MySAP Market Place Introduction

The mySAP Market is a crucial element inside the world mySAP.com e-business platform, as a outcome of it is the main participant within the collaborative business-to-business area, offering a set of advanced companies that can be utilized by many other mySAP solutions..The need for collaboration and cooperation among the many information methods of different corporations has at all times existed. But the large infrastructure supplied right this moment by the Internet and Internet protocols has enabled collaboration amongst companies like never before. Virtual marketplaces, also identified as e-marketplaces, are in the current day the utmost expression of that collaboration.

An e-marketplace is a concentrator for inter enterprise communication. Via an e-market, the paperwork generated by the data systems of different firms are exchanged. The e-marketplaces also provide added worth services for businesses, comparable to shopping for and selling, bidding, news, financial institution providers, logistic operators, and so on.

There are horizontal digital marketplaces wherein corporations from completely different trade sectors do business. And there are vertical ones, by which solely firms from the identical business collaborate. There are also non-public marketplaces the place only an organization and its business companions (suppliers, most important clients, and so forth) do business together.

In Might 2000, SAP created a model new firm with the mission of promoting market software program and projects. This company is SAPMarkets, dedicated to spearheading all market efforts of the SAP Group. One month later, in June 2000, SAPMarkets reached an settlement with the company CommerceOne for the joint improvement, help, and sale of the software program for the creation and operation of digital marketplaces. As a outcome of this joint venture, SAPMarkets launched its software solution for e-marketplaces known as MarketSet.

MarketSet Overview
MarketSet is the SAPMarkets open solution for horizontal, vertical, and personal e-marketplaces. As such, MarketSet is the main utility resolution for the mySAP Market component.

MarketSet can be used for designing, implementing, and managing virtual marketplaces that doubtlessly ship added value to companies and enterprise partners. Examples of added worth companies include the likelihood for decreasing inventories’ cycle instances and bettering an efficient communication channel between patrons and suppliers in order that the availability chain becomes built-in into a fast and efficient collaboration process.

The virtual market can be a place where there's a higher transparency between enterprise companions, allowing for simultaneous interactions, the publication of requests for proposals, or demand planning. Due to this fact, suppliers taking part inside marketplaces can respond faster to purchaser needs in contrast with different competitors outside the marketplace.

E-marketplaces could be one of the environment friendly collaboration resources for enterprise and buying and selling partners. The exchange of information in real time allows for a terrific optimization potential for saving costs and for streamlining the availability chain and thus the time to market or the product or service availability. Therefore, e-marketplaces will directly benefit companies and end customers, and corporations can successfully turn this collaborative relationship into an amazing alternative for generating revenues and profit.

With the aim and focus of getting that efficiency out of collaborative communities, SAPMarkets created the MarketSet platform. It's a collaboration platform that may present these added worth companies by additionally joining processes and exchanging paperwork throughout a number of information systems. The MarketSet is therefore a step ahead in the traditional procurement processes and purposes and can deal with each direct procurement and sophisticated provide chain management.

From a software standpoint, the MarketSet supplies all the wanted items to design and construct a virtual market that can provide collaborative business companies such as selling and buying, auctions, catalogs, planning, and so on. As an open platform, e-market operators can develop their service offerings by incorporating additional services by different providers.


MarketSet Inside BlocksWithin the inside parts of the MarketSet, the very first thing you should look at is the MarketSet Service Framework. This is the part in command of holding the totally different companies supported by the MarketSet. The Service Framework is a collection of rules, strategies, APIs (utility program interfaces), and tools, that are answerable for managing and controlling the way in which wherein those companies must be placed throughout the e-marketplace.

MarketSet Service Framework is a very open surroundings, and subsequently it might actually contain two kinds of companies: these included inside the MarketSet or from third parties.The companies of release 2.zero of MarketSet embrace:

  1. MarketSet Procurement
  2. MarketSet Order Management
  3. MarketSet Dynamic Pricing
  4. MarketSet Catalog
  5. MarketSet Analytics
  6. MarketSet Bulletin Board
  7. MarketSet Life-Cycle Collaboration
  8. MarketSet Provide Chain Collaboration

Some sorts of third-party services embrace:
  1. Logistic Providers
  2. Transport Association
  3. Transport Settlement
  4. Legal Companies
  5. Foreign Commerce Atrium
  6. Import/Export Control
  7. Sanctioned Party Record Screening
  8. Customs Willpower
  9. Export Paperwork
  10. Financial Providers
  11. E-fee
  12. Escrow
  13. Obtain Credit score
  14. Credit Threat Analysis
  15. Factoring (Promoting of Debts)
  16. Purchasing Cards
  17. Credit Risk Insurance
  18. Security Providers
  19. Personal Identification
  20. Content material Setup Providers
  21. Public sale Execution Providers
mrketSet Builder Mysap Market place

The MarketSet Builder, also referred to as the User Interface Builder, is the element accountable for generating the HTML interface for the users. It is technically based on an open source solution that features position and personalization capabilities, as effectively as help for doc alternate based on both XML and xCBL. For directors, it also includes a framework for handling transformations, styles, and other administration tools.

From a useful viewpoint, the MarketSet Builder is in control of offering a standard look, personalization companies, and the consumer interface framework for the integration of the MarketSet services. To facilitate the creation of e-marketplaces for market makers, the MarketSet Builder consists of:
  1. Templates
  2. System for person/policy management
  3. Function-based mostly and user-based personalization
  4. Methods for trading associate registration and person login

MarketSet Platform

The MarketSet Platform supplies the know-how basis for the MarketSet. The performance might be divided into three important elements: security, connectivity, and management. Concerning security, the MarketSet Platform gives the single logon functionality for all the companies integrated throughout the MarketSet: function-based mostly access management by means of the user administration interface Netegrity, PKI (public key infrastructure)- primarily based authentication assist with x.509 CA both for person and XPC authentication, and multilevel person and role administration by way of consumer administration interface.


The connectivity part is in command of managing all the communication with the buying and selling companions, the integration with their purposes, EDI (Digital Knowledge Interchange) communications, and assist for the RosettaNet standards. The principle element for the reference to the buying and selling companions is the MarketSet Connector, which is a part of the MarketSet Platform layer. This piece allows for the mapping and transformation of knowledge, in addition to the connection of virtually any system. Regarding SAP environments, the MarketSet Connector is prepared to translate classical SAP interface mechanisms, similar to RFC (Distant Perform Calls), IDOC (intermediate paperwork), or BAPIs (enterprise software programming interfaces), to xCBL.

The MarketSet Connector is predicated on the classical Enterprise Connector with XPC (XML Portal Connector) add-ons, an XML integration software program supplied to virtual marketplaces by CommerceOne and totally integrated within the MarketSet. The MarketSet Connector uses protocols equivalent to HTTPS (HTTP over Secure Sockets Layer) or more normally SonicMQ, which is an implementation of a queue system that makes use of SSL (Safe Sockets Layer) over TCP/IP and permits such characteristics as excessive availability, load balancing, and scalability.

Finally, the management components embrace options for performance tuning of every of the providers, offering with an administration console for the complete management of the marketplace.

All these systems behind the firewalls of the companies that function in the e-marketplace are often called On-Ramps systems. These programs can be both classical ERPs (enterprise resource planning) akin to SAP R/three or different buying and promoting functions, from any software vendor or developed in-house. In any case and whichever kind of system, it will seemingly be in a place to communicate with the MarketSet utilizing the MarketSet Connector. As an illustration, procurement systems will be in a position to access catalog providers, planning instruments will be ready to collaborate with different purposes via the marketplace providers, selling functions will be in a position to obtain orders, and so on. In abstract, any sort of system within the firms that function in the e-market will be in a position to combine into the MarketSet.



MarketSet Business Framework

The MarketSet Enterprise Framework hosts all of the different services that could be supported by the MarketSet 2.0. A service is a selected software that gives added value to the trading partners that use it. A person from a company could be subscribed to at the least one, a number of, or all the services offered throughout the MarketSet.

MarketSet Procurement

One of the most typical providers offered by the MarketSet is buying or procurement, which enables customers to create buy requisitions and automate the buying processes, such as the order or the approval. One of many further benefits for firms is the likelihood for consolidating the procurement wants across a number of divisions, departments, plants, or geographies, and all without needing to install or configure any additional applications.With the opportunity of linking environment friendly procurement processes primarily based on an e-market with the planning and design strategy of direct items, firms have a wonderful atmosphere for improving the availability chain by exchanging paperwork and information with business partners.

The MarketSet Procurement, as one of the services of the MarketSet, is a Web based application answerable for offering procurement providers to these firms that take part of the e-marketplace. The procurement services are supreme not solely for giant firms, but also for small and medium-sized companies, which can participate in a solid procurement solution with out the need to install and configure their own hardware and software.

Related posts

SAP internet transaction application components

SAP authorization and client administration in mysap.com
SAP Authorization and ALE
Authorization and implementation of SAP

SAP Authorization and Implementing the mySAP

SAP authorization is a way of getting a protection and security to the data and in the previous post we have dealt with this authorization with ALE and this post is like a continuation to that discussion.

Generating Authorization Profiles

Roles are maintained using the Profile Generator transaction PFCG, which robotically generates the authorizations comparable to the transactions which can be previously chosen using a menu tree for the consumer role. There is, nonetheless, some manual maintenance for these authorizations as a consequence of there are values that should be outlined by the client for every case: as an example, the organization structure allowed, activities, and so on.

When maintaining and generating profiles to be assigned to roles, the display exhibits a yellow light right by the object if the authorization objects will not be utterly maintained (don't have values assigned). When all values are assigned, the light becomes green. Once all values are adjusted for the authorization objects in accordance with the consumer necessities (the authorization project), the profile will be generated just by clicking on the Generate button.

Working without CUA

When the CUA is not activated, the project of customers to roles must be manually performed in every component system to point how users could have access to these systems. This project can also be carried out using the role administration transaction PFCG. As has been talked about, it is doable (and even quite frequent) to assign multiple role to users. It is also potential and typical to assign the identical role to several users.

The task of users to roles doesn't robotically activate the authorizations for them. For this process to happen, it is required to execute the operation known as a user comparison. By using this program, the system compares the actual user master report with the file because it has been defined with the project of the role. This course of can be launched both individually or massively, either interactively or in a batch job.

Assigning Users to Composite Roles

When the CUA is simply not activated, the project of customers to composite roles must be carried out within the WPS. As indicated in the earlier part, the assignment of a easy role to a consumer should be carried out in each of the component systems. When using the CUA utility, it's only required to assign the consumer to the composite role within the WPS. In this case, the straightforward roles are robotically assigned to the users in every of the part systems. In both cases, with or with out the CUA, updating the person master records must be performed utilizing the user comparability utility in each component system.

Once the composite roles are assigned to users in the WPS, the users can go online to the Workplace. The users can choose from the transactions or companies offered throughout the LaunchPad. All transactions will be executed on the corresponding part system.

Authorization for Connecting to the Workplace

All users who're going to connect with the Workplace are also required to have the authorization S_RFC with all values assigned (that is, the wildcard “ *”). Moreover, to permit users to personalize their entry to the Workplace, they have to additionally have the SAP_WORKPLACE_USER assigned. With this role, the customers can customize their MiniApps and their GUIs.

Configuring the mySAP Workplace:

Implementing a mySAP Office as an Enterprise Portal is an thrilling project, which requires a substantial amount of preparation, evaluation, design, and implementation. There are numerous technical details and duties that should not be ignored and must really be carried out to find a way to set the fundamental performance of the mySAP Workplace. These are the customizing settings required for defining such subjects as normal settings,Net server definitions, connections, classification of transactions, and so on.

Considerations Earlier than Implementing the mySAP

Before beginning the mySAP Office configuration, you should check that the system (Office server) is appropriately and utterly installed. This mainly means having the mySAP Basis (simply an R/three system) and the Office plug-in. If the SAPGUI for Windows or SAPGUI for Java goes for use, the corresponding entrance-end software program or Java plug-ins must be loaded.

Technical requirements are :
  1. As browser, Microsoft Web Explorer 5.0 or increased is necessary. Verify within the SAP Service Market for the availability of different browsers. If this release is not used, the Drag&Relate and drag and drop performance will not be available.
  2. An ITS instance is required for the Office and all the R/3 component systems to which users will connect from the Workplace.
  3. The Office server can be a standalone system from which to execute the main functions. These include:
  4. Function management
  5. CUA
  6. Configuration or development of MiniApps
  7. SSO
  8. Definition of RFC connections and logical techniques
  9. Era of transaction URLs
  10. Drag&Relate
  11. Customizing
  12. Office Middle ware server (an ITS server with specific companies for the Workplace) is needed.
  13. Server for the Drag&Relate performance is required.

Central Settings for the Workplace

The following record reflects the basic tasks that should be outlined for the Workplace. These duties are achieved with some of the transactions described earlier, in addition to by filling up some of the customizing tables.

  1. Registering logical system
  2. Creating RFC connections
  3. Registering an ITS server
  4. Creating particular person roles (adding transactions, stories or Net addresses)
  5. Creating authorization for single roles
  6. Assigning a user function (with out CUA)
  7. Transporting position to mySAP Office using a transport request
  8. Importing roles from element system by RFC
  9. Getting into the vacation spot system in a single position (including MiniApps)
  10. Creating composite roles
  11. Assigning a person function

Creating and Configuring MiniApps

MiniApps confer with any sort of utility, information, or service that can be visualized in a Internet browser frame. The MiniApps are proven in a push mechanism within the dwelling web page of the consumer of the Workplace. Users will see the MiniApps which were assigned to them in accordance with their role.

These are the primary options and characteristics of MiniApps:
  1. The set of MiniApps supplied in the mySAP Workplace depends upon the role of the user.
  2. MiniApps are self-contained Web paperwork that are offered by a URL, managed by the mySAP Workplace server. The useful resource itself can be wherever on the Web.
  3. MiniApps proactively present data to the users.

Examples of MiniApps are e-mail or calendar access, alerts, stories, There are several ways to create MiniApps. A few of them are as follows:

  1. Because they are at all times called using a URL, the easiest manner is to set a URL hyperlink to a Internet service or document. If that is the case, there is not any development at all.
  2. They are often developed using in style environments akin to Visual Fundamental (Visual Studio), Visible Age, and so on.
  3. They are often created by linking a BW Net report utilizing the ITS move logic.

The way to integrate a MiniApp in the Workplace is by simply including the URLs in the consumer’s role. This is carried out by selecting Goto/MiniApps from the Role Upkeep screen.

Integrating Non-SAP Systems

The combination of non-SAP systems depends on the sort of utility that needs to be built-in into the Workplace.Internet applications based on HTML can be built-in very easily, but it is also doable to integrate purposes using a browser plug-in, purposes installed on the local consumer, or by working on a Citrix Terminal Server.Internet-based mostly intranet or Web applications might be integrated into the Workplace by adding their URLs to a role. Commonplace Windows applications could be installed on the local consumer, or the applying can run on a Citrix.

Terminal Server and be displayed with a browser plug-in in the WorkArea of the Workplace. This additionally applies for the SAPGUI for Windows. You must decide on which way you need to integrate non-SAP functions into your Workplace. You'll be able to either embrace them by hyperlink in the LaunchPad of the person or execute them as MiniApps in the WorkArea. Applications integrated in the LaunchPad can run within the WorkArea of the Workplace or can begin in a separate window. MiniApps must be known as with a URL, so they need to be both primarily based on a HTML Internet software or run as a Java applet or ActiveX control. Just including hyperlinks to non-SAP applications to the LaunchPad or embedding them as MiniApps doesn't fulfill the necessities of actual integration, because third party applications often require an additional login process. So you must think about enabling those functions for SSO.

If you are using SSO cookies, this integration may be very restricted, as a consequence of SSO cookies solely work with the ITS or the SAPGUI for Windows. For utilizing SSO Tickets, SAP AG presents a library (sapsecu-lib) for checking SSO Tickets in third party applications. This fashion, existing intranet purposes will be integrated into the Workplace, and SSO will work. Client certificates (X.509) are qualified for SSO solutions in heterogeneous environments with SAP and non-SAP systems. X.509 is a public customary and is supported by all kinds of applications. Additionally, it is potential to verify the certificates utilizing a central listing service resembling LDAP (Light-weight Directory Access Protocol).

mySAP Workplace Launch 3.0

With the introduction of launch 3.0 of the mySAP Office, SAP aims to grow to be a big player in the market for company portals. So as to achieve this strategic goal, SAP is leveraging the current Office providing with new layer for MiniApps Improvement and technologically advanced content management. The vital thing piece of the discharge 3.0 of the Workplace is the element often called the WCM (Internet Content material Management), which will in all probability be answerable for joining knowledge management-based technology with the position concept and making the inclusion, search, formatting, and storing of the content a sooner and more technically advanced process.


Related posts

What is SAP and Why do we are in need of It
SAP authorization and client administration in mysap.com
SAP Authorization and ALE

SAP Authorization and ALE

SAP Authorization and how it is used while implementing ALE is the main discussion of the present post. Data is exchanged between systems utilizing ALE know-how with transactional RFC. The objective is to ensure the consistent distribution of information among all methods, even in the case that a part system is temporarily unavailable.

Steps for Configuring ALE

The following are the required steps for configuring ALE as a way to use CUA:

  1. First, the title of the element methods must be known; the Office server must know the title and location of each part system. Likewise, every part system must know the identify of the Office server.
  2. Because the communication is established utilizing RFC calls, the RFC connections must be outlined in each part system that can take a part of the mySAP landscape.
  3. Inside the WPS, the ALE distribution mannequin have to be defined. This model defines which data (data sorts) is exchanged and among which methods that is performed. It defines how many techniques exist, how the information flows, and the documentation between them.
ALE Configuration

The programs that participate in the mySAP Workplace panorama are defined within an ALE situation based mostly on an alias, which is defined using logical systems. A logical system corresponds exactly to one shopper within a SAP system. For each system and shopper that ought to be enabled for connection, a logical system have to be defined. This definition is consumer particular in order that the client is immediately associated to the logical system. Throughout the Office server, all component programs need to be outlined as logical systems. Within the part system, the identical system and the WPS system have to be outlined as logical systems. The next step is to assign the logical identify to the purchasers, which is completed utilizing normal transaction for consumer upkeep such as the SCC4. For outlining the RFC connections, the transaction SM59 is used. Determine 5-9 reveals an summary of transaction SM59.

As a consequence of the WPS might need to join to every component system, all RFC connections to those programs have to be defined. This isn't required in part programs that solely need to outline the RFC connection to the WPS for this purpose. The definitions of RFC connections are client unbiased and are held in desk RFCDES. The identify of the RFC connection must match exactly that of the logical names of the part systems. The connection sort is “3,” which signifies that it is an R/three connection (Foundation).Additionally, SAP recommends utilizing the load distribution feature for these connections.

For the RFC communication to operate correctly, it is required to outline a CPI-C consumer for each of the part programs with the SAP_ALL authorization profile. This person ought to be defined at the beginning of the customization process.

ALE Distribution Mannequin

The ALE distribution mannequin is first outlined in the WPS and later distributed to every of the component systems. This configuration is a three step course of that may be performed using transaction BD64.

1. First, while in change mode, choose possibility Create mannequin view for creating a model new ALE distribution model. This mannequin shall be recognized by a
2. The logical system of the WPS is defined because the sender and the logical name of the element system is the receiver.
3. The subsequent step is to generate the associate profile, which is required for the ALE distribution. This is accomplished by choosing Atmosphere/Generate associate profiles from the menu.
4. Next, the mannequin should be distributed to the element systems. This is carried out by deciding on Edit/Model view; then the ALE distribution mannequin and all the logical names of the element methods are selected. The companion profiles must also be generated within the element systems.

CUA Configuration

The CUA utility is activated within the WPS utilizing transaction SCUA. For each of the weather of the consumer master knowledge, you can define whether or not they are going to be maintained globally from the WPS or domestically from the part system. This is accomplished utilizing transaction SCUM.


Integrating Current Systems

There are two ways of implementing CUA with present methods:

  1. Ranging from scratch, creating all person grasp records
  2. Using the existing user grasp data that might be migrated to the CUA atmosphere

Within the first case, the consistency for the information to be distributed is guaranteed. Within the second case, wherein CUA is implemented when there are already person master knowledge records, there must be a migration course of to reuse this data, which will need to be modified and validated within the Workplace server. Likewise, both the easy and composite roles in addition to the user assignments to those roles or exercise groups should be known to the WPS. The assignment of authorizations to easy roles must still be maintained in local programs (element methods).

Migration Software

The migration of user master information from the prevailing part techniques to the Workplace server will be carried out using the transaction SCUG (option Switch users). The migration is finished only once for every of the part systems. After knowledge is transferred (migrated), the person grasp data can only be maintained throughout the WPS based on the sphere attributes which have been outlined . A consumer account (consumer grasp record) ought to have the final and first identify in all of the element programs utilizing CUA the place the identical user should be defined. When transferring users using the Migration Software, three circumstances are possible:

  1. The consumer account in the component system does not exist within the Office server. On this case, the migration can happen without problems.
  2. The user account already exists in the WPS with the identical first and last name. On this case, the account may additionally be transferred with out problems.
  3. The person account within the element system exists in the WPS but has a totally different first or last name. On this case, earlier than transferring the data, the ambiguity ought to be resolved. If the name on the WPS is the proper one, the information might be migrated. On the contrary, the username in the WPS should be modified before using the common user upkeep
  4. transaction SU01.

Once the CUA utility is activated, the appearance of the SU01 transaction modifications slightly. Within the WPS there could be an additional tab Systems. This tab will contain the logical techniques the place the person data needs to be distributed. The person is just available in those systems. Within the tabs Roles and Profiles, there is also a Systems column. On this means, the project of users to simple roles, composite roles, and profiles could be defined individually for each of the element systems.When the possibility Save is chosen, the info is distributed.

The creation and upkeep of simple and composite roles takes place within the part systems. For assigning these roles or authorizations which would possibly be solely recognized within the element techniques, the choice Text comparability for little one techniques should be selected in the folders for profiles and activity groups. The names of the roles and authorization profiles are replicated to the WPS. From that moment, these names will be available in the WPS (use the help operate F4). Because this information might be modified at any time and in any of the component programs, the replication operation should be repeated regularly.

CUA Log System

Every change in the person data is distributed asynchronously to the element system. These systems reply to every change by sending a message to the WPS. This message is often a profitable, warning, or error situation. That is displayed utilizing transaction SCUL.

Managing Roles within the Office

Within the mySAP methods, actual application components are offered by technique of Business Scenarios. These eventualities are provided on a role basis in order that clients can select SAP functionality for the roles they need. Customers can have several roles within Business Eventualities or can take part in numerous ones. For occasion, a person might be knowledgeable purchaser, however at the same time needs the Worker Self Service functionality or access to components of the financial accounting. This might be a actual-life instance of why the concept of roles is so important and fundamental inside mySAP. The performance of the roles is handled in the Workplace. The mySAP Workplace consists of a large set of predefined roles prepared for use or for copying and adapting to specific firm needs.

From a logical standpoint, a task is the outline of a job place, function, or responsibility inside a company organization. Your complete working setting of the mySAP technique is targeted on the position concept. That's, every person defined within the mySAP Office will must have one or a quantity of corresponding roles. From a technical standpoint, a task is made up of a collection of transactions, Internet hyperlinks, stories, MiniApps, non-SAP purposes, and so on. Moreover, a task is associated with the required authorizations to have the option to begin and execute the functionality related to the role. Principally, roles define which transactions, which info, and what companies are available for the users of the Workplace.



Defining Roles

The primary query that must be answered within a Office atmosphere configured with several component techniques is,The place are roles managed? Depending on the function kind, roles are outlined and managed in the part systems or in the WPS.

1. The first step for defining a role is to outline to which techniques the user having such a job could have access.
2. Subsequent, the roles (menus) are created, and the authorizations and profiles are generated for every role defined.
3. As quickly as roles are generated, they should be assigned to the corresponding users. How and when this task takes place relies on whether or not the CUA is used or not. If the CUA is not getting used, the roles should be assigned to the users, and then the administrator should perform a consumer comparison for transferring the authorization values to the consumer grasp records. If the CUA is used, the function project is completed later within the WPS.
4. Subsequent, the function definitions and the person assignments are transferred, in the case of not utilizing the CUA. For configuring the Workplace, the customers and roles have to be available to the WPS.
5. The composite roles are defined inside the WPS. If the CUA is enabled, the administrator should assign the customers to the techniques to which they should have access.
6. The final step is to assign composite roles to the WPS users.

Defining Easy Roles

Simple roles are first created and maintained within the element programs, to be later transferred to the WPS. Roles could be created from scratch. However, SAP provides a large assortment of ordinary roles that might be imported and later copied and used in order that prospects can modify their needs without starting from scratch. There's a standard report, RSUSR070, which supplies an inventory of consumer roles that are supplied by SAP. You too can use the SUIM (user and authorization data system) to generate an outline of available roles.

Menu Design

The role administration is performed utilizing the traditional transaction for the Profile Generator: PFCG. You too can entry the utility by selecting Tools/Administration/ Person Maintenance/Roles. The consumer menu options (LaunchPad) may be adapted to consumer necessities by including or deleting transactions and folders, together with studies, Internet hyperlinks, files, and MiniApps. When a report is included inside a job, the Profile Generator creates a consumer-outlined transaction code so that the user can begin the report. Generating Authorization Profiles Roles are maintained using the Profile Generator transaction PFCG, which robotically generates the authorizations comparable to the transactions which can be previously chosen using a menu tree for the consumer role. There is, nonetheless, some manual maintenance for these authorizations as a consequence of there are values that should be outlined by the client for every case: as an example, the organization structure allowed, activities, and so on.

When maintaining and generating profiles to be assigned to roles, the display exhibits a yellow light right by the object if the authorization objects will not be utterly maintained (don't have values assigned). When all values are assigned, the light becomes green. Once all values are adjusted for the authorization objects in accordance with the consumer necessities (the authorization project), the profile will be generated just by clicking on the Generate button.

Related posts

What is SAP and Why do we are in need of It
What is SAP Full form and its definition part one

SAP authorization and client administration in mysap.com

SAP Authorization and Clinet Administration in mySAP.com

mySAP environments can become advanced from the perspective of person administration because of the number of component systems, in addition to the complexity of synchronizing them. Person management includes creating new customers; deleting customers who leave the corporate; updating or modifying the grasp data; managing the component techniques, connections, and the ALE configuration and so on.

Customers from the R/3 world know effectively that the customers’ grasp information is client specific.Every client must be independently managed within a system landscape. For every SAP R/3 system and for every client there may be the need for creating users which can be going to work in that environment. Moreover, customers want authorization profiles for gaining access to the required transactions. These must even be maintained.

Usually with the SAP R/3 system, customers may very well be copied throughout clients or across methods with the transport tools or the consumer copy tools through the use of the SAP_USER copy profile, which supports the duplication of all users and their authorizations . There are no synchronization mechanisms or utilities for having all user masters updated throughout clients.

All this decentralized and laborious work, which requires a great amount of time and administration sources, has been vastly simplified in mySAP environments utilizing the CUA utility. This tool is also accessible independently in R/3 techniques since release 4.5. This level is quite vital as a result of, though the Workplace can join component systems from launch 3.1I and better, methods with a lower release than 4.5 can't make use of or be integrated within the CUA functionality.

Background of R/3: Overview of the SAP Authorization

The standard SAP and R/3 authorization system was answerable for implementing the proper security methods in order that users might entry the business transactions and info they needed. The SAP systems always provided a complete, complex, and flexible means of securing information and transactions in opposition to unauthorized use.

Because the introduction of the discharge 4.6 of R/3 and the position idea as one of many backgrounds for mySAP, the authorization system has slightly changed to make it easier to implement, extra adjustable to specific customers’ wants, and with more options for personalizing and wonderful tuning. Nevertheless, the muse of the function concept remains to be fully based on the traditional SAP R/three authorization concept. SAP R/3 users are outlined in person master information, where they're assigned one or extra authorization profiles. These authorization profiles are product of a set of authorizations, which offer management accesses or access privileges for the operating or accessing of the totally different transactions and objects of the SAP systems. Further down, authorizations refer to authorization objects that contain a variety of permitted values for various system or enterprise entities within the R/three system.

The implementation of the authorization idea never was technically difficult, though it could be very time consuming. It was, nonetheless, an enormous subject within implementation tasks due to the organizational facets of it. This sort of implementation should always be a joint mission and energy between the SAP practical and the technical people. The reason is that often SAP system managers or technical consultants do not need to cope with things like giving access to sure users to particular price centers, accounts, gross sales organizations, or product ion plants. It is usually the function of the key users, customizing specialists, builders,or enterprise consultants to outline the transactions, objects, or entities that ought to be protected by the use of authorization objects and to assign or create the corresponding authorization profiles.

SAP Authorization Profiles

An authorization profile comprises a gaggle of authorizations, that is, a bunch of entry privileges. As indicated above, profiles are assigned to customers within the consumer master records. A profile could signify a simple job position because it defines the tasks for which a consumer has access privileges. Each profile might need as many access privileges as desired. Profiles can comprise authorization objects and authorizations. Altering the checklist or contents of the authorizations inside a profile will affect all customers who are provided that profile when it's activated. It becomes efficient the next time the consumer logs on. The change isn't effective to the presently logged on users.

Composite Profiles

Composite profiles are units of authorization profiles, each simple and composite. A composite profile can contain an infinite number of profiles. They can be assigned to customers just like profiles in the person grasp records. Composite profiles are suitable for customers who have completely different responsibilities or job duties within the system.These profiles are generally known as reference profiles for assigning a larger group of entry privileges and having the possibility to raised match customers with several responsibilities. This idea is technically very related to the present role concept.

Making modifications to any of the profiles within the listing included within the composite profile will instantly affect the access privileges of all customers having that composite profile in the person master record. When displaying profiles within the different SAP screens, there is a flag indicating whether or not the profile is straightforward or composite.

SAP Authorizations

The SAP systems use authorizations to outline the permitted values for the fields of an authorization object. An authorization would possibly comprise one or more values for each field of the authorization objects. An authorization object is type of a template for testing access privileges, consisting of authorization fields that finally define the permitted values for the authorization. An authorization is recognized with the identify of an authorization object and the identify of the authorization created for the object. An authorization can have many values or ranges of values for a single field. It is also doable to authorize for each worth (getting into an asterisk “ *”) or for none (leaving the sphere clean).

Authorizations are entered in authorization profiles with the corresponding authorization object.When an authorization is modified after which activated, it'll instantly have an impact on all users having a profile containing that authorization in their consumer master records. The technical names for authorizations and authorization objects have a maximum of 12 positions, however normally they show in the system utilizing quick descriptive texts. For buyer-created authorizations, the one title restriction is to not place an underscore within the second position of the technical name. Additionally, every customer-created system object ought to adjust to the SAP normal type information and start with both a Z or a Y to inform apart it from the SAP authentic objects, thus avoiding the opportunity of being overwritten by a system upgrade.

Authorization Objects

An authorization object identifies an element or object within the SAP methods that must be protected. These objects work like templates for granting entry rights, by method of authorization fields, which allow for performing complicated exams of access privileges. An authorization object can include a most of 10 authorization fields. Users will be permitted to carry out a system perform solely when passing the check for each area in the authorization object. The verification towards the field contents is finished with the logical AND operator. A person’s action might be allowed provided that the person authorization passes the access check for every field contained in an object. With this mechanism, the system can carry out multi conditional tests. As with authorizations, when maintaining authorization objects, the system does not display the names, but a descriptive text for every object.

Authorization objects are grouped in object courses belonging to different application areas which can be used to limit the search for objects, thus making it faster to navigate among the many many SAP system objects. SAP predefined authorization objects should not be modified or deleted, besides if instructed by the SAP support personnel or a SAP note. Deleting or altering standard authorization objects can cause extreme errors in programs that check these objects. Before an authorization object is to be modified, all authorizations defined for that object should be first deleted. If you need to use the OR logic for giving users entry to sure capabilities, you can define a number of authorizations for the same object, every time with totally different values. In the consumer grasp records, you assign each of these profiles, that are linked with the OR logic. So, when the system assessments whether or not the person has entry privileges, it will check every authorization to see if the assigned values adjust to the access condition. The system will enable access with the primary authorization that passes the test.

Authorization Fields

Authorization fields identify the elements of the system that are to be protected by assigning them an access test. An authorization discipline will be, for instance, a person group, a company code, a purchasing group, a growth class, an application space, and so on. There's one authorization subject that is present in most authorization objects: the Activity field. The Activity field in authorization objects defines the doable actions that could be performed over a selected application object. For example, activity “03” is always “Display.” So if an authorization contains two fields like “company code” and “activity,” and the company code discipline is “ *” (which means all company codes), it means that the consumer with that authorization can only
display the corporate codes.

The listing of standard actions in the system is held on the SAP commonplace desk TACT. The relationship between the authorization objects and the activities is held on table TACTZ. Not all authorization objects have the Activity authorization field. Authorization fields are the parts of authorization objects. Fields are also a half of the standard ABAP operate call AUTHORITY-CHECK.

When maintaining authorization, the system does not show the actual names (technical names) for the fields, instead it exhibits a description for each field.Desk TOBJ contains the fields which may be associated with every authorization object, which is how the SAP system knows which fields belong to an authorization object. The fields in an object are associated with data elements within the ABAP knowledge dictionary. Authorization fields usually are not maintained from the user upkeep menu, but should be defined within the development environment. Normally, customers don't need to vary customary authorization fields, besides if they're adding or modifying system parts and wish those components to be examined with authorizations.

The Profile Generator

Creation, modification, and task of authorizations and profiles was a fancy task within SAP projects. This job is commonly underestimated within the planning charter. So as to overcome the problem of lacking authorizations and the shortcoming for working normally, there's a natural tendency to assign full privileges to many customers, which might create problems and also critically threaten safety and control.

Effort and time needed for authorization tasks, along with customer requests, made SAP design a instrument for lowering the time needed for implementing and managing the authorizations, decreasing the implementation costs. This instrument is known because the Profile Generator.
The Profile Generator is an SAP utility obtainable since launch 3.0F and productively since release 3.1G. Its purpose is to facilitate the users’ authorizations and the management of users’ profiles. It can be used for routinely creating authorizations and profiles and assigning them simply to users.

The Profile Generator is the predecessor of the Menu Upkeep and Function Maintenance operate from releases 4.6 or mySAP Workplace. It might be accessed by getting into transaction code PFCG in the command field. The Profile Generator only generates simple profiles. When these profiles have been routinely generated with the Profile Generator, they cannot be maintained manually.

When profiles are manually maintained, the directors should select the authorization objects, group them into profiles, after which assign them to users.With the Profile Generator, administrators choose functions and duties-transactions-and the system robotically selects and teams the authorization objects. The definition of profiles with the Profile Generator is predicated on the potential for grouping features by activity teams in an organization menu, generated by utilizing customizing settings, that will only include those capabilities selected by the customers.

Activity groups type a set of tasks or activities that may be carried out in the system, like operating packages, transactions, and different features that usually represent a job role. The exercise groups and the data they include are what make the profiles in a place to be automatically generated.

Central User Administration

When the Workplace is used as an Enterprise Portal, all users of the component programs should be outlined inside the Workplace server (WPS). So the WPS becomes the right place for the centralized administration of users from the mySAP component systems.

The objective of the CUA software is to use a specific consumer in a system. From this consumer, it's doable to manage the user grasp information for all purchasers within a posh system landscape resembling mySAP. For each particular person consumer, it must be decided to which purchasers and on which systems the user will connect. Often, users don't want to connect to all part methods inside the Workplace.

The CUA device additionally permits defining which data from the user grasp information can be centrally managed and which data can be managed locally. The interchange and synchronization of data is possible using the ALE technology. ALE can be used for configuring and working distributed applications within SAP environments. Using CUA, data might be distributed:

  1. Person master knowledge akin to deal with, logon data, default values, and so on could be distributed.
  2. The assignment of users to simple roles is possible. Composite roles and profiles should be achieved in every of the component systems. The advantage of utilizing CUA for these assignments is that it's not required to attach regionally to each system that will comprise these assignments. It can be carried out in a centralized method from the Office server.
  3. When a model new consumer is added, the preliminary password is distributed to the element techniques for which the user is defined.
  4. Besides the traditional locking mechanisms for users (logon failures, session lock, manual lock) there's a new world lock. This lock is efficient in all component programs where the consumer is outlined and could be unlocked either regionally or globally.

In the case of roles, both easy or composite, and the authorization profiles, this data is often maintained domestically and not centrally. It's because the systems may have completely different releases, and customizing is often completely different in component systems. With a objective to use the CUA instrument for SAP, R/3 techniques release 4.5B or increased is required.

Related posts

What is SAP and Why do we are in need of It
What is SAP Full form and its definition part one
sap internet transaction architecture
SAP internet transaction application components