SAP SRM Security - SAP SRM

What does SAP security deals with?

You can perform following actions that can be performed under security. User authorization
  • User authentication
  • Single Sign-on
  • Data transfer between SRM applications with secure methods
  • Managing access control
SAP SRM and SAP NetWeaver have similiar platforms, so it is must to have configure the same security for SRM and SAP NetWeaver.

Managing User Administration and Authentication

SRM has various inbuilt user management tools in SAP system that you can use in SAP NetWeaver. These are also called from transactions.
These tools are useful to manage the application platform for Java and ABAP.

Managing Users in ABAP Engine

Step 1 − You can manage users in the SAP system using T-Code: SU01, you can use this to manage users in ABAP system.
initial_screen
Step 2 − To create a new user, enter the username and click on Create button.
user
Step 3 − Now you are directed to the next window where you can see multiple tabs. In the Address tab, enter the details about the user. Title, first name, last name, academic title, and other details.
multiple_tabs
Step 4 − In Logon Data tab, enter the details like User type, Password details, etc
logon_data
Step 5 − Go to the Roles tab to add the role as per business requirement. There are predefined roles as per different modules.
You have an option to select from single roles or composite roles.
single_roles
Step 6 – Scroll on to different tabs , you can also add a user to different groups.
user_to_different_groups
Step 7 − When you enter all the details, you can click on the Save button at the top.

Profile Generator (PFCG)

Transaction — PFCG
You can use this transaction to manage roles in ABAP system and to provide user authorization. You can create new roles, copy existing roles, define single and composite roles, etc.
Step 1 − In the following screen, you have to enter the role name and click on Single/Composite role.
test
Step 2 − To copy an existing role, you can click on the Copy Role button. Select the role from the list of existing roles, you can select Single/Composite Role.
copy_role
Step 3 − To change a role. Select the role from the list and click on the Change button.
change_button
Step 4 − When you go to the User tab, you can see the list of users that has been applied to this role. You can see user id, user name, from and to date.
change_roles
Step 5 − You can also perform a user comparison master record or can add a direct user to this role.

Central User Administration

Central user administration is used to centrally maintain users for multiple ABAP-based systems. You can use this method to support synchronization with a directory server.
You can use these system users for RFC configuration between two clients. These RFCs are also required to transfer the data here.
You must create the following in the respective clients with the following defined roles −
  • Client 1 − 400 User, this is a central system — CUA_EC400
  • Client 2 − 410 User, this is a child system — CUA_EC410
The above mentioned usernames have been created in client 400 and 410 with the following roles −
User CUA_EC400 is associated with the following roles (roles in the central system) −
  • SAP_BC_USR_CUA_CENTRAL
  • SAP_BC_USR_CUA_CENTRAL_BDIST
  • SAP_BC_USR_CUA_CENTRAL_EXTERN

UME Engine

UME engine is an Web-based UME administration console used to maintain users, roles and authorizations in Java-based systems to use the UME for the user store.

User Types

Use following user types when you create a new user −
user_types
Each user has its own description as per business requirement. A dialog user is required to login to system as an individual user.
The following are the different user types in SAP –
S.No User Types In SAP & Description
1
Dialog
Individual, interactive system access
2
System
Background processing and communication withing a system (Such as RFC users for ALE, Workflow, TMS, and CUA)
3
Communication
Dialog-free communication for external RFC calls
4
Service
Dialog user available to a larger, anonymous group of users.
5
Reference
General, non-person related users that allow the assignment of additional identical authorizations, such as for Internet users created with Transaction SU01. No logon is possible.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

SAP SRM Topics