Question: Hi Guys,
I am trying to implement APO security. (APO v. 3.1)
In R/3 the method we used to design roles was:
1. Listed down the organizational entities we would want to control
eg: company code, Business Area, profit centers, purchase org., plants etc
2. Build up roles restricting the values for these entities
3. Assign these roles to the users.
But in APO, we have only one organizational entity - Plan Version and we want to control many other values too. If we are to restrict the transaction access by location, planning book, resource etc for eg. a tcode say /sapapo/sdp94. The authorization objects that are validated against do not have a default status of check/maintain in SU24. I would have to manually change the status to check/maintain - Also then i would have to give default values for the fields of those objects. This would mean i am deviating from SAP standard way of doing things...
My question is : If i want to restrict access in demand planning module by say resource, planning book and location - Is the above said way the right way to carry on?
How is Security usually done in APO?
Regards,
VS
Answer:
There is no standard in Su24. It is a configuration table and is up to the customer to make it work the way they need it, NOT rely on SAP as they have access granted to object no end user should have. In the Add-on modules like APO the SU24 entries are abisimal at best and require your intervention.
note that moving the entry from 'C' to 'CM' means nothing as far as control goes. It is the move from 'N' to 'CM' that cause SAP to start failing the check if the user is not authorized.
Answer:
Thanks John, Your opinion is appreciated - It is good for me to start with. I was under the impression that changes done in SU24 meant deviation from the standard way of doing things..
Any idea what needs to be done during an upgrade - Would changes be overwritten by SAP Standard then.
VS.
Answer:
SU25 is your upgrade transaction for SU24, but before the upgrade use su25 to create a transport of SU24 and export it. then if you use SU25 incorrectly then you can recover by imporitng the file back into the system
Friday, September 12, 2008
Subscribe to:
Post Comments (Atom)
Archive
-
▼
2008
(74)
-
▼
September
(56)
- FREE DOWNLOAD Business Task Management in Netweaver
- Business Process Monitoring Session in Solution Ma...
- Session Change Modes Netweaver
- Business Framework Architecture-BFA Netweaver
- BRTOOLS Netweaver
- BRBACKUP Netweaver
- BRARCHIVE Netweaver
- BI Workload Stats in Netweaver 7.0 Netweaver
- Automatically Generated Information in BW Netweaver
- Exchanging Metadata in XMI Format Netweaver
- Searching for Metadata Netweaver
- Defining Source System in BI 7.0 Netweaver
- Setting BW Production Client Netweaver
- BSP call : type of termination: RABAX_STATE
- Setting Up BEx Web in BI 7.0 Netweaver
- FREE DOWNLOAD Beginners SAP XI
- Background documentation Business Partner Integrat...
- Background documentation Adding an ABAP System to ...
- Inconsistency in SAP NetWeaver BI in Just 5 Steps
- Assigning Authorizations Netweaver
- Authorization Netweaver
- Editing Predefined Authorizations Netweaver
- Authorization Checks Netweaver
- Authorization Checks in Your Own Developments
- Programming Authorization Checks
- Free Download APO Weeks pdf
- APO - Locking Planning Area Netweaver
- APO - second role causes authorization problems
- APO - tcode /SAPAPO/MC62 - Maintain Characteristic...
- APO Alert Monitor Netweaver
- APO Alert Monitor Netweaver
- APO authorization problem Netweaver
- APO Security netweaver
- APO Security issue Netweaver
- Analysis of hanging situations
- Service Implementation in Java
- Service Testing and Registry PP
- Consuming Services with ABAP PP
- Adjust Roles and Profiles in solution manager
- I have a problem with sending RFC from R/3 to XI
- How do I use 'Apply Control Record Values from Pay...
- XI: IDOC Adapter - EDI_DC40 - demystified
- I can't see my adapters in the adater monitoring a...
- Where can I find J2SE plain Adapter
- How can I access filename from File/FTP Sender Ada...
- Where can I find FAQ on adapters?
- How can I access adapter monitor?
- Testing Sample Adapter
- Dynamic Configuration of Some Communication Channe...
- Troubleshooting - RFC and SOAP scenarios
- Where can I find JAR files for creating java proxies?
- XI: Debug your inbound ABAP Proxy implementation
- Wanna Party ?
- Creation of text table in ABAP Dictationary
- ABAP code sharing make easy
- How many lines of ABAP code are inside of SAP?
-
▼
September
(56)
Translation by Google
Subscription Free
Categories
- ABAP code are inside of SAP?
- ABAP code sharing make easy
- ABAP Dictationary
- Adapters Faqs in XI
- Adjust Roles and Profiles in solution manager
- An in Depth Look at enterprise SOA
- Analysis of hanging situations
- APO Faqs
- APO FREE DOWNLOADS
- Authorizations in BIW
- Avoid Data Inconsistency in SAP NetWeaver BI
- Background documentation
- Background documentation Business Partner Integration
- Beginners SAP XI
- BI
- BI 7.0
- BI 7.0 Web Template
- BI Content
- BI Workload Stats in Netweaver 7.0
- BRARCHIVE
- BRBACKUP
- Brtools for managing Oracle
- Business Framework Architecture BFA
- Business Process Maintenance Session
- Business Process Monitoring Session
- Business Scenarios and Processes
- BW Certification Exam
- BW FAQS
- BW Go Live
- Chain Management
- Change Request Management Roles
- Changes in password rules
- Check Business Processes In/Out
- Client Setting
- Color of SAP GUI windows
- Component Attributes
- Creating a Task
- FREE DOWNLOAD Business Task Management
- InfoPackages
- InfoPackages in BW
- Netweaver Screen Shots
- SAP Documents
- SAP Solution Manager
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
No comments:
Post a Comment