SAP SECURITY

1
 Access Control

• The concept of role-based access control began with multi-user and

multi-application on-line systems pioneered in 1970’s

• Introduces the concept of a role and a permission

– A permission is an association between a transformation procedure
and an object
• A permission can be thought as an object-method pair or a class-
method pair in an object-oriented environment
• A permission can be thought as a table-query pair or a view-
query pair in a database application

• Permissions are assigned to roles

• Users are assigned to roles

2
 SAP Security and Business Processes

Business P
Task R
O
Business C
Task E
S
S
Object
Authorization Functional
Job
Profile
Profile
Object
Authorization User ID
Functional
Profile

User

3
Hierarchical RBAC

4
 SAP Security

User Master Record

Composite Profile Profile

Simple Composite
Profile Profile Authorization
Object Authorization

Fields

5
 Role & Authorization Matrix

• Role matrix is a combination of roles versus users and roles versus transaction code

• Segregation of Duties (SOD) is designed using a customized roles and authorizations matrix

Key requirements for designing roles & authorization matrix:

• User names with designations

• Business process area, sub process area

• Module wise transaction code

• Description of transaction code

6
 Introduction

Contents:
 Security Requirements
 SAP Security Levels
 SAP Access Control
 Users, Roles and Authorizations
 Technical Implementation of Roles
Unit Objectives

At the conclusion of this unit, you will be able to:

 Describe the SAP authorization concept as part of

a comprehensive security concept
 Explain the access control mechanisms
 Explain how users, roles and authorizations are
related
 Describe the technical implementation of a role-
based authorization concept
 Security issues
 Persons  Technology
 Incorrect Operation  Disk Crash
 Hackers  Power Supply
Threats  Environment Interruption
 Floods
 Earthquakes

 Organization  Technology
 Procedures  Hardware Router
 Training  DB Backup
Measures  Environment  Password Rules
 Fire Alarms  Authorizations
 Water Detection  ...

 Hardware
 Software
Assets  Data
 Persons
 Classification of user positions (An example)
Employees have roles
Employees have roles with specific functions
with specific functions and need authorizations
and need authorizations for
for these
these functions
functions

Create Authorization to create

 Employee Purchase
 Service purchase requisitions
Requisition
Karen Representative (ME51)

Procurement
 Employee
 Service Release
Representative Purchase Authorization to release
 Manager Requisition purchase requisitions
Susan (ME54)

 Employee Order
 Purchaser Purchase Authorization to create
Requisition purchase orders
John (ME58)
 Parts of a Role
Role
Role
Professional
Professional Purchaser
Purchaser
 Role Menu
 Accessible Transctions , Reports,
Web Links
 Structure of the Menus/Access
Paths

 Authorizations
 Selective Access to Business
Functions and Data

 User
 SAP User Menu
M enu Edit Favorites E xtras S ystem Help

Other menu Create menu Assign users

Favorites
SM51 List of SAP Systems
Role BC_USER_ADMIN
User Administration
SU01 - User Maintenance
PFCG - Role Maintenance
SU01D - Display User
SU05 - Internet User Maintenance
SU10 - User Mass Maintenance
SUGR - Maintain User Groups
 Unit Summary

You are now able to:

 Describe the SAP authorization concept as part of
a comprehensive security concept
 Explain the access control mechanisms
 Explain how users, roles and authorizations are
related
 Describe the technical implementation of a role-
based authorization concept
Conception
Conception with
with ASAP
ASAP
Methodology
Methodology
Contents:
 ASAP methodology for creating an authorization concept
 Project preparation
 Analysis and design of the authorization concept
 Implementation of the authorization concept
 Testing and quality assurance
 Cutover
 Unit Objectives

At the conclusion of this unit, you will be able to:

 List the steps necessary to implement an

authorization concept
 Describe the activities to be performed in each
step
 Assign responsible persons to each activity
 Use the ASAP procedure model for implementing
an authorization concept for your own projects
 Business

 Before going live, your company wants to

implement an authorization concept.
 The steps required to realize the authorization
concept must be planned in the context of the
entire implementation process.
 During the planning phase you want to estimate
the time and personnel resources needed.
 Steps

Analysis Implement- Quality

Preparation & ation Assurance Cutover
Conception & Tests

Determine User and

Authorization Administration Strategy

 A Role and Authorization Concept is Implemented in 5 Steps

 Each Step Comprises Different Activities
 Each Activity is Associated with a Responsible Person
 User Administration and Authorization Management
Organization is Parallel to User and Authorization Concept
Implementation
Step 1: Preparation

Analysis Implement- Quality

Preparation & ation Assurance Cutover
Conception & Tests

Measures:
 Set Up a Team for User Roles and Authorizations
 Clarify Prerequisites for Authorization Assignment
 Train the Team for User Roles and Authorizations
 Trigger Role and Authorization Project
 Classification of Modules with Users

FI/ CO PP KU KU KU

BASIS KU BC
BC
KU

SD/ MM HR
KU = Key User
BC = Basis User (technical
authorization management)
 Analysis & Conception

Analysis Implement- Quality

Preparation & ation Assurance Cutover
Conception & Tests

Measures:
 Determine User Roles
 Complete Roles
 Determine Framework for Implementing the Roles
 Check Framework for Implementing the Roles

 SAP AG 1999
 Authorization sheet (Example)
Enterprise area
Authorization List - Role Design Role name

Scope Scope Scope

Instruction...
Business Processes
Financial Accounting
General Ledger Processing
Closing Operations
Profit and Loss Adjustment
General ledger: Profit and Loss Adjustment F.50
General ledger: Update Balance Sheet Adj . F.5D
General ledger: Post Balance Sheet Readj . F.5E
General ledger: Balance Sheet Readj ., Log F.5F
General ledger: B/S Readj ., Spec. Functions F.5G
Accounts Payable Accounting
Invoices and Credit Memos
Parked Document Posting [Vendors]
Post Parked Document FBV0
Change Parked Document FBV2
Display Parked Document FBV3
Change Parked Doc. (Header) FBV4
Document Changes: Parked Documents FBV5
Reject Parked Document FBV6
Vendor Account Analysis
Balance Analysis
Customer Account Analysis FD11
Vendor Account Balance FK10
Display Vendor Balances FK10N
Vendor Line Items FBL1N
Correspondence with Vendors
Correspondence with Vendors
Correspondence: Print Requests F.61
Correspondence: Print Internal Docs. F.62
Correspondence: Delete Requests F.63
Correspondence: Maintain Requests F.64
 Role Design
Enterprise area FI FI FI
Authorization List - Role Design Rollenname FI_ Manag AP_ Manag AP_ Acc

Scope Scope Scope

Instruction...
Business Processes
Financial Accounting
General Ledger Processing
Closing Operations
Profit and Loss Adjustment
General ledger: Profit and Loss Adjustment F.50 x
General ledger: Update Balance Sheet Adj . F.5D x
General ledger: Post Balance Sheet Readj . F.5E x
General ledger: Balance Sheet Readj ., Log F.5F x
General ledger: B/S Readj ., Spec. Functions F.5G x
Accounts Payable Accounting
Invoices and Credit Memos
Parked Document Posting [Vendors] x x x
Post Parked Document FBV0 x x x
Change Parked Document FBV2 x x x
Display Parked Document FBV3 x x x
Change Parked Doc. (Header) FBV4 x x x
Document Changes: Parked Documents FBV5 x x x
Reject Parked Document FBV6
Vendor Account Analysis
Balance Analysis
Customer Account Analysis FD11 x
Vendor Account Balance FK10 x
Display Vendor Balances FK10N x
Vendor Line Items FBL1N x
Correspondence with Vendors
Correspondence with Vendors
Correspondence: Print Requests F.61 x
Correspondence: Print Internal Docs. F.62 x
Correspondence: Delete Requests F.63 x
Correspondence: Maintain Requests F.64 x
 SOD (Segregation of Duties)
User
User Master Record

User Role
Composite Role
Accounts Payable Accounts Payable
Accounting Manager Accountant

Activity Block
(Group of Related G/L Document
Balance Analysis
Activities) Maintenance
Role

Vendor Line Maintain

Activities Items Post
Account Documents ........
Transactions, Display Balances Change
Reports Vendor Documents
Balances
 SOD(Example)

Financial Accounting Manager

Maintain
Documents
Maintain Closing
Documents Operations

Closing
Operations Accounts Payable Accounting Manager

Maintain Balance
Documents Analysis
Balance
Analysis

Accounts Payable Accountant

Correspondence Maintain Correspondence

Documents
 Implementation

Analysis Implement- Quality

Preparation & ation Assurance Cutover
Conception & Tests

Measures:
 Create Roles
 Create Derived Roles
 Create Composite Roles
 Quality Assurance & Tests

Analysis Implement- Quality

Preparation & ation Assurance Cutover
Conception & Tests

Measures:
 Test User Roles and Authorization Concept
 Release Roles and Authorization Concept
 Cutover

Analysis Implement- Quality

Preparation & ation Assurance Cutover
Conception & Tests

Measures:
 Set Up Productive Environment
 Create User Master Records for Productive Users
 Accept Role and Authorization Project
 Analysis Implement- Quality
Preparation & ation Assurance Cutover
Conception & Tests

Determine User and

Authorization Administration Strategy

Measures :
 Specify Technical User and Authorization Administration
Strategy
 Specify User and Authorization Administration Procedure
 Train Users and Authorization Administrators
 System Administrator

Authorization Data Authorization Profile User

Administrator Administrator Administrator

Create Maintain Activate Assign Maintain

Role Role Profile Role Users

Development System User Administration System

 Unit Summary

You are now able to:

 List the steps necessary to implement an
authorization concept
 Describe the activities to be performed in each
step
 Assign responsible persons to each activity
 Use the ASAP procedure model for implementing
an authorization concept for your own projects
Elements
Elements of
of SAP
SAP Authorization
Authorization
Concept
Concept
 The SAP R/3 authorization concept prevents
unauthorized access to the system and to data and
objects within the system. Users that are to
perform specific functions in the SAP R/3 System
need a user master record with the relevant
authorizations.
Overview of the elements of the SAP R/3
Authorization

Authorization Authorization Authorization Profile - Role

object class object

User

Authorization field:
Authorization Fields Authorization Objects Authorization
Object Classes

BUKRS M_RECH_BUK MM_R

F_BKPF_BUK
FI

F_KNA1_BUK
ACTVT
C_KAPA_PLA PP

C_ARPL_WRK
WERKS MM_B
M_MSEG_WWA
SD
V_KNA1_BRG
BEGRU CV
C_DRAW_BGR
 Authorization Example
Authorization A
BUKRS BUKRS 1000, 2000
1000 2000 3000 ACTVT 01, 02, 03
ACTVT
Create
Change
Display

Authorization B
BUKRS BUKRS 1000, 2000, 3000
1000 2000 3000 ACTVT 03
ACTVT
Create
Change
Display
 Authorization Example
Authorization Work Work Work
Objects Center 1 Center 2 Center 3

S_TCODE F-22, F-27 F-22, F-27 F-43, F-41

TCD FB02, FB03 FB02, FB03 FB02, FB03
F_BKPF_BUK
ACTVT 01, 02, 03 01, 02, 03 03 Authorization
BUKRS 2000 1000 1000

F_BKPF_GSP 01, 02, 03 01, 02, 03

ACTVT 1000 01, 02, 03 1000, 2000
GSBER 2000
F_BKPF_KOA 01, 02, 03
ACTVT A, D, S 01, 02, 03
01, 02, 03 K
KOART ....... D
....... ....... .......
Authorization
Profile
 Steps in Authorization

Change Transaction FB02

Accounting Program SAPMF05L
Document

....
User
Authorizations Check AUTHORITY-CHECK
OBJECT ´F_BKPF_BUK ´
ID ´ACTVT ´ FIELD ´02 ´
Object F_BKPF_BUK ID ´BUKRS ´ FIELD BUK.
Authorization BUK
1000 IF SY-SUBRC NE 0.
Result MESSAGE E083 WITH BUK.
ENDIF.
Authorization BUK 1000 .....
Field Value
ACTVT 02, 03
BUKRS 1000
 Create Roles Using the Profile Generator (PFCG)

Choose Activities
(Transactions, Reports,
Web links)

User Menu
Maintain Authorization
Data (Define Authorization
Objects) Generation
Authorization Profile

Authorization for
Authorization Object xxx
....
 SPG Landscape

• SPG (Saudi Paper Group) has two systems Development and

Quality
• Development - five clients
A.100
B.200
C.300
D.400
E.450
40
 SPG Landscape

• Quality -two clients

A.100
B.400

41
 SPG Modules

• The following are the modules being used in SPG

A.FI
B.CO
C.MM
D.PP
E.PM
F.QM
G.SD
42
 Existing Modulewise Roles

• Z_CO_STD_TEST_FULL Z_PP_STD_TEST_FULL
• Z_SD_STD_TEST_FULL Z_ABAP_STD_TEST_FULL
• Z_HR_STD_TEST_FULL Z_PS_STD_TEST_FULL
• Z_MM_STD_TEST_FULL Z_HR_STD_TEST_FULL
• Z_PM_STD_TEST_FULL
• Z_ABAP_STD_TEST_FULL
• Z_FI_STD_TEST_FULL
• Z_QM_STD_TEST_FULL
43
 Cross Module Roles

• The following are the Cross Module Roles

Z_MM_CM_TRANSC_ROLE
Z_FI_CM_TRANSC_ROLE
Z_HR_CM_TRANSC_ROLE
Z_PM_CM_TRANSC_ROLE
Z_ABAP_CM_TRANSC_ROLE

44
User
User Master
Master
 User Screen Menus

Display User

User
Last changed by Saved

Address Logon Data Defaults Parameters Roles Profiles Groups

Start Menu , Assignment of Assignment of

Personal Data , Logon Language , Roles User Groups
Communication Standard Printer
Data , Company
Address Assignment of
Profiles
User Group , Default
User Type, Parameter IDs
Validity Period
 Profile Screen
Maint: 0 Unmaint. Org levels, 7 Open Fields , Status: Saved
MY_ROLE FI: Accounts Payable Accountant
Role MY_ROLE Gepflegt Old Cross- Application Authorization Objects
Description Gepflegt
FI: Accounts Payable Accountant - created from SAP template Old Asset Management
Gepflegt New Basis - Administration

Description Menu Authorizations User Standard New Authorization for File Access
Standard New Authorization for File Access
Angelegt Letzte Änderung
User MEYERS Benutzer BENZ Aktivity
Physical File Name
Date 16.01.2000 Datum 18.01.2000 ABAP Program Name
Time 13:22:12 Uhrzeit 17:50:59
Maintained Old SAPscript: Standard text
Informationen zum Berechtigungsprofil Standard Old Basis - Development Environment
Profile name T-K6840005 Maintained New Basis - Central Functions
Standard Old Materials Management - Procurement
Profile text Profile for Role MY_ROLE
Status Current Version Not Generated

Maintain Authorization Data and Generate Profiles

Change Authorization Data

Expert Mode for Profile Generation

Description Menu Authorizations User

 Profile Generation with authorization
Maint.: 0 Unmaint. Org Levels, 7 Open Fields, Status: Saved
MY_ROLE FI: Accounts Payable Accountant
Maintained Old Cross- Application Authorization Objects
Maintained Old Asset Management
Maintained New Basis - Administration

Generate Standard New Authorization for File Access

Standard New Authorization for File Access
Activity
Physical Filename
ABAP Program Name
Maintained Old SAPscript: Standardtext
Standard Old Basis - Development Environment
Maintained New Basis - Central Functions
Standard Old Materials Management - Procurement

Assign Profile Name for Generated Authorization Profile

You can change the default profile name here
Profie lname MY_ROLE_PF
You will not be able to change this profile name later
Text Profile for role MY_ROLE
 Assign Users

Role 1 Role 4
Role 3

Role 2
 Adjust User Master Record
Other Role Information

Role MY_ROLE
Description FI: Accounts Payable Accountant

Description Menu Authorizations User Pers ...

Selection User Compare

Compare Role User Master Record

Last Comparison Complete Adjustment
User User
Date Date
Time Time

Information for user master comparison

Status User authorization changed since last save

Complete Compare Expert Mode for Compare Information

Description Menu Authorizations User

 Derived Roles

Derived
Changes to the menu
are only possible here Role 1

Reference
Derived
Role
Role 2

Derived
Role 3
 Composite Roles
Role 2
Role 5
Role 1 Role 3 Role 6
Role 4 Role 7

Composite Composite
Role A Role B
Access
Access Control
Control and
and User
User
Administration
Administration
Contents:
 Special Users
 Administration Tasks in User and Authorization
Administration
 SAP Authorization Objects for Protection from Access
to Administration Functions
 Scenarios for Distributing Administration Tasks in the
System Infrastructure
Access Control and
Authorization access and rules

 In order to protect your SAP R/3 System against

unauthorized access, you must define password
rules, set the relevant profile parameters and
protect special users.
 You must also define areas of responsibility for
user and authorization administration.
 The organizational areas of responsibility must be
clearly defined technically using authorizations.
 Login procedure

Initial Logon Procedure in SAP Clients

Client 000 001 066 Client (new)

User SAP* DDIC EarlyWatch SAP*

Initial
password 06071992 19920706 support pass

Since these users are generally known, they must be

! protected against unauthorized access.
 Administrator role management
Superuser

User Administrator Authorization Profile

 Maintain user master records Administrator
 Assign roles to users  Maintain roles
 Assign profiles to users (only T...)  Create authorizations (only T-...)
 Display authorizations and profiles  Create profiles (only T-...)
 Call "Information System Authorizations"  Execute Transaction SUPC
 Call "Information System Authorizations"

Authorization Data
Administrator
 Maintain roles
 Change transaction selection
 Change authorization data
 Call "Information System Authorizations"
 Modulewise Administration

User User User User User

Admin. Admin. Admin. Admin. Admin.

User Administrator Location 1

User Administrator Location 2
User Administrator Location 3
User Administrator Location 4
FI CO SD MM PP
 Understanding Module wise Authorizations –
BPML sheet
CO Authorization

Restricti
on
Values
Transac (ex. Userid/ Transa
Business Sub Process tion Compan Positio Positio Positio Positio Positio Positio Emp ction Activity
Business Process Area Sub Process Area Description Type Module y, Plant) n1 n2 n3 n4 n5 n6 name code codes(1,2,3….)
Master Data
Cost Element
Primary Cost Element-Create Create CO KA01 1
Primary Cost Element-Change Change CO KA02 2
Primary Cost Element-Display Display CO KA03 3
Primary Cost Element-Delete Delete CO KA04 6
Primary Cost Element-Display Change Display CO KA05 3
Secondary Cost Element-Change Change CO KA06 2

59
 Understanding Module wise Authorizations –
BPML sheet
FI Module

Restricti
on
Values
(ex. Userid/ Activity
Business Sub Process Transact Compan Positio Positio Positio Positio Positio Positio Emp Transaction codes(1
Business Process Area Sub Process Area Description ion Type Module y, Plant) n1 n2 n3 n4 n5 n6 name code ,2,3….)
Finance Postings
GL Parking Process
Edit/Park GL account Create FI FV50 1
Change the Parked Document Change FI FBV2 2
Display Parked document Display FI FBV3 3
Post the Park GL Account Create FI FBV0 1
Vendor Parking Process
Edit/Park Vendor account Create FI FV60 1
Change the Parked Document Change FI FBV2 2
Display Parked document Display FI FBV3 3
Post the Parked Vendor Account Create FI FBV0 1

60
 Understanding Module wise Authorizations –
BPML sheet
MM Module

Restricti
on
Values
(ex. Pur
Org,
Plant,
S.Loc, Userid/ Activity
Business Sub Process Transaction Moveme Positio Positio Positio Positio Positio Positio Emp Transactio codes(1
Business Process Area Sub Process Area Description Type Module nt Type) n1 n2 n3 n4 n5 n6 name n code ,2,3….)
Weigh Bridge Solution
Weigh Bridge Slip
Custom
Create Weigh bridge Slip Change MM Transaction 1
Custom
Change Weigh bridge Slip Change MM Transaction 2
Custom
Display Weigh bridge Slip Display MM Transaction 3
Custom
Print Create MM Transaction 1
Custom
Gate Entry Slip(without weigh)-create Change MM Transaction 1
Custom
Gate Entry Slip(without weigh)-change Change MM Transaction 2
Custom
Gate Entry Slip(without weigh)-display Display MM Transaction 3
Custom
Gate Entry Slip(without weigh)-Print Create MM Transaction 1
Weigh Bridge
Custom
Create Gate Pass Create MM Transaction 1
Custom
Display Gate Pass Display MM Transaction 3
Procurement Process

61
 Understanding Module wise Authorizations –
BPML sheet
PM Module

Restricti
on
Values
(ex.
Compan Userid/ Transac Activity
Business Sub Process Transact y, Plant, Positio Positio Positio Positio Positio Positio Emp tion codes(1
Business Process Area Sub Process Area Description ion Type Module S.Loc) n1 n2 n3 n4 n5 n6 name code ,2,3….)
Preventive Maintenance
Maintenance Task Lists
Create Equipment Task List Create PM IA01 1
Change Equipment Task List Change PM IA02 2
Display Equipment Task List Display PM IA03 3
Create FL Task List Create PM IA11 1
Change FL Task List Change PM IA12 2
Display FL Task List Display PM IA13 3
Create General Task List Create PM IA05 1
Change General Task List Change PM IA06 2
Display General Task List Display PM IA07 3
Change Task List - List Edit Change PM IA08 1
Display Task List - List Edit Display PM IA09 2
Display Task List (Multilevel) - List Edit Display PM IA10 3
Maintenance Items
Create Maintenance Items Create PM IP04 1
Change Maintenance Items Change PM IP05 2
Display Maintenance Items Display PM IP06 3
Change Maintenance Items List Change PM IP17 2
Display Maintenance Items List Display PM IP18 3

62
 Understanding Module wise Authorizations –
BPML sheet
PP Module

Restricti
on
Values
(ex.
Compan Userid/ Transac Activity
Business Sub Process Transact y, Plant, Position Position Position Position Position Position Emp tion codes(1
Business Process Area Sub Process Area Description ion Type Module S.Loc) 1 2 3 4 5 6 name code ,2,3….)
Master Data
Materials Master
Materials Master Creation Creation PP MM01 1
Materials Master Change Change PP MM02 2
Materials Master Display Display PP MM03 3
Materials List Display PP MM60 3
Mass Change Change PP MM17 2
Flag Materials for Deletion Change PP MM06 2
Bill of Materials
BOM Creation Creation PP CS01 1
BOM Change Change PP CS02 2
BOM Display Display PP CS03 3
BOM Explode Display PP CS11 3
Display Multilevel BOM Display PP CS12 3
BOM Comparison Display PP CS14 3
Summarized BOM Multilevel Display PP CS13 3

63
 Understanding Module wise Authorizations –
BPML sheet
QM Module

Restricti
on
Values
(ex.
Compan
y, Plant, Userid/ Transac Activity
Business Sub Process Transact Insp Position Position Position Position Position Position Emp tion codes(1
Business Process Area Sub Process Area Description ion Type Module type) 1 2 3 4 5 6 name code ,2,3….)
Quality In Procurement
Inspection Lot
Create Inspection Lot Manually Create QM QA01 1
Change Inspection Lot Change QM QA02 2
Display Inspection Lot Display QM QA03 3
Change Data For Inspection Lot Change QM QA32 2
Display data for inspection lot Display QM QA33 3
Inspection Lots Without Completion Display QM QVM1 3
Inspection Lots with Open Quantities Display QM QVM2 3
Inspection Lots without Usage Decision Display QM QVM3 3
Change Inspection Lot Actual Quantity Change QM QAC1 2
Collective Processing of Insp Change QM QA08 2
Record defects for inspection lot Create QM QF11 1
Defects List of material Display QM MCXX 3
Reset Sample Calculation Change QM QAC3 2

64
 Understanding Module wise Authorizations –
BPML sheet
HR Module

Restricti
on
Values
(ex.
Company
, Sales Userid/
Business Sub Transaction Org,Plant Position Position Position Position Position Position Emp
Business Process Process Area Sub Process Area Description Type Module , Div) 1 2 3 4 5 6 name Transaction code
Organizational Management
Maintainance of Organizational Management Objetcs
Maintain Organizational Unit Create HCM PO10
Maintain Position Create HCM P013
Maintain Jobs Create HCM PO03
Work Center Create HCM PO01
Maintain Object Create HCM PP01
Execute Actions Create HCM PP03
Create Organizational Structure through Simple maintenance Create HCM PPOC_OLD
Change Organizational Structure through Simple maintenance Change HCM PPOM_OLD
Display Organizational Structure through Simple maintenance Display HCM PPOS_OLD

65
 Understanding Module wise Authorizations –
BPML sheet
SD Module

Restricti
on
Values
(ex.
Compan
y, Sales Userid/ Activity
Business Sub Process Transact Org,Plan Positio Positio Positio Positio Positio Positio Emp Transaction codes(1
Business Process Area Sub Process Area Description ion Type Module t, Div) n1 n2 n3 n4 n5 n6 name code ,2,3….)
PRE SALES
Inquiry
Create Inquiry Create SD VA11 1
Change Inquiry Change SD VA12 2
Display Inquiry Display SD VA13 3
Diplay List of inquiries Display SD VA15N 3
Quotation
Create Quotation Create SD VA21 1
Change Quotation Change SD VA22 2
Display Quotation Display SD VA23 3
Display List of Quotations Display SD VA25N 3

66
 SU53 based errors

SU53 Screenshot

67
Approve/Reject a submitted request

Microsoft Word
Document

68
 Questions …?

Thank You

69