https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365269#M807548 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE></CODE></PRE><P>&gt; Is there a blueprint that I can use? </P><P></P><P>I doubt you'll ever find (a usable) one for free or on such a forum for that matter. Most of us earn (part of) our money designing them tailored to the customers' needs. I for one am surely not going to give examples away.</P><P></P><P>The best strategy will always be:</P><P>1- determine the needs in the company (what are the tasks for various people and which resources do they need to achieve their goals).</P><P>2- determine which data has to be secured.</P><P>3- draw a concept based on above information and have it validated by the business.</P><P>4- design taskroles (singles) per task and functionroles (composites) to group tasks into functions.</P><P>5- test both tasks and functions. The first test can be part of a unit test while the second one will be like an integration test.</P><P></P><P>People you need:</P><P>Functional consultants per module. They know about module-specific authorization stuff.</P><P>Business consultants and/or key users who know which processes there are and how they're divided over the various jobs/functions in the company</P><P>The (internal) auditors to tell you which information needs to be secured.</P><P></P><P>As you see this is not a one person job and the outcome will differ per company.</P><P></P><P>Jurjen</P></BODY></HTML> Wed, 06 Feb 2008 08:24:47 GMT jurjen_heeck 2008-02-06T08:24:47Z https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365268#M807547 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>For a new ECC implementation, what is the best strategy or approach to use in implementing roles and authorization? Is there a blueprint that I can use? </P><P></P><P>FYI, we are not implementing Virsa. </P><P></P><P>Your response is highly appreciated.</P></BODY></HTML> Wed, 06 Feb 2008 08:13:21 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365268#M807547 Former Member 2008-02-06T08:13:21Z https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365269#M807548 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE></CODE></PRE><P>&gt; Is there a blueprint that I can use? </P><P></P><P>I doubt you'll ever find (a usable) one for free or on such a forum for that matter. Most of us earn (part of) our money designing them tailored to the customers' needs. I for one am surely not going to give examples away.</P><P></P><P>The best strategy will always be:</P><P>1- determine the needs in the company (what are the tasks for various people and which resources do they need to achieve their goals).</P><P>2- determine which data has to be secured.</P><P>3- draw a concept based on above information and have it validated by the business.</P><P>4- design taskroles (singles) per task and functionroles (composites) to group tasks into functions.</P><P>5- test both tasks and functions. The first test can be part of a unit test while the second one will be like an integration test.</P><P></P><P>People you need:</P><P>Functional consultants per module. They know about module-specific authorization stuff.</P><P>Business consultants and/or key users who know which processes there are and how they're divided over the various jobs/functions in the company</P><P>The (internal) auditors to tell you which information needs to be secured.</P><P></P><P>As you see this is not a one person job and the outcome will differ per company.</P><P></P><P>Jurjen</P></BODY></HTML> Wed, 06 Feb 2008 08:24:47 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365269#M807548 jurjen_heeck 2008-02-06T08:24:47Z https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365270#M807549 <HTML><HEAD></HEAD><BODY><P>Thanks a lot!</P><P></P><P>Edited by: Litz Tee on Feb 6, 2008 6:19 PM</P></BODY></HTML> Wed, 06 Feb 2008 17:18:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365270#M807549 Former Member 2008-02-06T17:18:01Z https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365271#M807550 <HTML><HEAD></HEAD><BODY><P>One thing to remember</P><P>Functional consultants MUST write a process design, this should be at TRX level and contain the needed restrictions from fucntional point of view.</P><P>The aforementioned should be the basis of the role design.</P></BODY></HTML> Wed, 06 Feb 2008 18:55:17 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implementing-sap-security/m-p/3365271#M807550 Former Member 2008-02-06T18:55:17Z