SAP SRM - Security
In SAP SRM, there are various activities that can be performed under security. Security deals with −
- User authorization
- User authentication
- Single Sign-on
- Data transfer between SRM applications with secure methods
- Managing access control
SAP SRM is based on SAP NetWeaver platform, so you configure the security for SRM similar as in SAP NetWeaver.
Managing User Administration and Authentication
There are various user management tools that you can use in SAP NetWeaver. These tools are inbuilt to SAP system and can be called from transactions.
Using these tools, you can manage the application platform for Java and ABAP.
Managing Users in ABAP Engine
Step 1 − You can manage users in the SAP system using T-Code: SU01, you can use this to manage users in ABAP system.
Step 2 − To create a new user, enter the username and click on Create button.
Step 3 − You will be directed to the next window where you can see multiple tabs. In the Address tab, enter the details about the user. Title, first name, last name, academic title, and other details.
Step 4 − In Logon Data tab, enter the details like User type, Password details, etc
Step 5 − Go to the Roles tab to add the role as per business requirement. There are predefined roles as per different modules.
You have an option to select from single roles or composite roles.
Step 6 − You can scroll to different tabs. In Groups, you can add a user to different groups.
Step 7 − When you enter all the details, you can click on the Save button at the top.
Profile Generator (PFCG)
Transaction — PFCG
You can use this transaction to manage roles in ABAP system and to provide user authorization. You can create new roles, copy existing roles, define single and composite roles, etc.
Step 1 − In the following screen, you have to enter the role name and click on Single/Composite role.
Step 2 − To copy an existing role, you can click on the Copy Role button. Select the role from the list of existing roles, you can select Single/Composite Role.
Step 3 − To change a role. Select the role from the list and click on the Change button.
Step 4 − When you go to the User tab, you can see the list of users that has been applied to this role. You can see user id, user name, from and to date.
Step 5 − You can also perform a user comparison master record or can add a direct user to this role.
Central User Administration
You can use this method to centrally maintain users for multiple ABAP-based systems. This method also supports synchronization with a directory server.
These system users are required for RFC configuration between two clients. These RFCs are also required to transfer the data here.
You need to create the following in the respective clients with the following defined roles −
Client 1 − 400 User, this is a central system — CUA_EC400
Client 2 − 410 User, this is a child system — CUA_EC410
The usernames mentioned above have been created in client 400 and 410 respectively with the following roles −
User CUA_EC400 is associated with the following roles (roles in the central system) −
You can use Web-based UME administration console to maintain users, roles and authorizations in Java-based systems that use the UME for the user store.
When you create a new user, you can select the following user types −
Each user has its own description as per business requirement. A dialog user is required to login to system as an individual user.
The following are the different user types in SAP −
|S.No||User Types In SAP & Description|
Individual, interactive system access
Background processing and communication withing a system (Such as RFC users for ALE, Workflow, TMS, and CUA)
Dialog-free communication for external RFC calls
Dialog user available to a larger, anonymous group of users.
General, non-person related users that allow the assignment of additional identical authorizations, such as for Internet users created with Transaction SU01. No logon is possible.