Derived master roles Configuration screenshots in SAP Security
-
Upload
bharath-trainings -
Category
Career
-
view
3.372 -
download
3
description
Transcript of Derived master roles Configuration screenshots in SAP Security
![Page 1: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/1.jpg)
Master And Derived Roles
Always first create the Master role and then add Derived roleCreate the Master Role :Enter PFCG in the Sap Easy Access Screen
Enter the Master Role Name and click on create role
![Page 2: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/2.jpg)
![Page 3: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/3.jpg)
Go to Menu tab and enter the Tcodes
![Page 4: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/4.jpg)
Go to Authorizations and click on Change Authorization data
![Page 5: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/5.jpg)
Go to Utilities and click on Technical names onClick on the role and expandHere all the Open fields should be Zero and there can be Un maintained Org levels
![Page 6: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/6.jpg)
Click on Save and Generate
![Page 7: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/7.jpg)
Do not Assign Users from the User tab in Master Role .Always assign them from the derived roles
Derived Role Creation:
Enter the Role Name in PFCG and click on Create and enter the Master role in the Derive from Role
![Page 8: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/8.jpg)
Click on Menu and the Role is there
![Page 9: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/9.jpg)
Go to Authorizations tab and click on Change Authorization data.
![Page 10: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/10.jpg)
Maintain the Org level by clicking on the organization level tab and click on save
![Page 11: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/11.jpg)
Click on Save and Generate
![Page 12: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/12.jpg)
Go to User Tab and enter the Username and click on user Comparison.
![Page 13: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/13.jpg)
The same way follow the above steps and create some more derived rolesBy entering the Master role in the derive from ro0le in description screen
Now after creating the derived roles enter the Master Role in the PFCG screen and Click on change iconGo to Authorizations tab and click on Change Authorization dataClick on the push button next to Generate icon to push the Authorization information to all the derived roles
![Page 14: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/14.jpg)
![Page 15: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/15.jpg)
Now go to the derived roles and check the authorization information maintained
![Page 16: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/16.jpg)
Scenario 2:
Deletion of Master role from the derived roleEnter the Role in PFCG and Click on Delete Inheritance relationship
![Page 17: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/17.jpg)
![Page 18: Derived master roles Configuration screenshots in SAP Security](https://reader034.fdocuments.in/reader034/viewer/2022050807/545cb50fb0af9fa92c8b49c9/html5/thumbnails/18.jpg)
Now the derived role acts as a single role and it cannot be added to the Master role again