https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605756#M868536 <HTML><HEAD></HEAD><BODY><P>Thankyou Abhishek Guru for the valuable information.:)</P><P></P><P>Actually,I am fresher in security and was just involved in Role build and FUT phase.</P><P>But want to learn how to carry out a security implementation project,the security designing concepts ?</P><P></P><P>Please suggest me some source and guide me in the same.</P><P></P><P>Please ellaborate Job based security or process based security?</P><P></P><P></P><P>.</P></BODY></HTML> Fri, 28 Mar 2008 00:49:48 GMT Former Member 2008-03-28T00:49:48Z https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605752#M868532 <HTML><HEAD></HEAD><BODY><P>How requirement gathering should be done?</P><P>What is procedure to Create Authorization Matrix in SAP Secuirty Project?</P></BODY></HTML> Thu, 27 Mar 2008 21:15:51 GMT https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605752#M868532 Former Member 2008-03-27T21:15:51Z https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605753#M868533 <HTML><HEAD></HEAD><BODY><P>Hi Ajit,</P><P></P><P>Transactions and authorizations defined in roles are a result of business process needs.</P><P></P><P>So first, the functional/business consultants needs to define the proper business processes in place. Initially, this is done at the transaction level. </P><P>In this initial requirement gathering, the security team needs to be proactive to understand all these process and propose possible changes. viz. normalize the roles so that a transaction is not duplicated across many roles(unless required), check if any within role SOD's are forming and act accordingly...etc</P><P></P><P>Next, would be to determine the object values, which is normally done with high degree of interaction with the functional consultants. For larger companies, some roles might need to be restricted too, hence, derived roles would also come into play... all this forms a part of requirement gathering.</P><P>Companies follow different procedures for requirement gathering, but you go through ADM940, it gives a good hindsight of the matrix.</P><P></P><P>The answer to your question is very deep........ <SPAN __jive_emoticon_name="happy"></SPAN></P><P>So just shoot whatever specific questions flash your mind </P><P></P><P>Hope this helps</P><P>Abhishek</P></BODY></HTML> Thu, 27 Mar 2008 22:54:55 GMT https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605753#M868533 Former Member 2008-03-27T22:54:55Z https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605754#M868534 <HTML><HEAD></HEAD><BODY><P>Thankyou Abhishek once again!!!</P><P></P><P>" normalize the roles so that a transaction is not duplicated across many roles(unless required), check if any within role SOD's are forming and act accordingly...etc..."</P><P>What does this statement signify?</P><P></P><P></P><P>Also are there any tools involved to identify transaction from process?</P><P></P><P>Please let me know if you have any case studies which illustrates this? or where can I find the same?</P><P></P><P>Regards ,</P><P>Ajit</P></BODY></HTML> Thu, 27 Mar 2008 23:30:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605754#M868534 Former Member 2008-03-27T23:30:32Z https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605755#M868535 <HTML><HEAD></HEAD><BODY><P>Hi Ajit,</P><P></P><P>It depends on the type of security design the company is implementing. For example, if its a process based design, each business process is linked to a security role. Then we try to normalize the roles, so that one transaction is not duplicated across many processes. Unless these transactions play a different role in various business processes, viz. simple example could be : display in one/maintain in another. </P><P></P><P>Which type of approach is your company implementing? Job based security or process based security?</P><P></P><P>Regarding the SOD, we try not to create a role with an inherent SOD. You can search the forum for "SOD", contains a pool of knowledge and links discussed by our experts. <SPAN __jive_emoticon_name="happy"></SPAN></P><P></P><P>Each implementation has its own processes, its difficult to predict this with tools, its actually the job and responsibility of the functional/business teams to define the processes and their underlying transactions/restrictions. Am not sure of any case studies you are specifically looking for are out here. Will leave this one to the gurus.</P><P><SPAN __jive_emoticon_name="happy"></SPAN></P><P></P><P>Thank you</P><P>Abhishek</P></BODY></HTML> Thu, 27 Mar 2008 23:57:20 GMT https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605755#M868535 Former Member 2008-03-27T23:57:20Z https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605756#M868536 <HTML><HEAD></HEAD><BODY><P>Thankyou Abhishek Guru for the valuable information.:)</P><P></P><P>Actually,I am fresher in security and was just involved in Role build and FUT phase.</P><P>But want to learn how to carry out a security implementation project,the security designing concepts ?</P><P></P><P>Please suggest me some source and guide me in the same.</P><P></P><P>Please ellaborate Job based security or process based security?</P><P></P><P></P><P>.</P></BODY></HTML> Fri, 28 Mar 2008 00:49:48 GMT https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605756#M868536 Former Member 2008-03-28T00:49:48Z https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605757#M868537 <HTML><HEAD></HEAD><BODY><P>Hi Ajit,</P><P></P><P>If you are starting new to security, then you can go through books like authorizations made easy, and can also enroll for the SAP ADM courses. There are also good books for authorizations and the procedures for implementing it on SAP-PRESS. You can buy them too.</P><P></P><P>You can search this forum for certification too:</P><P><A class="jive_macro jive_macro_message" href="https://community.sap.com/" __jive_macro_name="message" modifiedtitle="true" __default_attr="4883948"></A></P><P></P><P>To answer your question on job and process based roles:</P><P></P><P>Process roles are roles that contain at least one tcode, but are usually a set of tcodes, reports and programs. They represent a defined granular business process with specific functions within the R/3 environments. Set of these roles make up a job for a user.</P><P></P><P>Job roles are roles containing multiple tcodes, reports and programs which make up specific Job Functions .These may also be referenced as Position-Based Roles. In most cases, users are only assigned one Job Role</P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy"></SPAN></P><P>Abhishek</P></BODY></HTML> Fri, 28 Mar 2008 18:09:26 GMT https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605757#M868537 Former Member 2008-03-28T18:09:26Z https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605758#M868538 <HTML><HEAD></HEAD><BODY><P>This message was moderated.</P></BODY></HTML> Fri, 20 Feb 2015 10:24:13 GMT https://community.sap.com/t5/application-development-and-automation-discussions/creating-the-authorization-matrix/m-p/3605758#M868538 Former Member 2015-02-20T10:24:13Z