ PHQX LV QR
ORQJHU DYDLODEOH DV RI 5HOHDVH $
:KHQ D IXQFWLRQ LV VHOHFWHG LW VWDUWV LQ WKH VDPH VHVVLRQ UHSODFLQJ WKH XVHU PHQX ZLWK WKH
H[HFXWHG IXQFWLRQ :KHQ D XVHU H[LWV D WUDQVDFWLRQ RU VWDUWV D QHZ VHVVLRQ WKH VSHFLILF XVHU
PHQX DXWRPDWLFDOO UHDSSHDUV
$ORQJ ZLWK WKH XVHU PHQXV RX FDQ GLVSOD D FRPSOHWH YLHZ RI DOO IXQFWLRQV GHOLYHUHG E
6$3 XVLQJ WKH 6$3 VWDQGDUG PHQX 7KLV FRPSOHWH YLHZ GLVSODV DXWRPDWLFDOO LI QR XVHU
xxii Authorizations Made Easy
xxii

32. What’s New in Release 4.6
Flexible User Menus
PHQXV KDYH EHHQ GHILQHG RU LI WKH DGPLQLVWUDWRU KDV FKRVHQ WKLV RSWLRQ ZKHQ GHILQLQJ QHZ
XVHU PHQXV
8VHU 0HQX ([DPSOH
+HUH DUH VRPH H[DPSOHV RI GHOLYHUHG DFWLYLW JURXSV
%DVLV 0LVFHOODQHRXV
$XWKRUL]DWLRQ GDWD DGPLQLVWUDWRU 2 6DOHV PDQDJHU
$XWKRUL]DWLRQ SURILOH DGPLQLVWUDWRU 2 +HDG RI FRQWUROOLQJ
8VHU DGPLQLVWUDWRU ), $FFRXQWV SDDEOH DFFRXQWDQW
6VWHP DGPLQLVWUDWRU ), $FFRXQWV UHFHLYDEOH DFFRXQWDQW
%DFNJURXQG DGPLQLVWUDWRU /2 3URGXFWLRQ SODQQLQJ :RUNHU
'DWDEDVH DGPLQLVWUDWRU /2 3URGXFWLRQ SODQQLQJ 2SHUDWRU
XVWRPL]LQJ SURMHFW PHPEHU 00 $FFRXQWV SDDEOH FOHUN
Release 4.6A/B xxiii
xxiii

33. What’s New in Release 4.6
Composite Activity Groups
RPSRVLWH $FWLYLW *URXSV
$V RI 5HOHDVH $ LW LV SRVVLEOH WR FUHDWH DQ DFWLYLW JURXS WKDW FRQWDLQV D FROOHFWLRQ RI RWKHU
DFWLYLW JURXSV 7KLV DFWLYLW JURXS LV FDOOHG D FRPSRVLWH DFWLYLW JURXS RPSRVLWH DFWLYLW
JURXSV FRQWDLQ RQO RWKHU DFWLYLW JURXSV DQG QR DXWKRUL]DWLRQ GDWD
8VHU *URXSV
,QVWHDG RI XVLQJ XVHU JURXSV WR RQO GLVWULEXWH XVHU PDLQWHQDQFH DPRQJ VHYHUDO
DGPLQLVWUDWRUV RX FDQ QRZ DVVLJQ XVHUV WR RQH RU PRUH XVHU JURXSV 7KH FDWHJRU 8VHU
JURXS FDQ EH XVHG DV D EDVLV IRU EHWWHU GLVWULEXWLRQ RI XVHU GDWD LQFUHDVLQJ WKH VSHHG RI
HQWUDO 8VHU $GPLQLVWUDWLRQ
HQWUDO 8VHU $GPLQLVWUDWLRQ
,I D VVWHP JURXS FRQVLVWV RI GLIIHUHQW 5 6VWHPV ZLWK PXOWLSOH FOLHQWV WKHQ WKH VDPH
XVHUV DUH FUHDWHG VHYHUDO WLPHV LQ HYHU FOLHQW DQG DVVLJQHG WR DFWLYLW JURXSV HQWUDO 8VHU
$GPLQLVWUDWLRQ LV GHVLJQHG WR FDUU RXW WKHVH WDVNV LQ D FHQWUDO VVWHP DQG WKHQ GLVWULEXWH
WKLV GDWD WR DOO VVWHPV LQ WKH VVWHP JURXS
7KH *OREDO 8VHU 0DQDJHU SURYLGHV WKH VVWHP DGPLQLVWUDWRU ZLWK DQ RYHUYLHZ RI WKH XVHUV
H[LVWLQJ XVHU JURXSV WKH VVWHPV LQ WKH VVWHP JURXS DQG WKH DFWLYLW JURXSV % VLPSO
XVLQJ GUDJDQGGURS WKH VVWHP DGPLQLVWUDWRU FDQ PDNH FKDQJHV LQ WKH RYHUYLHZ 7KHVH
FKDQJHV WDNH HIIHFW DIWHU GLVWULEXWLRQ WR GHSHQGHQW VVWHPV
xxiv Authorizations Made Easy
xxiv

34. KDSWHU 5 6VWHP 6HFXULW DQG WKH
$XWKRUL]DWLRQ RQFHSW
RQWHQWV
Overview ..................................................................................................................1–2
The Authorization Concept ....................................................................................1–4
SAP* and DDIC Users .............................................................................................1–8
What Is the Profile Generator? ..............................................................................1–9
What Is an Activity Group? ..................................................................................1–12
R/3 Tools for Security Implementation ...............................................................1–14
Case Study: Security Strategy in a Three-System Environment .....................1–15
Setting Up the Authorization Administrators.....................................................1–19
Policies and Procedures ......................................................................................1–21
Auditing Requirements ........................................................................................1–24
1–1

35. Chapter 1: R/3 System Security and the Authorization Concept
Overview
2YHUYLHZ
,Q WKLV FKDSWHU ZH H[SODLQ WKH VHWXS DQG PDLQWHQDQFH RI WKH 5 DXWKRUL]DWLRQ FRQFHSW
WKURXJK WKH FRPSOHWH 5 OLIHFFOH
7KH JUDSKLF EHORZ LOOXVWUDWHV WKH 5 DXWKRUL]DWLRQ FFOH DQG WKH WRROV XVHG LQ YDULRXV
VWDJHV RI WKH LPSOHPHQWDWLRQ
Operations and
Evaluation Implementation
Continuous Improvement
Upgrade +
Preparing the R/3 Environment Production
Authorizations Scoping Ongoing
and Preparation for Go-Live Phase
Development
Description of Setting up User User role Preparation for Going live,
ASAP Miscellaneous Upgrade
auth. concept the profile admin. templates Transporting (AG, user,
generator templates,…)
Setting up ALE
Info gathering Roadmap,
+ structure
IMG
R/3
Users
3 methods of using
user role templates:
Infosystem. 3.x-4.x Õ 4.6
Setting up Central
- Use as is
User Admnistration
Strategy, SU25 - Copy + change
QAdb (4.6B) Tips SU25
Definition First installation - Create own
Global user Troubleshoot. Upgrade
manager
Authorization SAPNet -R/3 Description how to work
with user role templates (AG) Security
list (AL.xls) Frontend
(which exists, how to use, Audit
notes
(formerly OSS) customizing, creating, etc.)
7RROV WR 6XSSRUW WKH 5 $XWKRUL]DWLRQ FOH
7KH JXLGHERRN LV GLYLGHG LQWR IRXU VHSDUDWH SKDVHV
$XWKRUL]DWLRQ 6FRSLQJ FKDSWHU

36. 3UHSDULQJ WKH 5 (QYLURQPHQW DQG 3UHSDUDWLRQ IRU *R /LYH FKDSWHU

37. 3URGXFWLRQ 3KDVH FKDSWHU

38. 8SJUDGH DQG 2QJRLQJ 'HYHORSPHQW FKDSWHU

39. :H EHJLQ ZLWK WKH 5 DXWKRUL]DWLRQ FRQFHSW DQG WKH DXWKRUL]DWLRQ GHVLJQ VR RX FDQ PHHW
UHTXLUHPHQWV VXFK DV PD[LPXP VHFXULW HDV XVHU PDLQWHQDQFH DQG VXIILFLHQW SULYLOHJHV
IRU HQG XVHUV WR IXOILOO WKHLU MRE GXWLHV 7KH DXWKRUL]DWLRQ FRQFHSW GHILQHV WKH IXQFWLRQV WR EH
FDUULHG RXW LQ YDULRXV RUJDQL]DWLRQDO XQLWV E SHRSOH LQ VSHFLILF SRVLWLRQV 7KH FRQFHSW DOVR
H[WHQGV WKH 5 RQOLQH GRFXPHQWDWLRQ RQ DXWKRUL]DWLRQV DQG SURILOHV UHTXLUHG IRU WKH
YDULRXV HQWHUSULVH DUHDV
,PSOHPHQWLQJ D PXOWLOHYHO FOLHQWVHUYHU HQYLURQPHQW RQ :$1V SURYLGHV JUHDW IOH[LELOLW
%XW LQ WKLV HQYLURQPHQW KLJKO VHQVLWLYH GDWD DQG SURJUDPV DUH DW D JUHDWHU ULVN RI EHLQJ
ORVW PDQLSXODWHG DQG VSLHG XSRQ WKDQ LQ D FRQYHQWLRQDO PDLQIUDPH HQYLURQPHQW (YHQ
ZLWK ORFDO RSHUDWLRQ WKLV ULVN DSSOLHV WR DOO WKUHH ODHUV 3UHVHQWDWLRQ $SSOLFDWLRQ DQG
'DWDEDVH

40. DQG EHFRPHV HYHQ PRUH DFXWH WKDQ :$1V
Authorizations Made Easy
1–2

41. Chapter 1: R/3 System Security and the Authorization Concept
Overview
7KH IROORZLQJ JUDSKLF VKRZV KRZ 5 FRYHUV WKH DVSHFWV RI GDWD SURWHFWLRQ DQG VHFXULW
6ˆ‡u‚…v“h‡v‚Ã
p‚‰r…rqÃv
8‚prƒ‡ÃvÃSÃ
à 9h‡hÃ…‚‡rp‡v‚Ã
6ˆ‡u‚…v“h‡v‚† h‡Ãqh‡hih†rÃyr‰ry
ÃHhqrÃ@h†’
SAP SAP
9h‡hÃihpxˆƒ
6ppr††Ãƒ…‚‡rp‡v‚
Q…‚‡rp‡v‚Ãh‡Ã
p‚€€ˆvph‡v‚Ãyr‰ry
S
D‡rt…v‡’Ãpurpx
S
'DWD 3URWHFWLRQ DQG 6HFXULW
7R PHHW WKH KLJK GHPDQGV RI GDWD SURWHFWLRQ DQG VHFXULW 6$3 SURYLGHV WKH IROORZLQJ 5
VHFXULW PHFKDQLVPV
$XWKRUL]DWLRQ FRQFHSW WKLV JXLGHERRN GLVFXVVHV DQ DXWKRUL]DWLRQ GHVLJQ XVLQJ WKH
3URILOH *HQHUDWRU

42. $FFHVV SURWHFWLRQ DQG DXWKHQWLFDWLRQ RXWVLGH RI 5 LQFOXGLQJ DXWKRUL]DWLRQV EHWZHHQ
:HEEDVHG DSSOLFDWLRQV DQG 5 QRW GLVFXVVHG LQ WKLV JXLGH

43. 3URWHFWLRQ DW QHWZRUN FRPPXQLFDWLRQ OHYHO QRW GLVFXVVHG LQ WKLV JXLGH

44. 'DWD SURWHFWLRQ DW GDWDEDVH OHYHO QRW GLVFXVVHG LQ WKH JXLGH

45. Release 4.6A/B
1–3

46. Chapter 1: R/3 System Security and the Authorization Concept
The Authorization Concept
7KH $XWKRUL]DWLRQ RQFHSW
7KH FRQFHSW RI DXWKRUL]DWLRQV LQ WKH 5 6VWHP LQFOXGHV WKH IROORZLQJ
3URILOH *HQHUDWRU
/RFNLQJ DQG XQORFNLQJ WUDQVDFWLRQV
/RFNHG UHFRUGV
6WUXFWXUDO DXWKRUL]DWLRQV 1RW GLVFXVVHG LQ WKLV YHUVLRQ VHH $XWKRUL]DWLRQV 0DGH (DV
JXLGHERRN $% IRU LQIRUPDWLRQ

47. 'DWD HQFUSWLRQ QRW GLVFXVVHG LQ WKLV ERRN

48. /RFNLQJ VVWHP IRU FKDQJHV
7KH 5 DXWKRUL]DWLRQ FRQFHSW SHUPLWV WKH DVVLJQPHQW RI JHQHUDO DQGRU ILQHO GHWDLOHG
XVHU DXWKRUL]DWLRQV 7KHVH DVVLJQPHQWV FDQ UHDFK GRZQ WR WKH WUDQVDFWLRQ ILHOG DQG ILHOG
YDOXH OHYHO 7KHVH DXWKRUL]DWLRQV DUH FHQWUDOO DGPLQLVWHUHG LQ XVHU PDVWHU UHFRUGV DQG PRVW
DOORZ WKH KDQGOLQJ RI FHUWDLQ 5 FRPSRQHQWV DSSOLFDEOH WR VSHFLILF RSHUDWLRQV $FWLRQV E D
XVHU PD UHTXLUH VHYHUDO DXWKRUL]DWLRQV )RU H[DPSOH WR FKDQJH D PDWHULDO PDVWHU UHFRUG
DXWKRUL]DWLRQV DUH UHTXLUHG IRU WKH
7UDQVDFWLRQ ´FKDQJHµ
6SHFLILF PDWHULDO
*HQHUDO DXWKRUL]DWLRQ WR ZRUN ZLWKLQ WKH FRPSDQ FRGH
7KH UHVXOWLQJ UHODWLRQVKLSV FDQ EHFRPH YHU FRPSOH[ 7R PHHW WKHVH UHTXLUHPHQWV WKH 5
DXWKRUL]DWLRQ FRQFHSW KDV EHHQ LPSOHPHQWHG DV D IRUP RI SVHXGRREMHFWRULHQWHG FRQFHSW
ZLWK FRPSOHWH DXWKRUL]DWLRQ REMHFWV (DFK DXWKRUL]DWLRQ REMHFW LV D FRPELQDWLRQ RI
DXWKRUL]DWLRQ ILHOGV $Q DXWKRUL]DWLRQ DOZDV UHIHUV WR DQ DXWKRUL]DWLRQ REMHFW DQG FDQ
FRQWDLQ LQWHUYDOV IRU WKH ILHOG YDOXHV $XWKRUL]DWLRQ FKHFNV SURWHFW WKH IXQFWLRQV RU REMHFWV
RX FKRRVH 6WDQGDUGGHOLYHUHG 5 KDV DXWKRUL]DWLRQ FKHFNV HPEHGGHG LQ WKH SURJUDP
ORJLF 3URJUDPPHUV KDYH WR GHFLGH ZKLFK DVSHFWV RI WKHLU SURJUDPPHG IXQFWLRQDOLW VKRXOG
EH FKHFNHG DQG KRZ WKH FKHFN VKRXOG EH FRQGXFWHG
$XWKRUL]DWLRQ DGPLQLVWUDWRUV FUHDWH DXWKRUL]DWLRQV WKDW DUH DVVLJQHG WR XVHUV LQ FROOHFWLRQV
FDOOHG SURILOHV 7KH 3URILOH *HQHUDWRU 3*

49. XVXDOO JHQHUDWHV DXWKRUL]DWLRQV DQG
DXWKRUL]DWLRQ SURILOHV DOWKRXJK DXWKRUL]DWLRQV FDQ DOVR EH PDQXDOO LQVHUWHG LQWR D SURILOH
7KH IROORZLQJ JUDSKLF VKRZV WKH DXWKRUL]DWLRQ FRPSRQHQWV DQG H[SODLQV WKHLU UHODWLRQVKLS
Authorizations Made Easy
1–4

50. Chapter 1: R/3 System Security and the Authorization Concept
The Authorization Concept
Piwrp‡Ã8yh†† 6ˆ‡u‚…v“h‡v‚ 6ˆ‡u‚…v“h‡v‚ Q…‚svyr V†r…
Piwrp‡
ÃAvryq Brr…h‡rqÃ
ÃAvryqÉhyˆr s…‚€ÃQB
E‚uÃ@‘h€ƒyr
T6Q !#
ÃG‚tÇr‘‡
ÃUrpuÃh€r ÃAvryq
ÃAvryqÉhyˆr
AÃD
ÃG‚tÇr‘‡
ÃUrpuÃh€r ÃAvryq
ÃAvryqÉhyˆr
ÃG‚tÇr‘‡ ÃAvryq Brr…h‡rqà 6€’Ã6’ur…r
CÃS
ÃUrpuÃh€r ÃAvryqÉhyˆr s…‚€ÃQB T6Q#$%
6$3 $XWKRUL]DWLRQ RQFHSW
$XWKRUL]DWLRQ 2EMHFW
$V VKRZQ LQ WKH JUDSKLF ´6$3 $XWKRUL]DWLRQ RQFHSWµ DERYH REMHFWV DOORZ FRPSOH[ XVHU
DXWKRUL]DWLRQ FKHFNV $Q DXWKRUL]DWLRQ REMHFW ZRUNV DV D WHPSODWH IRU D WREHGHILQHG
DXWKRUL]DWLRQ DQG FRQWDLQV D PD[LPXP RI WHQ ILHOGV SHU REMHFW 8VHUV PD RQO FRQGXFW DQ
DFWLYLW LI WKH VDWLVI WKH DXWKRUL]DWLRQ FKHFN IRU HDFK ILHOG LQ WKH DXWKRUL]DWLRQ GHILQHG RQ D
VSHFLILF DXWKRUL]DWLRQ REMHFW
$XWKRUL]DWLRQ REMHFWV DUH JURXSHG LQ DQ REMHFW FODVV VXFK DV )LQDQFLDO $FFRXQWLQJ RU
+XPDQ 5HVRXUFHV $XWKRUL]DWLRQ REMHFWV FDQ EH FUHDWHG PDQXDOO E FKRRVLQJ 7RROV →
$%$3 :RUNEHQFK → 'HYHORSPHQW → 2WKHU 7RROV → $XWKRUL]DWLRQ 2EMHFWV → 2EMHFWV %HFDXVH
DXWKRUL]DWLRQ REMHFWV DUH FOLHQWLQGHSHQGHQW DQG GHILQHG LQ WKH $%$3 :RUNEHQFK
GHYHORSHUV DQG SURJUDPPHUV DUH JHQHUDOO UHVSRQVLEOH IRU FUHDWLQJ QHZ DXWKRUL]DWLRQ
REMHFWV
KDQJHV DUH QHFHVVDU RQO LI RX ´PRGLIµ RXU VVWHP DQG ZDQW WR LQFOXGH
$87+25,7+(. FDOOV RU QHZ DXWKRUL]DWLRQ REMHFWV RX FDQ RQO FKDQJH RU GHOHWH
DXWKRUL]DWLRQ REMHFWV DGGHG E RXU FRPSDQ 5 DXWKRUL]DWLRQ REMHFWV PD QRW EH GHOHWHG
RU FKDQJHG 7R FKDQJH DQ REMHFW RX PXVW ILUVW GHOHWH DOO DXWKRUL]DWLRQV ZLWK ZKLFK LW LV
DVVRFLDWHG
$Q $87+25,7+(. LV DQ $%$3 FRPPDQG
Release 4.6A/B
1–5

51. Chapter 1: R/3 System Security and the Authorization Concept
The Authorization Concept
$XWKRUL]DWLRQ 2EMHFW )LHOGV
$XWKRUL]DWLRQ ILHOGV IRU DQ REMHFW FDQ EH FUHDWHG PDQXDOO E FKRRVLQJ 7RROV → $%$3
'HYHORSPHQW :RUNEHQFK → 'HYHORSPHQW → 2WKHU 7RROV → $XWKRUL]DWLRQ 2EMHFWV → )LHOGV
7KH ILHOGV LQ DQ DXWKRUL]DWLRQ REMHFW DUH OLQNHG WR GDWD HOHPHQWV LQ WKH 6$3 $%$3
'LFWLRQDU 7KH SHUPLVVLEOH YDOXHV FRQVWLWXWH DQ DXWKRUL]DWLRQ :KHQ DQ DXWKRUL]DWLRQ
FKHFN WDNHV SODFH WKH VVWHP FKHFNV WKH YDOXHV RX KDYH VSHFLILHG LQ DQ DXWKRUL]DWLRQ
DJDLQVW WKRVH UHTXLUHG WR FDUU RXW WKH DFWLRQ 8VHUV PD RQO FDUU RXW WKH DFWLRQ LI WKH
VDWLVI WKH FRQGLWLRQV IRU HYHU ILHOG GHILQHG IRU D VSHFLILF DXWKRUL]DWLRQ REMHFW
8VLQJ WKH DXWKRUL]DWLRQ PDLQWHQDQFH IXQFWLRQV GHILQH DOO DXWKRUL]DWLRQ ILHOGV LQ WKH VVWHP
GHYHORSPHQW HQYLURQPHQW KDQJHV DUH QHFHVVDU RQO LI RX ´PRGLIµ RXU VVWHP DQG
WKH QHZ VVWHP HOHPHQWV DUH VXEMHFWHG WR DXWKRUL]DWLRQ FKHFNV
$XWKRUL]DWLRQV
$Q DXWKRUL]DWLRQ DOORZV RX WR FDUU RXW DQ 5 WDVN EDVHG RQ D VHW RI ILHOG YDOXHV LQ DQ
DXWKRUL]DWLRQ REMHFW (DFK DXWKRUL]DWLRQ UHIHUV WR H[DFWO RQH DXWKRUL]DWLRQ REMHFW DQG
GHILQHV WKH SHUPLWWHG YDOXH UDQJH IRU HDFK DXWKRUL]DWLRQ ILHOG RI WKLV DXWKRUL]DWLRQ REMHFW
$XWKRUL]DWLRQV DUH XVHG LQ WKH XVHU PDVWHU UHFRUG DV SURILOHV
% WKHPVHOYHV DXWKRUL]DWLRQV GR QRW H[LVW 7KH RQO KDYH PHDQLQJ LQVLGH D SURILOH
)LHOG 9DOXH
XVWRPHU WSH 86773(

52. $FWLYLW $797

53. ([SODQDWLRQ
DOO SRVVLEOH YDOXHV GLVSOD
$XWKRUL]DWLRQV DUH XVHG WR VSHFLI SHUPLWWHG YDOXHV IRU WKH ILHOGV LQ DQ DXWKRUL]DWLRQ REMHFW
7KHUH PD EH RQH RU PRUH YDOXHV IRU HDFK ILHOG $XWKRUL]DWLRQV DOORZ RX WR GHWHUPLQH WKH
QXPEHU RI VSHFLILF YDOXHV RU YDOXH UDQJHV IRU D ILHOG $OO YDOXHV RU HPSW ILHOGV FDQ EH
SHUPLVVLEOH YDOXHV KDQJHV DIIHFW DOO XVHUV ZKRVH DXWKRUL]DWLRQ SURILOH FRQWDLQV WKDW
DXWKRUL]DWLRQ 7KH 5 DXWKRUL]DWLRQ DGPLQLVWUDWRU FDQ PDLQWDLQ DXWKRUL]DWLRQV
DXWRPDWLFDOO XVLQJ WKH 3* RU PDQXDOO 2QFH WKH DXWKRUL]DWLRQ LV DFWLYDWHG FKDQJHV DIIHFW
DOO XVHUV ZKLFK FRQWDLQ WKH SURILOH ZLWK WKH DFWLYDWHG DXWKRUL]DWLRQ
2QFH JHQHUDWHG DXWKRUL]DWLRQV DQG SURILOHV FUHDWHG ZLWK WKH 3* DUH DXWRPDWLFDOO
DFWLYDWHG ,I RX PDQXDOO FUHDWH DQG PDLQWDLQ DXWKRUL]DWLRQV DQG SURILOHV RX PXVW DOVR
PDQXDOO DFWLYDWH WKHP *HQHUDWHG SURILOHV DQG DXWKRUL]DWLRQV FDQQRW EH PDLQWDLQHG
PDQXDOO ZLWK WKH FRQYHQWLRQDO PDLQWHQDQFH WUDQVDFWLRQV 68 DQG 68 +RZHYHU ZH
GR QRW UHFRPPHQG WKH XVH RI WKHVH WUDQVDFWLRQV IRU SURILOH DQG XVHU DGPLQLVWUDWLRQ
DQPRUH RX VKRXOG XVH WKH 3URILOH *HQHUDWRU LQVWHDG
Authorizations Made Easy
1–6

54. Chapter 1: R/3 System Security and the Authorization Concept
The Authorization Concept
$XWKRUL]DWLRQ 3URILOHV
8VHU DXWKRUL]DWLRQV DUH QRW GLUHFWO DVVLJQHG ZLWK WKH 3* WR WKH XVHU PDVWHU UHFRUGV
,QVWHDG WKHVH DXWKRUL]DWLRQV DUH DVVLJQHG DV DXWKRUL]DWLRQ SURILOHV 7KH DXWKRUL]DWLRQ
DGPLQLVWUDWRU FDQ FUHDWH DXWKRUL]DWLRQ SURILOHV PDQXDOO RU DXWRPDWLFDOO
KDQJHV DIIHFW DOO XVHUV WR ZKRP WKLV SURILOH LV DVVLJQHG DQG WDNH HIIHFW RQO ZKHQ WKH XVHU
ORJV RQ 8VHUV ZKR DUH ORJJHG RQ ZKHQ WKH FKDQJH WDNHV SODFH UHPDLQ XQDIIHFWHG GXULQJ
WKHLU FXUUHQW VHVVLRQ EXW ZKHQ WKH ORJ RQ DJDLQ WKHLU SURILOH FKDQJHV DFFRUGLQJO $ XVHU·V
DXWKRUL]DWLRQV DUH ORDGHG LQWR WKH XVHU EXIIHU RQO ZKHQ WKH ORJ RQ
RX FDQQRW XVH WKH DXWKRUL]DWLRQ SURILOH PDLQWHQDQFH WUDQVDFWLRQ 68 WR PDQXDOO
PDQLSXODWH WKH 3*FUHDWHG DXWKRUL]DWLRQ SURILOHV $OWKRXJK WHFKQLFDOO SRVVLEOH QHYHU
FUHDWH D SURILOH WKDW FRQWDLQV ERWK PDQXDOO DQG DXWRPDWLFDOO JHQHUDWHG DXWKRUL]DWLRQV RU
SURILOHV :H QR ORQJHU UHFRPPHQG WKH XVH RI WUDQVDFWLRQ 68 IRU SURILOH DQG XVHU
DGPLQLVWUDWLRQ RX VKRXOG XVH WKH 3URILOH *HQHUDWRU LQVWHDG
1DPLQJ RQYHQWLRQ IRU $XWKRUL]DWLRQ 3URILOHV
$XWKRUL]DWLRQ SURILOHV EHJLQQLQJ ZLWK D 7 PD FRQWDLQ FULWLFDO 6B86(5

55. DXWKRUL]DWLRQ
REMHFWV $OVR XVH WKH 3* WR H[FOXGH IXUWKHU DXWKRUL]DWLRQ REMHFWV IRU H[DPSOH +5 GDWD

56. IURP WKH SURILOH
1RWH WKDW ZH DUH WDONLQJ DERXW DXWKRUL]DWLRQ SURILOHV QRW DFWLYLW JURXSV
:KHQ RX ILUVW VDYH WKH DXWKRUL]DWLRQ SURILOHV RX DUH SURPSWHG WR HQWHU D SURILOH QDPH
7KH VVWHP SURSRVHV D QDPH IRU WKH SURILOH KRZHYHU RQO WKH ILUVW FKDUDFWHUV WKH
SURILOH WRUVR

57. FDQ EH IUHHO DVVLJQHG 7KH QXPEHU RI SURILOHV JHQHUDWHG GHSHQGV RQ WKH
QXPEHU RI DXWKRUL]DWLRQV LQ HDFK DFWLYLW JURXS $ PD[LPXP RI DXWKRUL]DWLRQV ILW LQWR
D SURILOH ,I WKHUH DUH PRUH WKDQ DXWKRUL]DWLRQV DQ DGGLWLRQDO SURILOH LV JHQHUDWHG ,W
KDV WKH VDPH FKDUDFWHU WRUVR DV WKH SURILOH QDPH DQG WKH ODVW WZR GLJLWV SRVLWLRQV
DQG

58. DUH XVHG DV D FRXQWHU
7R DYRLG FRQIOLFWV EHWZHHQ FXVWRPHUGHILQHG SURILOHV DQG WKRVH SURILOHV VXSSOLHG E 6$3
RX VKRXOG QRW XVH DQ QDPH WKDW KDV DQ XQGHUVFRUH LQ WKH VHFRQG SRVLWLRQ 6$3 SODFHV QR
RWKHU UHVWULFWLRQV RQ WKH QDPLQJ RI DXWKRUL]DWLRQ SURILOHV UHIHU WR QRWH

59. 7KHUHIRUH LI
RXU FRPSDQ KDV LWV RZQ QDPLQJ FRQYHQWLRQV RX DUH DOORZHG WR RYHUZULWH WKH
SURSRVHG QDPH
7KH QDPHV RI WKH DXWKRUL]DWLRQV DUH DOVR GHULYHG IURP WKH SURILOH WRUVR :KHQ PRUH WKDQ
RQH DXWKRUL]DWLRQ LV UHTXLUHG IRU DQ REMHFW WKH ODVW WZR SODFHV DUH XVHG DV D FRXQWHU %DVHG
RQ WKH QDPH IRU WKH DXWKRUL]DWLRQ SURILOH WKH WHFKQLFDO QDPHV IRU WKH DXWKRUL]DWLRQV WR EH
FUHDWHG VWDUW ZLWK D 7 DQG FRPSULVH WKH LQWHUQDO QXPEHU RI WKH DFWLYLW JURXS DQG WZR HQG
GLJLWV LQ WKH UDQJH ² 7 LV D VDPSOH DXWKRUL]DWLRQ QDPH

60. 8VHU 0DVWHU 5HFRUGV
0DVWHU UHFRUGV HQDEOH WKH XVHU WR ORJ RQ WR WKH 5 6VWHP DQG DOORZ OLPLWHG DFFHVV WR WKH
IXQFWLRQV DQG REMHFWV 7KH XVHU DGPLQLVWUDWRU PDLQWDLQV XVHU PDVWHU UHFRUGV E FKRRVLQJ
7RROV → $GPLQLVWUDWLRQ → 8VHU PDLQWHQDQFH → 8VHUV
Release 4.6A/B
1–7

61. Chapter 1: R/3 System Security and the Authorization Concept
SAP* and DDIC Users
$XWKRUL]DWLRQ KHFNV
7R FRQGXFW DQ DXWKRUL]DWLRQ FKHFN WKLV FKHFN PXVW EH LQFOXGHG LQ WKH WUDQVDFWLRQ·V VRXUFH
FRGH 'XULQJ WKH FKHFN WKH VVWHP FRPSDUHV DXWKRUL]DWLRQ SURILOH YDOXHV DVVLJQHG E WKH
DXWKRUL]DWLRQ DGPLQLVWUDWRU

62. WR WKH YDOXHV QHHGHG WR FDUU RXW D SURJUDPVSHFLILHG DFWLRQ $
XVHU PD RQO FDUU RXW WKH DFWLRQ LI WKH DXWKRUL]DWLRQ FKHFN LV VXFFHVVIXO IRU HYHU ILHOG LQ
WKH DXWKRUL]DWLRQ REMHFW
$XWKRUL]DWLRQ FKHFNV DUH WULJJHUHG E WKH $%$3 $87+25,7+(. VWDWHPHQW 7KH
SURJUDPPHU VSHFLILHV DQ DXWKRUL]DWLRQ REMHFW DQG WKH UHTXLUHG YDOXHV IRU HDFK DXWKRUL]DWLRQ
ILHOG 7KH $87+25,7+(. WKHQ YHULILHV LI D XVHU KDV DXWKRUL]DWLRQ DQG LI WKLV
DXWKRUL]DWLRQ LV IURP WKH XVHU PDVWHU UHFRUG 7KH FKHFN LV VXFFHVVIXO LI DQ DXWKRUL]DWLRQ LV
IRXQG WKDW FRQWDLQV WKH YDOXHV VSHFLILHG LQ WKH $87+25,7+(.
:KHQ 5 WUDQVDFWLRQV DUH H[HFXWHG VLQFH WKH WUDQVDFWLRQ FDOOV RWKHU ZRUN DUHDV LQ WKH
EDFNJURXQG PDQ DXWKRUL]DWLRQ REMHFWV DUH RIWHQ FKHFNHG )RU WKHVH FKHFNV WR EH
VXFFHVVIXO WKH XVHU PXVW KDYH WKH DSSURSULDWH DXWKRUL]DWLRQV $XWKRUL]DWLRQ FKHFNV FDQ EH
GLVDEOHG E VHWWLQJ FKHFN LQGLFDWRUV LQ WUDQVDFWLRQ 68 RU E VZLWFKLQJ RII REMHFWV JOREDOO
$FWLYDWLQJ DQG 'HDFWLYDWLQJ $XWKRUL]DWLRQ KHFNV LQ 7UDQVDFWLRQV
,W LV SRVVLEOH WKDW XVHUV UHFHLYH PRUH DXWKRUL]DWLRQV WKDQ QHFHVVDU OHDGLQJ WR DQ LQFUHDVHG
PDLQWHQDQFH ORDG $XWKRUL]DWLRQ FKHFNV DUH FRQGXFWHG ZKHUHYHU WKH DUH ZULWWHQ LQWR D
WUDQVDFWLRQ·V VRXUFH FRGH 2QO E XVLQJ WKH 3* FDQ FKHFN LQGLFDWRUV EH VHW WR H[FOXGH
HUWDLQ DXWKRUL]DWLRQ REMHFWV IURP DXWKRULW FKHFNV
6SHFLILF DXWKRUL]DWLRQ FKHFNV LQ VSHFLILF WUDQVDFWLRQV
$Q DXWKRUL]DWLRQ REMHFW IURP EHLQJ FKHFNHG
$OO RI WKHVH DGMXVWPHQWV DUH SRVVLEOH ZLWKRXW DOWHULQJ WKH SURJUDP FRGH 3ULRU WR
DXWRPDWLFDOO JHQHUDWLQJ WKH DXWKRUL]DWLRQ SURILOH XVH WKH FKHFN LQGLFDWRUV WR FRQWURO ZKLFK
REMHFWV DSSHDU LQ WKH 3* DQG ZKLFK ILHOG YDOXHV DUH GLVSODHG 6$3 GHOLYHUV D GHIDXOW FKHFN
LQGLFDWRU VHWWLQJ ZLWK 5 )RU PRUH LQIRUPDWLRQ UHIHU WR FKDSWHU 7LSV DQG
7URXEOHVKRRWLQJ WKH VHFWLRQ 5HGXFLQJ WKH 6FRSH RI $XWKRUL]DWLRQ KHFNV
6$3
DQG '', 8VHUV
'XULQJ RXU 5 LQVWDOODWLRQ FOLHQWV DQG DUH FUHDWHG ,Q FOLHQWV DQG
WZR VSHFLDO XVHUV DUH GHILQHG EXW QR VSHFLDO XVHU LV FUHDWHG LQ FOLHQW 6LQFH WKHVH XVHUV
KDYH VWDQGDUG QDPHV DQG SDVVZRUGV RX QHHG WR VHFXUH WKHVH XVHUV IURP XQDXWKRUL]HG
XVDJH WKH (DUO:DWFK DQG 3, XVHUV DUH QRW FRYHUHG LQ WKLV ERRN

63. 7KH WZR VSHFLDO 5 XVHUV DUH
6$3
'HILQHG DV WKH VWDQGDUG 5 VXSHUXVHU 6$3
GRHV QRW UHTXLUH D XVHU PDVWHU UHFRUG
5DWKHU LW
Authorizations Made Easy
1–8

64. Chapter 1: R/3 System Security and the Authorization Concept
What Is the Profile Generator?
Π,V GHILQHG LQ WKH VVWHP FRGH
Π+DV D GHIDXOW SDVVZRUG PASS

65. Π+DV XQOLPLWHG VVWHP DFFHVV DXWKRUL]DWLRQV
:KHQ RX LQVWDOO 5 D XVHU PDVWHU UHFRUG LV GHILQHG LQ FOLHQWV DQG ZLWK WKH
LQLWLDO SDVVZRUG 06071992 6$3
XVHU PDVWHU UHFRUG GHDFWLYDWHV 6$3
ªV VSHFLDO
SURSHUWLHV 7R SUHYHQW 6$3
PLVXVH FKDQJH WKH SDVVZRUG :H UHFRPPHQG KRZHYHU
WKDW RX GHDFWLYDWH 6$3
DQG GHILQH RXU RZQ VXSHUXVHU
'',
7KLV XVHU LV WKH PDLQWHQDQFH XVHU IRU WKH $%$3 'LFWLRQDU DQG VRIWZDUH ORJLVWLFV 7KH
XVHU PDVWHU UHFRUG IRU '', LV DXWRPDWLFDOO FUHDWHG LQ FOLHQWV DQG DQG KDV WKH
GHIDXOW SDVVZRUG 19920706 6VWHP FRGH WHVWLQJ DOORZV '', VSHFLDO SULYLOHJHV IRU
FHUWDLQ RSHUDWLRQV )RU H[DPSOH '', LV WKH RQO XVHU WKDW FDQ ORJ RQ GXULQJ DQ
XSJUDGH 7R SUHYHQW '', PLVXVH FKDQJH WKH SDVVZRUG
8VH UHSRUW 56865 WR FKHFN ZKHWKHU WKH VWDQGDUG 6$3
DQG '', SDVVZRUGV KDYH
EHHQ FKDQJHG 7KLV UHSRUW LV UHVWULFWHG WR XVHUV ZKR EHORQJ WR WKH XVHU JURXS 683(5 ZLWK
DFWLYLW DQG FOLHQW DGPLQLVWUDWLRQ
:KDW ,V WKH 3URILOH *HQHUDWRU
6$3·V 3URILOH *HQHUDWRU 3*

66. KHOSV WKH DXWKRUL]DWLRQ DGPLQLVWUDWRU FUHDWH JHQHUDWH DQG
DVVLJQ DXWKRUL]DWLRQ SURILOHV )LUVW UHOHDVHG ZLWK * WKH 3* DFFHOHUDWHV 5
LPSOHPHQWDWLRQ E VLPSOLILQJ WKH WDVN RI VHWWLQJ XS WKH DXWKRUL]DWLRQ HQYLURQPHQW 7KH
DGPLQLVWUDWRU RQO QHHGV WR FRQILJXUH WKH FXVWRPHUVSHFLILF VHWWLQJV WKH 3* PDQDJHV RWKHU
WDVNV VXFK DV VHOHFWLQJ WKH UHOHYDQW DXWKRUL]DWLRQ REMHFWV IRU FRQVLGHUDWLRQ 7KH 3* LV IXOO
LQWHJUDWHG ZLWK 5 DQG LV DYDLODEOH RQ DOO 5VXSSRUWHG SODWIRUPV 7KH 3* UHSUHVHQWV HW
DQRWKHU LPSURYHPHQW RI 6$3·V WRROEDVHG VXSSRUW DQG D UHGXFWLRQ LQ 5 LPSOHPHQWDWLRQ
WLPH
7KH 3* LV DQ DSSURDFK WR GHILQLQJ WKH DXWKRUL]DWLRQ HQYLURQPHQW 7KH DGPLQLVWUDWRU QR
ORQJHU XVHV WKH DXWKRUL]DWLRQ REMHFWV WR GHILQH WKH DXWKRUL]DWLRQV IRU YDULRXV XVHU JURXSV
LQVWHDG DXWKRUL]DWLRQ SURILOHV DUH EXLOW DURXQG WKH IXQFWLRQV WR EH SHUIRUPHG LQ 5 %DVHG
RQ WKH IXQFWLRQV VHOHFWHG WKH 3* SLFNV WKH UHOHYDQW DXWKRUL]DWLRQ REMHFWV DQG JURXSV WKHP
LQ D QHZ DXWKRUL]DWLRQ SURILOH
8VLQJ IXQFWLRQV WR GHILQH DXWKRUL]DWLRQ SURILOHV
6SHHGV XS WKH SURFHVV
'HILQHV DXWKRUL]DWLRQ SURILOHV
6LPSOLILHV DGPLQLVWUDWRUXVHU FRPPXQLFDWLRQ DOORZLQJ ERWK WKH DGPLQLVWUDWRU DQG
XVHUV WR XVH WKH VDPH 5 IXQFWLRQ WHUPLQRORJ
7R XVH WKH 3* RX ILUVW KDYH WR VHW LW XS 7KH RQH WLPH VHW XS LQYROYHV WKH IROORZLQJ VWHSV
KHFN LI WKH 6$3 5 6VWHP SDUDPHWHU LV VHW FRUUHFWO WR DFWLYH
Release 4.6A/B
1–9

67. Chapter 1: R/3 System Security and the Authorization Concept
What Is the Profile Generator?
8VH 68 WR LQLWLDOL]H WKH WDEOHV 862%7B DQG 862%;B DQG WKHQ FXVWRPL]H WKHP LI
GHVLUHG

68. )RU GHWDLOHG LQIRUPDWLRQ SOHDVH UHDG FKDSWHU 6HWWLQJ 8S WKH 3URILOH *HQHUDWRU
2QFH WKH 3* LV VHW XS RX FDQ ZRUN ZLWK LW %HIRUH ZRUNLQJ ZLWK ZLWK WKH 3* LW LV XVHIXO WR
XQGHUVWDQG LWV FRPSRQHQWV
RPSRQHQWV RI WKH 3URILOH *HQHUDWRU
7KH 3* KDV WKH IROORZLQJ FRPSRQHQWV
$FWLYLW *URXSV
$Q DFWLYLW JURXS LV D FROOHFWLRQ RI 5 WUDQVDFWLRQV DXWKRUL]DWLRQV DQG DGGLWLRQDO REMHFWV
RX FDQ DVVLJQ DQ DFWLYLW JURXS WR DV PDQ XVHUV DV RX ZDQW RX FDQ FUHDWH GLVSOD
FKDQJH FRS DQG WUDQVSRUW DFWLYLW JURXSV
RPSRVLWH $FWLYLW *URXSV
RPSRVLWH DFWLYLW JURXSV DUH PDGH XS RI D FROOHFWLRQ RI DFWLYLW JURXSV 7KH XVHUV DVVLJQHG
WR D FRPSRVLWH DFWLYLW JURXS DUH DXWRPDWLFDOO DGGHG WR WKH DFWLYLW JURXSV GXULQJ D
FRPSDULVRQ RPSRVLWH DFWLYLW JURXSV WKHPVHOYHV GR QRW FRQWDLQ DQ DXWKRUL]DWLRQ GDWD
,QVWHDG RI KDYLQJ WR DVVLJQ HDFK XVHU WR HDFK DFWLYLW JURXS RX FDQ VHW XS D FRPSRVLWH
DFWLYLW JURXS DQG WKHQ DVVLJQ WKH XVHUV WR WKLV JURXS
'HULYHG $FWLYLW *URXSV
RX FDQ XVH DQ H[LVWLQJ DFWLYLW JURXS DV D UHIHUHQFH ZKHQ FUHDWLQJ D QHZ RQH 7KH VVWHP
WUDQVIHUV WKH WUDQVDFWLRQV LQ RQH DFWLYLW JURXS WR D QHZ DFWLYLW JURXS³RQH WKDW UHPDLQV
GHSHQGHQW RQ WKH ILUVW RX FDQ GLVSOD WKH KLHUDUFK RI WKH DFWLYLW JURXSV WKDW LQKHULW
WUDQVDFWLRQV IURP HDFK RWKHU E FKRRVLQJ $FWLYLW JURXS → :KHUHXVHG OLVW
:LWK DQ DFWLYLW JURXS GHULYHG IURP D GLIIHUHQW DFWLYLW JURXS RX FDQQRW HQWHU
WUDQVDFWLRQV GLUHFWO RX FDQQRW UHVHW WKH GHILQLWLRQ RI WKH LQLWLDO DFWLYLW JURXS IURP ZKLFK
WKH GHULYHG DFWLYLW JURXS LQKHULWHG LWV WUDQVDFWLRQV 3DVVLQJ RQ WUDQVDFWLRQV RQO UHIHUV WR
WKH PHQX VHOHFWLRQ DQG QRW WR WKH DXWKRUL]DWLRQV RX PXVW PDLQWDLQ DXWKRUL]DWLRQV
VHSDUDWHO LQ HDFK DFWLYLW JURXS WKHVH DUH QRW SDVVHG RQ ,W LV DOVR SRVVLEOH WR WUDQVIHU WKH
DXWKRUL]DWLRQ GDWD RI WKH SUHYLRXV DFWLYLW JURXS WR WKH GHULYHG DFWLYLW JURXS DV D FRS
8VHU $VVLJQPHQW
8VHUV FDQ EH DVVLJQHG WR VLQJOH DFWLYLW JURXSV RU WR FRPSRVLWH DFWLYLW JURXSV ZKLFK PRVWO
UHSUHVHQW MRE UROHV 8VHUV WKDW RX DVVLJQ WR DQ DFWLYLW JURXS PD H[HFXWH WKH WUDQVDFWLRQV
UHSRUWV RU DQ RWKHU WDVN LQ WKH DFWLYLW JURXS ZLWK WKH FRUUHVSRQGLQJ DXWKRUL]DWLRQV
*HQHUDWLQJ WKH 3URILOHV
7KH DGPLQLVWUDWRU FKRRVHV WKH VSHFLILF PHQX SDWKV DQG IXQFWLRQV IRU HDFK XVHU JURXS 7KLV
VHOHFWLRQ GHWHUPLQHV WKH 5 DFWLYLWLHV WKDW XVHUV LQ HDFK XVHU JURXS DUH DXWKRUL]HG WR
SHUIRUP
8VLQJ WKH VHOHFWHG WUDQVDFWLRQ FRGHV WKH 3* GHWHUPLQHV WKH DIIHFWHG DXWKRUL]DWLRQ REMHFWV
7R VLPSOLI WKH FUHDWLRQ RI VXEVHTXHQW LQGLYLGXDO DXWKRUL]DWLRQ SURILOHV 5 FRQWDLQV
Authorizations Made Easy
1–10

69. Chapter 1: R/3 System Security and the Authorization Concept
What Is the Profile Generator?
GHIDXOW YDOXHV IRU PDQ DXWKRUL]DWLRQ ILHOGV LQ VSHFLILF DXWKRUL]DWLRQ REMHFWV )RU H[DPSOH
RQH SRVVLEOH DFFHVV UHVWULFWLRQ PLJKW EH WKH GHIDXOW YDOXH 'LVSOD OLPLWLQJ WKH XVHU WR
GLVSOD PRGH RQ FHUWDLQ WUDQVDFWLRQV
$GGLWLRQDOO WKH 3* LGHQWLILHV WKH RUJDQL]DWLRQDO OHYHOV WKDW SOD D UROH LQ WKH H[WUDFWHG
DXWKRUL]DWLRQ REMHFWV DQG FOHDUO GLVSODV WKHVH OHYHOV IRU WKH DGPLQLVWUDWRU 7KH
DXWKRUL]DWLRQ DGPLQLVWUDWRU PD KDYH WR LQWHUYHQH DQG PDQXDOO GHILQH WKH OHYHOV WR ZKLFK
WKH XVHUV QHHG DFFHVV IRU H[DPSOH WKH FRPSDQ FRGH

70. 7KH 3* WKHQ SODFHV WKH VSHFLILHG OHYHOV LQ WKH DXWKRUL]DWLRQ REMHFWV $W WKLV SRLQW D ORW RI
DXWKRUL]DWLRQ REMHFW ILHOGV IRU WKH QHZ DXWKRUL]DWLRQ SURILOH KDYH EHHQ ILOOHG KRZHYHU WKHUH
DUH VWLOO ILHOGV WKDW QHHG WR EH PDLQWDLQHG 7KH DXWKRUL]DWLRQ REMHFWV DUH GLVSODHG
KLHUDUFKLFDOO LQ D VSHFLDO PDLQWHQDQFH WUDQVDFWLRQ 7KH DGPLQLVWUDWRU PD DGMXVW WKH
UHPDLQLQJ YDOXHV VXFK DV PDWHULDO WSH RUGHU WSH HWF
:LWKLQ WKLV PDLQWHQDQFH WUDQVDFWLRQ WKH DGPLQLVWUDWRU FDQ HDVLO QDYLJDWH IURP WKH
RYHUYLHZ VFUHHQ WR WKH ORZHVW GLVSOD OHYHO WKH DXWKRUL]DWLRQV DQG WKHLU ILHOGV

71. DQG GLUHFWO
DVVLJQ WKH YDOXHV *HQHUDOO SHUPLVVLEOH YDOXHV FDQ DOVR EH DVVLJQHG DW KLJKHU OHYHOV 7KH
IROORZLQJ XWLOLWLHV WR VSHFLI WKH YDOXHV DUH DYDLODEOH DW HYHU OHYHO RI WKH KLHUDUFKLFDO
GLVSOD
9DOXH VHOHFWLRQ IURP OLVWV
KHFNER[HV IRU VLPSOH DFWLYLW VHOHFWLRQ
'HOHWH DQG FRS IXQFWLRQV
,I DGPLQLVWUDWRUV GHWHUPLQH WKDW QR IXUWKHU DXWKRUL]DWLRQ UHVWULFWLRQV DUH QHFHVVDU RQ D
FHUWDLQ OHYHO E FKRRVLQJ D EXWWRQ WKH 3* ILOOV LQ WKH UHPDLQLQJ YDOXHV
)LQDOO DQRWKHU PHQX LWHP LQ WKH VVWHP DVVLJQV WKH XVHUV WR WKH 5 IXQFWLRQV ,Q WKLV
SURFHVV WKH 3* DXWRPDWLFDOO FRSLHV DOO WKH FRUUHVSRQGLQJ DXWKRUL]DWLRQ SURILOHV WR WKH XVHU
PDVWHU UHFRUG 2I FRXUVH XVHUV FDQ EH DVVLJQHG PXOWLSOH VHOHFWLRQV ZKLFK PHDQV WKDW
FHUWDLQ JHQHUDO DXWKRUL]DWLRQV QHHG WR EH PDLQWDLQHG RQO RQFH DQG DUH DYDLODEOH IRU
DVVLJQPHQW WR DOO VVWHP XVHUV
,QWHJUDWLQJ WKH 3* LQ 5 DOVR HQDEOHV WKH DGPLQLVWUDWRU WR DFFHVV WKH GRFXPHQWDWLRQ RQ
HYHU DXWKRUL]DWLRQ REMHFW GLUHFWO IURP WKH 3* )XUWKHUPRUH WKH 3* FDQ OLVW DOO 5
IXQFWLRQV WKDW FKHFN D VSHFLILF DXWKRUL]DWLRQ
5HTXLUHPHQWV DQG $YDLODELOLW
7KH 3* UXQV RQ DOO VXSSRUWHG SODWIRUPV DQG KDV EHHQ DYDLODEOH VLQFH 5HOHDVH * IRU
JHQHUDO FXVWRPHU XVH 6WDUWLQJ ZLWK 5HOHDVH LW LV DOUHDG DFWLYDWHG IRU XVH
Release 4.6A/B
1–11

72. Chapter 1: R/3 System Security and the Authorization Concept
What Is an Activity Group?
:KDW ,V DQ $FWLYLW *URXS
7KH SURFHVV RI VHFXULW LPSOHPHQWDWLRQ ZLWK WKH 3* LV EDVHG RQ WKH FUHDWLRQ RI DFWLYLW
JURXSV RU D FROOHFWLRQ RI OLQNHG RU DVVRFLDWHG DFWLYLWLHV VXFK DV WDVNV UHSRUWV DQG
WUDQVDFWLRQV $Q DFWLYLW JURXS LV D ´GDWD FRQWDLQHUµ IRU WKH 3* WR JHQHUDWH DXWKRUL]DWLRQ
SURILOHV DQG XVXDOO UHSUHVHQWV D MRE UROH LQ RXU FRPSDQ +RZHYHU FXVWRPHUV RIWHQ
GHILQH DFWLYLW JURXSV VRPHZKDW GLIIHUHQWO $V VXFK WKHUH LV QR RQH FRQFUHWH GHILQLWLRQ RI
DQ DFWLYLW JURXS RWKHU WKDQ LW LV D GDWD FRQWDLQHU IRU DXWKRUL]DWLRQV