https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061243#M1503361 <HTML><HEAD></HEAD><BODY><P>Authorization Matrix - Not any table / programme will work for you in this case, you better maintain below checklist :</P><P></P><P>1) Gather company data : Organization Structure HR will help you in this. (you need to get all details on Organization values such as Company Code, Plant, Purchasing / Sales Organization etc.,</P><P>2) Prepare a sheet for every module (PP,MM,SD,FI,CO,HR etc.,)</P><P>3) Study the Organization structure &amp; Identify the Job responsibility of the person in current organization &amp; what function he / she will do in SAP.</P><P>4) A sheet contains T-codes &amp; description (you can get list of tcodes from respective functional consultant), Role Name, Activity - create/change/display et.,</P><P>5) Don't add all t-codes Ex- PP : Add only those tcodes access by you users : End or Core users. Sometime it doesn;t make sense to give create / change / delete t-codes to a user who's only responsible for doing data entry job or a user who is responsible only for creating materials not approving / sending.</P><P>6) Make a sheet that maps you users to role</P><P>7) Always review / approve your Matirx from respective Functional Head, as a BASIS we can't take decision on Functional side.</P><P><span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span> Always test you roles in DEV / QAS (training client) assigned to a test user by your functional cunsultant.</P><P>9) Always remember of cross functionality authorizations (like some time they may</P><P>10) Always make sure that none of the user gets any BASIS activity authorization.</P><P></P><P>I gather above points from my experience where I was involved in designing Matrix, It can be defferent depends upon the organization.</P><P></P><P>Regards;</P></BODY></HTML> Wed, 21 Jul 2010 17:15:01 GMT Former Member 2010-07-21T17:15:01Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061239#M1503357 <HTML><HEAD></HEAD><BODY><P>Dear Experts</P><P> we are trying to make Authorization Matrix for users authorizations , so what i need to know if is there any way i can get template list includes Tcodes and the Authorization objects corresponding to each Tcode , it will be a lot easier to make the roles . </P><P>please if anyone can advice how i can get the tcode list with its objects it will be great.</P><P>thanks</P><P>Sameh Essa</P></BODY></HTML> Wed, 21 Jul 2010 14:54:13 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061239#M1503357 Former Member 2010-07-21T14:54:13Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061240#M1503358 <HTML><HEAD></HEAD><BODY><P>Hi Sameh,</P><P></P><P>Goto transaction SU24. Select "Type of Application" as "Transaction", below give transaction code &amp; execute it</P><P>You will see Authorization Objects listed. All that have been proposed as YES in the proposal column will be checked for that particular transaction code </P><P>You need to maintain the authorization for these particular Authorization Objects</P><P>Alternatively, you can see them in the table USOBT_C</P><P></P><P>Edited by: Siddhartha Varma on Jul 21, 2010 5:32 PM</P></BODY></HTML> Wed, 21 Jul 2010 15:04:55 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061240#M1503358 Former Member 2010-07-21T15:04:55Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061241#M1503359 <HTML><HEAD></HEAD><BODY><P>Hi Sameh,</P><P></P><P>please check tables AGR_1250 and AGR_1251.</P><P></P><P></P><P>Thanks,</P><P>SS</P></BODY></HTML> Wed, 21 Jul 2010 15:41:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061241#M1503359 Sri_S1 2010-07-21T15:41:38Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061242#M1503360 <HTML><HEAD></HEAD><BODY><P>Like others said AGR* tables will help</P><P>if you need to also have parent child relationship use AGR_define, apart from using AGR_1251 </P><P></P><P>you also have AGR_1252 which will give you role to Organization level details</P></BODY></HTML> Wed, 21 Jul 2010 16:37:23 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061242#M1503360 Former Member 2010-07-21T16:37:23Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061243#M1503361 <HTML><HEAD></HEAD><BODY><P>Authorization Matrix - Not any table / programme will work for you in this case, you better maintain below checklist :</P><P></P><P>1) Gather company data : Organization Structure HR will help you in this. (you need to get all details on Organization values such as Company Code, Plant, Purchasing / Sales Organization etc.,</P><P>2) Prepare a sheet for every module (PP,MM,SD,FI,CO,HR etc.,)</P><P>3) Study the Organization structure &amp; Identify the Job responsibility of the person in current organization &amp; what function he / she will do in SAP.</P><P>4) A sheet contains T-codes &amp; description (you can get list of tcodes from respective functional consultant), Role Name, Activity - create/change/display et.,</P><P>5) Don't add all t-codes Ex- PP : Add only those tcodes access by you users : End or Core users. Sometime it doesn;t make sense to give create / change / delete t-codes to a user who's only responsible for doing data entry job or a user who is responsible only for creating materials not approving / sending.</P><P>6) Make a sheet that maps you users to role</P><P>7) Always review / approve your Matirx from respective Functional Head, as a BASIS we can't take decision on Functional side.</P><P><span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span> Always test you roles in DEV / QAS (training client) assigned to a test user by your functional cunsultant.</P><P>9) Always remember of cross functionality authorizations (like some time they may</P><P>10) Always make sure that none of the user gets any BASIS activity authorization.</P><P></P><P>I gather above points from my experience where I was involved in designing Matrix, It can be defferent depends upon the organization.</P><P></P><P>Regards;</P></BODY></HTML> Wed, 21 Jul 2010 17:15:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061243#M1503361 Former Member 2010-07-21T17:15:01Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061244#M1503362 <HTML><HEAD></HEAD><BODY><P>Hi ,</P><P></P><P>This activity is very good for the beginning of the project well posted</P><P>but today almost all large enterprises use BPML from Solution Manager for all that you have listed.</P><P></P><P></P><P>One blueprint and realization stage example can be as below: </P><P></P><P>ARIS FLOW/VISIO - BPML( Solution Manager ) - Role build for each functional team.</P><P></P><P></P><P>AGR* tables will be a starting point for the question posted to get atleast a list of SAP delivered roles.</P></BODY></HTML> Wed, 21 Jul 2010 17:22:28 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061244#M1503362 Former Member 2010-07-21T17:22:28Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061245#M1503363 <HTML><HEAD></HEAD><BODY><P>This message was moderated.</P></BODY></HTML> Wed, 21 Jul 2010 17:27:47 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061245#M1503363 Former Member 2010-07-21T17:27:47Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061246#M1503364 <HTML><HEAD></HEAD><BODY><P>Yes Frank you are right now every day things are going in "Automate" way due to time restriction, welll the points which I have mentioned wasn't totally complete. I just want to put some light on how to begin with.</P><P></P><P>Regards;</P></BODY></HTML> Thu, 22 Jul 2010 09:49:50 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061246#M1503364 Former Member 2010-07-22T09:49:50Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061247#M1503365 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE><P></P><P>&gt; but today almost all large enterprises use BPML from Solution Manager for all that you have listed.</P><P>&gt;</P></CODE></PRE><P></P><P>Uptake is much slower than that in my experience. I am a huge fan of that approach but the market is way behind in terms of adoption and use of those tools.</P></BODY></HTML> Thu, 22 Jul 2010 10:57:37 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-objects-in-transaction-codes/m-p/7061247#M1503365 Former Member 2010-07-22T10:57:37Z