https://community.sap.com/t5/application-development-and-automation-discussions/inputs-during-scurity-implementation/m-p/7213045#M1522816 <HTML><HEAD></HEAD><BODY><P>Hi Experts,</P><P></P><P>We are implementing security for my client. The below are the steps I</P><P>followed. Let me know if I am in right track..</P><P></P><P>- Getting the users list against their job titles for each module or work</P><P>stream</P><P>- Get the list of transaction codes proposed to be used by each module or</P><P>work stream</P><P>- Prepare a Role Matrix Template with transaction codes against job titles</P><P>and asked the module leads to fill this out for each work stream</P><P>- Get the list of cross functional T-codes by merging all the role matrix</P><P>sheets all work streams</P><P>- Group the T-codes to form parent roles based on the task and based on the</P><P>requested job titles for each module</P><P>- Group cross functional T-codes based on task and based on the job titles</P><P>requested and create parent roles for cross functional T-codes</P><P></P><P>I have the below queries regarding child role creation</P><P>- How do we normally get inputs for organizational restriction, is it based</P><P>on each T-code or based on each user?</P><P>- We have a scenario that few users may need access to all plants for few</P><P>T-codes and for the rest they need restricted only to their plant</P><P></P><P>Let me know what is the usual and effective approach, point out if I need to</P><P>get any inputs from business upfront, so that I can update them and also in</P><P>the schedule</P><P></P><P>-- </P><P>With best regards,</P><P></P><P>atejeda</P></BODY></HTML> Tue, 31 Aug 2010 05:55:58 GMT atejeda 2010-08-31T05:55:58Z https://community.sap.com/t5/application-development-and-automation-discussions/inputs-during-scurity-implementation/m-p/7213045#M1522816 <HTML><HEAD></HEAD><BODY><P>Hi Experts,</P><P></P><P>We are implementing security for my client. The below are the steps I</P><P>followed. Let me know if I am in right track..</P><P></P><P>- Getting the users list against their job titles for each module or work</P><P>stream</P><P>- Get the list of transaction codes proposed to be used by each module or</P><P>work stream</P><P>- Prepare a Role Matrix Template with transaction codes against job titles</P><P>and asked the module leads to fill this out for each work stream</P><P>- Get the list of cross functional T-codes by merging all the role matrix</P><P>sheets all work streams</P><P>- Group the T-codes to form parent roles based on the task and based on the</P><P>requested job titles for each module</P><P>- Group cross functional T-codes based on task and based on the job titles</P><P>requested and create parent roles for cross functional T-codes</P><P></P><P>I have the below queries regarding child role creation</P><P>- How do we normally get inputs for organizational restriction, is it based</P><P>on each T-code or based on each user?</P><P>- We have a scenario that few users may need access to all plants for few</P><P>T-codes and for the rest they need restricted only to their plant</P><P></P><P>Let me know what is the usual and effective approach, point out if I need to</P><P>get any inputs from business upfront, so that I can update them and also in</P><P>the schedule</P><P></P><P>-- </P><P>With best regards,</P><P></P><P>atejeda</P></BODY></HTML> Tue, 31 Aug 2010 05:55:58 GMT https://community.sap.com/t5/application-development-and-automation-discussions/inputs-during-scurity-implementation/m-p/7213045#M1522816 atejeda 2010-08-31T05:55:58Z https://community.sap.com/t5/application-development-and-automation-discussions/inputs-during-scurity-implementation/m-p/7213046#M1522817 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE></CODE></PRE><P>&gt; - Group the T-codes to form parent roles based on the task and based on the</P><P>&gt; requested job titles for each module</P><P>Nothing wrong in creating parent roles, but I always build parent role only if the role results with organizational levels.</P><P>&gt; - Group cross functional T-codes based on task and based on the job titles</P><P>&gt; requested and create parent roles for cross functional T-codes</P><P></P><P>Same here ie </P><P>build parent role only if the role results with organizational levels.</P><P></P><P> </P><P>&gt; I have the below queries regarding child role creation</P><P>&gt; - How do we normally get inputs for organizational restriction, is it based</P><P>&gt; on each T-code or based on each user?</P><P></P><P>It will be based on Organizational levels, like company code, sales org etc......</P><P>&gt; - We have a scenario that few users may need access to all plants for few</P><P>&gt; T-codes and for the rest they need restricted only to their plant</P><P>&gt; </P><P>&gt; Let me know what is the usual and effective approach, point out if I need to</P><P>&gt; get any inputs from business upfront, so that I can update them and also in</P><P>&gt; the schedule</P><P></P><P>Work with business /functional experts to map roles to define a work process role</P><P>&gt; --</P></BODY></HTML> Tue, 31 Aug 2010 20:28:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/inputs-during-scurity-implementation/m-p/7213046#M1522817 Former Member 2010-08-31T20:28:16Z https://community.sap.com/t5/application-development-and-automation-discussions/inputs-during-scurity-implementation/m-p/7213047#M1522818 <HTML><HEAD></HEAD><BODY><P>Franklin,</P><P></P><P>Thank you for your valuable answer. I will get together with my business/functional experts.</P><P></P><P>Sincerely,</P><P></P><P>atejeda</P></BODY></HTML> Tue, 31 Aug 2010 20:45:33 GMT https://community.sap.com/t5/application-development-and-automation-discussions/inputs-during-scurity-implementation/m-p/7213047#M1522818 Former Member 2010-08-31T20:45:33Z