Scribd
Upload
44 views

To Create A Security Role - With Authorizations To Display All Users in /nsu01 Command, To Unlock Users & To Reset Passwords

1. The document provides instructions on creating a security role and background jobs in SAP. 2. It describes how to create a security role called Z_BATCH(no)_HELPDESK_(initials) with authorizations to display, unlock, and reset passwords for users. 3. It also explains how to create and schedule a background job called Z_(Batch name)_RSPARAM_(initials) using an ABAP program and how to create and execute an external operating system command called Z_BATCH(no)_(initials) to run the 'ps -ef' command.

Uploaded by

isobara
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
44 views

To Create A Security Role - With Authorizations To Display All Users in /nsu01 Command, To Unlock Users & To Reset Passwords

1. The document provides instructions on creating a security role and background jobs in SAP. 2. It describes how to create a security role called Z_BATCH(no)_HELPDESK_(initials) with authorizations to display, unlock, and reset passwords for users. 3. It also explains how to create and schedule a background job called Z_(Batch name)_RSPARAM_(initials) using an ABAP program and how to create and execute an external operating system command called Z_BATCH(no)_(initials) to run the 'ps -ef' command.

Uploaded by

isobara
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 23

1.

Exercise I :
To create a Security Role with authorizations to display all users in
/nsu01 command, to unlock users & to reset passwords .
To make sure users can only process tasks they are authorized to
perform, administrators assign only those authorizations to each role
that are necessary to perform the role-specific tasks.

/nPFCG Transaction to create/change/display roles


Role name: Z_BATCH (no)_HELPDESK_(your
initials) Create Role

Will bring you to a screen:


In the Description tab: enter Security Help Desk
Select the Menu Tab

In the Menu tab- select the Transaction option.


Another screen would pop-up where you can populate the list of transactions
that has to be assigned to the user who is to be given this role.
Enter/nsu01- Transaction to create/display/change users
/nsu53- Transaction that tells you what authorization is missing

Select the Assign Transactions Options at the bottom of


the box. Will give a message 2 transactions added
The Menu tab should turn green .

Select the authorization tab:

Select the change authorization data icon.

Will bring you to another screen.


On the main menu bar on top- select the option Utilities- Technical
Names on. Will show the technical names for the authorizations.

Expand all the nodes.


Expand the node for User Groups.
Activity would have 01, 02,03, 05, 06, 08, 24. these are the default actions
that could be performed by the user having this role.
We need to maintain this- by giving only those authorizations required for the help-desk
person to perform.
Double click on Activity- another screen would pop up.
Uncheck- all except 02 (Change), 03(display) and 08(Display change documents)
You will see that the yellow light on the USERGRPS node has now become green.
Usergroup: * (for any user group)
5

Profile Generator is the central tool for generating authorizations and


authorization profiles and assigning them to users. Profile Generator
automatically provides the corresponding authorizations for the functions
chosen.
Some of these authorizations have default values. Traffic light symbol tells you which
values you need to maintain.
All the yellow traffic light symbols need to be made green before the
profile can be generated.
Select each of the yellow traffic lights- select the activity option- uncheck
all actions other than display/change.

Once all light symbols have become green- select the


save icon. Select the generate icon( red & white)

A screen would pop- up with a default profile name will be assigned. Note
down the profile name.
Select the green check mark. Profile name would be created for this role.

Back arrow- profile generated message is


given. The Authorizations tab would be
green.
Save.

Now the role is created. Create a new user and assign this role to that
user to see the transactions allowed.
/nSU01- Transaction to Create/Display/ Change user.
Name : HLPDSK_(Batch #)_(your
initials) Create

Will bring you to another screen.


Address Tab: Enter first name & Last name
Logon data Tab:Initial password/ repeat password
Validity period:
User Type:
Dialog

In the Roles tab:


From the drop down box select the role you just
created. Select the save button.
Would give a message that the user HLP_DSK_(your initials) was saved

Log of .
Log back on using the new user just created.
To verify if the role assigned to the user works,
/nsu01- Transaction to create/display/change users.
Select the create icon.

Will give you a message you are not authorized to create new users

To see why what authorization we are missing that is preventing us from


executing the create user command-

/nSU53 Transaction to display authorization data

10

Exercise II: Scheduling Background Jobs:

Background processing is used for long-running as well as


recurrent tasks. A background job consists of one or more steps.
Steps can be
a) An ABAP program.
b) An external
command. c) An
external program.
Background jobs can be scheduled with diferent priorities:
a) Class A (highest
priority) b) Class B
(medium priority) c)
Class C (normal priority)
A job can be triggered in 2 ways
a) At a particular time (time-controlled)
b) When a particular event occurs (event controlled)

Exercise II :Part A: Create and


execute a job.
/nSM36- Transaction to define
new jobs

1
1

Enter Job name as : Z_(Batch name)_RSPARAM_(your


initials) Enter Job Class as : C
Select the Step option on the menu bar.

12

Select the ABAP Program option.


Enter name of the program : RSPARAM
Select variant name from the drop box: TEST
Every job has variants.
Select the Check Box .
Select the Save Button.
Will bring you back to the previous screen where under job steps
It should say steps successfully defined
Select the Start Condition option on the menu bar.

13

Select the start immediate option:

Check- Save.
Will bring you to the previous screen.
Select the Save button again.
Would see a message job (Background job name) saved with status:
Released

14

/nSM37- Transaction to check the status of a job


Enter the name of the job you have just created.
Z_(batchname)_RSPARAM_(your initials) Enter the user name under which the job
was created :
Enter the job start condition day in which the job was released
Under Job Status select- Released, ready, active , finished- to show the released
jobs in all these status.
Select the Execute button.

15

Will bring you to the job overview screen where you can see the status of the job.

16

Exercise II: Part B:


Create and execute an external operating system command.
A background job could be executed through an external command.
/nSM69- Transaction to create external operating
system commands. Only one person can define a
command at a time.
Once you are in the transaction select the change icon (pencil ) to display the
other icons. Select the create icon. While someone is using the create
command , the icon will not be visible to others.

Will bring you another screen;


Enter the command name : Z_BATCH(no)_(your initials)
Operating System : Linux
Operating system commands : ps
Parameters for operating system commands : -ef
Select the option: Additional parameters allowed
ps ef is a command to list all processes running on the operating system
Select the save icon on top.
Will give a message : changes were
made Select the back arrow on the
top.
Select the Save icon
again . . Back arrow out
again-

17

/nSM49- Transaction to execute the external command


Select your external command from the list of external commands.
Keeping the cursor on your external command select the execute button
on the menu bar.

18

Will bring you another screen similar to the one where you created
the external command.
Make sure the destination host is set as sarswati.

Select the execute button

Will show you the execution of the external command ps ef.

You might also like