Professional Documents
Culture Documents
ADM940 - EN - Part-4
ADM940 - EN - Part-4
Solution 4
Maintain and Evaluate User Data
Business Example
Almost all companies use PCs and software programs to support their employees in their
daily work. However, to work with this technology, the users require access and
authorizations to call the programs. A control method in an SAP system is the user master
record and its roles and profiles.
2. Enter an initial password of your choice and assign the user to user group ZGR##.
Initial password: Init1234
a) Select the Logon Data tab page.
Enter Init1234 in the New Password and the Repeat Password field.
Enter ZGR## in the User group field.
3. Assign the log-on language that you have used yourself for logging on.
Task 3: Assign a Predefined Work Center Example to Your New User Master Record
Assign a predefined work center example ADM940_BC_ADMIN to your new user master
record by choosing the Other Menu button on the SAP Easy Access initial screen.
1. Choosing the Other Menu button on the SAP Easy Access initial screen (on the application
toolbar: [Shift+F5]).
a) In the SAP Easy Access menu, press the button Other Menu (Shift+F5).
1. Switch from the Other menu display back to the SAP menu display.
a) Choose SAP Menu (Ctrl+F11).
b) Enter GR##-ADM in the User field and choose Change (Shift + F6).
3. Link your user with another role. Choose the role ADM940_PLUS.
a) On the Roles tab, enter ADM940_PLUS in the Role column and press Enter.
1. Display the change documents for your user GR##-ADM by calling up the information
system for users and authorizations and selecting the report For Users under Change
Documents for users and authorizations.
a) SAP Menu: → Tools → Administration → User Maintenance → Information
System → Change Documents → Users
Select the report: For Users.
c) Choose Select All on the User Attributes tab page in the Selection Criteria area.
d) Choose Select All on the Roles/Profiles tab page in the Selection Criteria area.
2. Does the list tell you that creating the user master record and assigning the user to roles
were separate steps?
______________________________________________
a) Analyze the values in the Time column.
Yes. The different time stamps and the numbering tell you that the changes were
made in different steps/lines and one after another.
Task 6: Log On to the System with the Credentials of the Created User
Try to log on to the system as user GR##-ADM without Language information.
f) Choose Enter.
g) Enter a password of your choice, for example Welcome1 in the New Password and the
Repeat Password fields.
4. Check the user buffer by calling the Analyze User Buffer transaction.
How many authorizations exist?
____________________
For which authorization objects? List some examples.
______________________________________________
______________________________________________
a) Start transaction SU56 in your user menu or in the SAP menu.
SAP Menu: → Tools → Administration → Monitor → User Buffer, (transaction code
SU56).
- S_SECPOL
- S_TABU_DIS
- S_USER_AGR (three times)
- S_USER_AUT (twice)
- S_USER_GRP (three times)
- S_USER_PRO (twice)
- S_USER_SAS
- S_DEVELOP (twice)
- S_OC_SEND
- PLOG
GR##-FI1
GR##-FI2
GR##-SD1
GR##-SD2
GR##-MM1
GR##-MM2
a) In the User column, enter the user names listed in the table and choose the Create (F8)
icon.
4. Assign the log-on language that you have used yourself for logging on.
6. Check the result in the change log for a given user entry.
You can copy the generated initial passwords into the tables in the exercise section.
Hint:
Passwords of 40 characters in length are automatically generated. If you
want, you can copy the generated passwords from the log to the following
table, or change them directly for future tasks in transaction SU01 when
required, using the Change Password button (Shift+F8).
GR##-FI1
GR##-FI2
GR##-SD1
GR##-SD2
GR##-MM1
GR##-MM2
a) The result including the generated password is shown in the Mass User Changes
protocol.
Hint:
Another option is to copy the log information to the SAP Business
Workplace area using the Export/Office function, from where it can be
called again at any time (SBWP), into “Private Folders” with a free Title.
7. You can copy the generated initial passwords into the tables in the exercise section.
Business Example
This role maintenance exercise deals with “basic maintenance” using Role Maintenance
(Goto / Settings in the menu). The following tasks should familiarize you with the basic role
maintenance functions and the automatic generation of SAP Easy Access user menus for
various work centers and the associated authorizations, profiles, and user assignments. If you
are attending SAP course ADM940, the next two lessons deal with special role types and the
subtleties of authorization maintenance.
Prerequisites
Note:
In the prerequisites of this exercise, you familiarize yourself with the authorization
concept that you implement in this and the following exercises. You do not create
all the roles at once. This is done in the course for the individual subtasks.
When you see “Use the transactions in accordance with the example authorization concept”,
you need to refer to the following tables: distribution of roles for transaction codes and
distribution of job roles for roles.
Business area>>> FI SD SD MM
Work Place Description>>> AccRec SDClerk SDMan Whouse
SAP R/3 Links: Scope Scope Scope Scope
T Code
MM01
MM02
MM03 x x x x
Business area>>> FI SD SD MM
Work Place Description>>> AccRec SDClerk SDMan Whouse
SAP R/3 Links: Scope Scope Scope Scope
T Code
MM19 x x x x
MM04 x x x x
FD01 x x
FD02 x x
FD03 x x
VD01 x x
VD02 x x
VD03 x x
VA21 x x
VA22 x x
VA23 x x
VA25 x x
VA01 x x
VA02 x x
VA03 x x
V.01 x x
MB1C x
MB90 x
VL21 x
F-18 x
F-26 x
F-28 x
1. Start the Role Maintenance transaction and create the predefined role. Enter a short
description, and save.
2. Add the corresponding transactions in accordance with the sample authorization concept
(Roles for Transaction Codes table from the prerequisites of this exercise).
A brief extract from the table in the prerequisites is provided here to make the task more
comprehensible.
3. Create a folder with the name WWW Links and add a Web address with the name SAP and
the URL http://www.sap.com to this folder.
6. Maintain Authorizations - Set the authorization for the maintenance status in the
authorization object M_MATE_STA to full authorization.
What is the status of the authorization after your change?
_________________________________________________
9. Check the status of your authorization profile in the information section of the
Authorizations tab and complete the maintenance of this role and return to the initial
screen of transaction PFCG.
What is the status of your authorization profile?
_________________________________________________
1. Start the role maintenance transaction and create the predefined role. Enter a short
description, and save.
2. Add the corresponding transactions in accordance with the sample authorization concept
(Roles for Transaction Codes table from the prerequisites of this exercise).
4. Maintain Authorizations - Add the authorization values 561 and 562 to the authorization
values for the Movement Type field of the authorization object M_MSEG_BWA.
7. Complete the maintenance of this role and return to the initial screen of transaction PFCG.
4. Maintain Authorizations - Assign only the value 1200 to the organizational level Plant.
5. Maintain Authorizations - Generate the authorization profile for your role and check the
status of the authorization profile.
What is the status of the authorization profile?
_________________________________________________
6. Complete the maintenance of this role and return to the initial screen of transaction PFCG.
1. Start the role maintenance transaction and create the predefined role. Enter a short
description, and save.
2. Go to the Menu tab page and copy the menu from the predefined role
SAP_BC_SRV_USER by selecting all transactions.