Start of Content Area

Function documentation Standard Roles and Authorization Objects Locate the document in its SAP Library structure

Use

The authorization concept of the SAP NetWeaver Application Server uses the assignment of authorizations to users on the basis of roles. Some general SAP standard roles are delivered with MIC. You can copy and adjust them in Customizing under SAP NetWeaver ® Application Server ® System Administration ® Users and Authorizations ® Maintain Authorizations and Profiles Using Profile Generator ® Maintain Roles (transaction PFCG).

Integration

The standard roles are refined using the MIC-specific Roles and Authorization Concept.

Features

Standard Roles

MIC uses the following standard roles:

·        Management of Internal Controls ‑ Customizing (SAP_CGV_MIC_CUSTOMIZING)

This role contains all necessary authorizations to make the Customizing settings for MIC. This role does not contain any authorizations for the Web applications.

·        Management of Internal Controls - Business User (SAP_CGV_MIC_BUSINESS_USER)

A user with this role is only authorized to perform those specific tasks prescribed by the detailed role concept for MIC. All users that have this role assigned to them must also have at least one MIC-specific role assigned to them. A user may use the Web applications that are specified by the tasks in the MIC-specific role.

·        Management of Internal Controls - Power User (SAP_CGV_MIC_ALL)

When this role is assigned to a user, that user is made a power user. In addition to the authorizations that the business user has, a power user also has authorization for administration functions in the MIC Implementation Guide, such as the expert mode for structure setup. Moreover, the user has special authorizations in the People-Centric UI, such as those for editing roles and for starting role assignment to persons (see Assigning Roles to Persons).

·        Management of Internal Controls - Display (SAP_CGV_MIC_DISPLAY)

A user with this role can display Customizing for MIC in the SAP GUI. This role is useful for external auditors, for example. We recommend using this role in addition to the business user role.

For more information, see the documentation on the individual roles in transaction PFCG.

Standard Authorization Objects Relevant to Security

Authorizations for objects of applications belonging to the Application Server and used in MIC are relevant to security in MIC. If you run MIC in a system in which the applications used by MIC are also used productively in other projects, then you need to ensure that you manage the authorizations for the MIC-specific objects separately from the other objects.

·        Authorization object Personnel Planning (PLOG) from Organizational Management

The general object types Organizational Unit und Person are used in MIC together with other MIC-specific object types.

Note, therefore, that the organizational units and persons created in other projects are also available in MIC (and vice versa).

·        Various authorization objects in Case Management and Records Management

Assessments, tests, issues, and remediation plans are stored in Case or Records Management. The RMS ID FOPC_SOA is relevant for MIC.

Activities

...

       1.      Copy the general SAP roles delivered with MIC, and adjust the authorizations in these roles to suit the circumstances in your system.

       2.      Assign the roles you have adjusted to the appropriate users. While doing so, ensure that no user has been assigned role Management of Internal Controls – All Authorizations (SAP_CGV_MIC_ALL) as well as role Management of Internal Controls - Business User (SAP_CGV_MIC_BUSINESS_USER).

 

 

End of Content Area