Day 5 - SAP Profile Concept

Role Administration in SAP

Understanding Role Administration and Authorization Objects

• The session begins with an introduction to the concept of role administration, building on previous discussions about authorization objects and T codes.

• Clarification is provided on the relationship between T codes and authorization objects, setting the stage for a deeper dive into role administration.

Profile vs. Role Concept

• The speaker explains the profile concept within SAP ECC 6.0, noting that it includes enhancement packs (EHP 1 through EHP 8).

• Emphasis is placed on mentioning specific enhancement packs during interviews; candidates should refer to EHP 3, 4, or 5 rather than the latest EHP 8 due to its limited implementation among clients.

Evolution of SAP Versions

• A historical overview of older SAP versions is presented, starting from version 3.0 up to ECC 6.0, highlighting significant changes in security features.

• Major changes in security began with version 4.7, particularly regarding the introduction of the role concept as opposed to just profiles.

Changes Introduced in Version 4.7

• The transition from using profiles (groups of T codes and authorizations assigned directly to users) to roles marks a significant shift beginning with version 4.7.

• Profiles were previously used for user access but have evolved into roles that encapsulate both T codes and authorizations.

Current Procedures in Role Management

• Today’s procedure involves creating roles that contain T codes and authorizations; these roles then generate profiles assigned to users.

• The transition from using transaction code SU02 for profile creation to PFCG for role creation signifies a major procedural change post-version 4.7.

This structured summary captures key insights from the transcript while providing timestamps for easy reference back to specific points discussed during the session on role administration in SAP.