Scribd
Upload
54 views4 pages

SAP Security Basics: User Roles & Admin

The document outlines a four-day training program on SAP Security, covering user administration, authorization objects, roles, and best practices. Key concepts include user types, roles, profiles, and the principle of least privilege, along with practical labs and quizzes for hands-on learning. Essential T-codes such as SU01, PFCG, and SU53 are highlighted throughout the training.

Uploaded by

RBC
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
54 views4 pages

SAP Security Basics: User Roles & Admin

The document outlines a four-day training program on SAP Security, covering user administration, authorization objects, roles, and best practices. Key concepts include user types, roles, profiles, and the principle of least privilege, along with practical labs and quizzes for hands-on learning. Essential T-codes such as SU01, PFCG, and SU53 are highlighted throughout the training.

Uploaded by

RBC
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Day 1 – Introduction to SAP Security

Cheat Sheet
- User = SAP account for login
- Role = Set of authorizations + transactions
- Profile = Technical container of authorizations
- Key T-Codes: SU01, PFCG, SU53, ST01
- Principle of Least Privilege = minimum access only

Theory
SAP Security ensures users have proper access.
User master record = Roles + Profiles + Parameters.

Lab
1. Create TEST_USER1 in SU01.
2. Assign role Z_TEST_ROLE via PFCG.
3. Test login with new user.

Quiz
Q1: Which T-code to create a user? → SU01
Q2: Role is created in? → PFCG
Q3: Principle of Least Privilege means? → Minimum access
Day 2 – User Administration

Cheat Sheet
- User Types: Dialog, System, Communication, Service, Reference
- T-Codes: SU01, SU10, SUIM
- Tables: USR02, AGR_USERS

Theory
SAP user administration handles creation, locking, unlocking, password resets, and mass
changes.

Lab
1. Create TEST_USER2.
2. Change password, lock/unlock.
3. Use SUIM to report user-role assignments.

Quiz
Q1: Which user type is used for background jobs? → System
Q2: SU10 is used for? → Mass user changes
Q3: Table USR02 stores? → Login data
Day 3 – Authorization Objects & Profiles

Cheat Sheet
- Authorization Object = Smallest security unit
- Profile = Technical container of authorizations
- Check Sequence: Transaction → Object → Profile
- T-Codes: SU01, PFCG, SU53, ST01
- Tables: USR02, AGR_USERS, AGR_1251

Theory
Authorization Objects define field-level checks (e.g., activity, company code). Profiles are
generated when roles are created in PFCG.

Lab
1. Create role Z_ROLE_TEST in PFCG.
2. Add SU01 transaction.
3. Generate profile & assign to TEST_USER1.
4. Test with SU01 & use SU53 for failed checks.

Quiz
Q1: Smallest security unit? → Authorization Object
Q2: Which T-Code maintains roles? → PFCG
Q3: What is generated after a role? → Profile
Q4: Table for objects in roles? → AGR_1251
Day 4 – Roles & Authorizations

Cheat Sheet
- Role Types: Single, Composite, Derived
- Key T-Codes: PFCG, SU53, ST01, SUIM
- Best Practices: Assign roles (not profiles), least privilege, no SAP_ALL in prod

Theory
Roles are business packages of authorizations. Composite roles contain multiple roles.
Derived roles inherit master role values but differ in org-level fields.

Lab
1. Create Z_SALES_ROLE in PFCG.
2. Add FB50, SU01D.
3. Maintain authorization objects & generate profile.
4. Assign to TEST_USER1 & test.

Quiz
Q1: T-Code for role creation? → PFCG
Q2: T-Code for missing auth? → SU53
Q3: Derived roles are used for? → Org-level variations
Q4: Composite role contains? → Single roles
Q5: Best practice? → Assign roles, not profiles

You might also like