Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
Showing results for 
Search instead for 
Did you mean: 

Implementing SAP Security

Former Member
0 Kudos


For a new ECC implementation, what is the best strategy or approach to use in implementing roles and authorization? Is there a blueprint that I can use?

FYI, we are not implementing Virsa.

Your response is highly appreciated.


Active Contributor
0 Kudos


> Is there a blueprint that I can use?

I doubt you'll ever find (a usable) one for free or on such a forum for that matter. Most of us earn (part of) our money designing them tailored to the customers' needs. I for one am surely not going to give examples away.

The best strategy will always be:

1- determine the needs in the company (what are the tasks for various people and which resources do they need to achieve their goals).

2- determine which data has to be secured.

3- draw a concept based on above information and have it validated by the business.

4- design taskroles (singles) per task and functionroles (composites) to group tasks into functions.

5- test both tasks and functions. The first test can be part of a unit test while the second one will be like an integration test.

People you need:

Functional consultants per module. They know about module-specific authorization stuff.

Business consultants and/or key users who know which processes there are and how they're divided over the various jobs/functions in the company

The (internal) auditors to tell you which information needs to be secured.

As you see this is not a one person job and the outcome will differ per company.


0 Kudos

Thanks a lot!

Edited by: Litz Tee on Feb 6, 2008 6:19 PM

0 Kudos

One thing to remember

Functional consultants MUST write a process design, this should be at TRX level and contain the needed restrictions from fucntional point of view.

The aforementioned should be the basis of the role design.