https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482994#M837409 <HTML><HEAD></HEAD><BODY><P>My company is implementing SAP and we have this huge issue about role mapping. Being the junior member of a 2-person Security team, I would really appreciate your responses.</P><P></P><P>Functional teams identifies the roles and tcodes. Security creates the roles. But who is responsible for mapping roles to users? We have this huge issue about who should be driving this activity. Our Security Consultant said that our team should be responsible for this. But the Change Management team also wants ownership and have actually started the process. Based on your experience who should be responsible?</P><P></P><P>Thanks,</P><P>JB</P></BODY></HTML> Wed, 05 Mar 2008 07:41:56 GMT Former Member 2008-03-05T07:41:56Z https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482994#M837409 <HTML><HEAD></HEAD><BODY><P>My company is implementing SAP and we have this huge issue about role mapping. Being the junior member of a 2-person Security team, I would really appreciate your responses.</P><P></P><P>Functional teams identifies the roles and tcodes. Security creates the roles. But who is responsible for mapping roles to users? We have this huge issue about who should be driving this activity. Our Security Consultant said that our team should be responsible for this. But the Change Management team also wants ownership and have actually started the process. Based on your experience who should be responsible?</P><P></P><P>Thanks,</P><P>JB</P></BODY></HTML> Wed, 05 Mar 2008 07:41:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482994#M837409 Former Member 2008-03-05T07:41:56Z https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482995#M837410 <HTML><HEAD></HEAD><BODY><P>I think you should distinguish between 'responsible' as in 'who signs off' and 'who does the actual work'. </P><P>Maybe creating a [raci diagram|http://en.wikipedia.org/wiki/RACI_diagram] could provide some additional insight.</P><P></P><P>This is definately not an easy one.</P></BODY></HTML> Wed, 05 Mar 2008 07:49:43 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482995#M837410 jurjen_heeck 2008-03-05T07:49:43Z https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482996#M837411 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P></P><P>Normally Security team will create the Roles, and its test plans.</P><P>then finally assign to the endusers.</P><P></P><P>if there is a integrated help desk, they will assign to the endusers.</P></BODY></HTML> Wed, 05 Mar 2008 08:01:44 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482996#M837411 Former Member 2008-03-05T08:01:44Z https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482997#M837412 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The guys before are talking in solutions. The person responsible for the employee and the work he is doing is also responsible that he/she gets the authorization they need. It should not be so that the person that create roles can also connect them to the user. It is a possible fraud moment. In principle you have a function that create the user, an other that connects roles to the user and a function that create/maintain roles(authorizations). What you must do is avoiding the possibilities of fraud. Not every organization is ready for this, you see often a combination. Segregation of duties is the magic word.</P><P></P><P>have fun</P><P></P><P>Bye</P><P>Jan van Roest</P></BODY></HTML> Wed, 05 Mar 2008 08:30:04 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482997#M837412 Former Member 2008-03-05T08:30:04Z https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482998#M837413 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE></CODE></PRE><P>&gt;But who is responsible for mapping roles to users? We have this huge issue about who should be driving this activity. Our Security Consultant said that our team should be responsible for this. But the Change Management team also wants ownership and have actually started the process. Based on your experience who should be responsible?</P><P></P><P>The Change Management team should own the mapping of roles to users. It is a business activity, not a technical one.</P><P></P><P>The Security team is responsible for performing those assignments in SAP.</P><P></P><P>Generally user mapping causes more issues at go-live than any other area in security. Usually the Change Management team will be in a better position to manage this business related function.</P></BODY></HTML> Wed, 05 Mar 2008 20:47:07 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-mapping/m-p/3482998#M837413 Former Member 2008-03-05T20:47:07Z