https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008515#M409700 <HTML><HEAD></HEAD><BODY><P>hi Kamal,</P><P>Just read this nice explanation on SAP help..</P><P><A href="http://help.sap.com/saphelp_nw04/helpdata/en/63/a30a4ac00811d2851c0000e8a57770/content.htm" target="test_blank">http://help.sap.com/saphelp_nw04/helpdata/en/63/a30a4ac00811d2851c0000e8a57770/content.htm</A></P><P>It shdould help u in getting the over view...</P><P>Ping back to us in case of questions...</P><P>VBr,</P><P>Sri</P><P>Award points for helpful answers</P></BODY></HTML> Mon, 19 Mar 2007 19:24:13 GMT Former Member 2007-03-19T19:24:13Z https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008514#M409699 <HTML><HEAD></HEAD><BODY><P>hey,</P><P>in all the business scenarios there r DEV,QA,PRD.can som1 kindly explain what is actually happening in these systems n the role of sap security guy in all these three?</P></BODY></HTML> Mon, 19 Mar 2007 19:04:31 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008514#M409699 Former Member 2007-03-19T19:04:31Z https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008515#M409700 <HTML><HEAD></HEAD><BODY><P>hi Kamal,</P><P>Just read this nice explanation on SAP help..</P><P><A href="http://help.sap.com/saphelp_nw04/helpdata/en/63/a30a4ac00811d2851c0000e8a57770/content.htm" target="test_blank">http://help.sap.com/saphelp_nw04/helpdata/en/63/a30a4ac00811d2851c0000e8a57770/content.htm</A></P><P>It shdould help u in getting the over view...</P><P>Ping back to us in case of questions...</P><P>VBr,</P><P>Sri</P><P>Award points for helpful answers</P></BODY></HTML> Mon, 19 Mar 2007 19:24:13 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008515#M409700 Former Member 2007-03-19T19:24:13Z https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008516#M409701 <HTML><HEAD></HEAD><BODY><P>Kamal,</P><P>High level overview:</P><P></P><P>In SAP most work is done in development then transported to QA for testing. Once testing passes it is moved into PRD.</P><P></P><P>DEV</P><P>Used for development and configuration. The security person needs to insure only approved developers and configurers have change access. In addition modifications requiring transport should go through a change control process.</P><P></P><P>QA</P><P>Used For testing. Should resemble production as much as possible in order to produce accurate testing. Direct access to development and config should be restricted in this instance (generally speaking).</P><P></P><P>PRD</P><P>End users have transaction access and administrators should be limited.</P><P></P><P>Cheers,</P><P></P><P>Ben</P></BODY></HTML> Mon, 19 Mar 2007 19:24:39 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008516#M409701 Former Member 2007-03-19T19:24:39Z https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008517#M409702 <HTML><HEAD></HEAD><BODY><P>A security guy, handles on a number of times the Authorizations and related issues in these systems....</P><P>Ideally he makes the changes in DEV systems, moves them to QTY for the tests and once the Tests are successull, the transports would be moved ot PRD.</P><P>In a nut shell, thats how every change mkoves across in trhe SAP system.,</P><P>Hope it helps...</P><P>VBr,</P><P>Sri</P><P>Award poiints for helpful answers</P></BODY></HTML> Mon, 19 Mar 2007 19:25:52 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008517#M409702 Former Member 2007-03-19T19:25:52Z https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008518#M409703 <HTML><HEAD></HEAD><BODY><P>hi,</P><P>dev ,qa prd are the three diff clients in sap system,rite?so in dev ,customizing refers to the functional guy ,developers according to the business need they edit sap.then these changes are transported to qa.wat is the actuall purpose of qa?it just checks whethr the transport is done r any missing links?so the role of sap security in dev is to restrict developers and functional guys and exclusively creates role for devlopers etc not for the end users?</P><P> </P><P> In prd again the security guy creates the role according to the business needs inorder to assign to end user? pls let me b clear....</P></BODY></HTML> Tue, 20 Mar 2007 01:50:45 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008518#M409703 Former Member 2007-03-20T01:50:45Z https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008519#M409704 <HTML><HEAD></HEAD><BODY><P>hi kamal,</P><P>The securoty guy does not develop any thing for business in PRD. the same is developed in DEV system only and tested in QTY by a few people who don the cap of a End user... so the security guy has to take care of both the consultant roles and buisness users roles...</P><P>also in QTY integration testing etc... once a developer developes a programm, module or a user exit, we test that development in DEV system as a unit...</P><P>so its called unit testing... and once we move it to QTY, it is tested on a different angle, like does this change affect any other module, does it have a impacxt on any other working programm etc etc... once all the checks are made and if it has got a satisfactory perfromance then only the new program, new tcode or whatever be it is moved to production...</P><P>The same procedure is even followed while applying SAP Notes to the systems..</P><P>Hope it is clear now..</P><P>VBr,</P><P>Sri</P><P>Award points for helpful answers</P></BODY></HTML> Tue, 20 Mar 2007 05:42:49 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security/m-p/2008519#M409704 Former Member 2007-03-20T05:42:49Z