From the course: SAP ERP Essential Training

Understanding SAP security roles - SAP ERP Tutorial

From the course: SAP ERP Essential Training

Start my 1-month free trial Buy for my team

Understanding SAP security roles

- [Instructor] SAP has customizable security roles. Let's take a look at how they work. Not every SAP end user will have the same access in the system. When a user profile is first created, they are mapped to a security role. The role that the user is mapped to will either allow or deny access to different transactions. The assigned security role will also allow or deny access to different organizational levels in the system. Organizational levels are things like company code, plant, or sales organization. Security roles in SAP ensure that there is a segregation of duties across a business. They make sure that the right people are doing the right transactions in the right areas of the system. Let's look at an example. Let's imagine there's a shop floor manager and she's mapped to a role called manufacturing manager California. This manufacturing manager California role allows her to approve time off for her direct reports. It also allows her to create purchase orders in the system to order materials for her plant in California. Because her security role is mapped this way, she's denied access when she tries to approve time off for her coworker in the accounting department. The role she is mapped to does not show her coworker in accounting as one of her reports, so access is denied. Similarly, when she tries to create a purchase order for a plant in Toronto, her request will be denied by the system. Her role, manufacturing manager California, only allows her to create purchase orders for permitted organizational levels. In this instance, her security role does not allow access to make a purchase for the plant in Toronto. As our example demonstrates security roles in SAP, make sure that users have only the access they need to get their job done effectively.

Contents