The Organization Level Access – provides access to common transactions for any user logging on to SAP system in the affected instances. The Security / Basis team owns this layer since the transactions to be put in it are activities that support the general use of the SAP system. Some examples of these activities are access to print, online help, SAP office, etc. This avoids duplicating these same transactions in every job role throughout a landscape. Changes here affect all users, reducing the administrative load for the security team, and speeds up the response time to users. Examples of transactions that would be included at this level are: SU3, SU53, SU56, SP01, etc.
The Core Level Display Access – provides each functional team with the flexibility to incorporate all display transactions of non sensitive data that any end user would need in a specific SAP module. This provides another efficient way to make a change for a group of users. Core Level Access allows changes that affect a complete functional group, for example: if there is one core level role for FI, then any changes for all of FI would only need to be made in one place rather than requiring modification multiple roles in which this display access had been duplicated.
- Going forward, as new releases / functionality are introduced, this core level should remain stable. Most changes would affect only job roles. As a result, then any integration or regression testing will proceed at a quicker rate.
- Examples of these types of transactions could be: VA03, FB03 or MM03 depending on how the system has been configured and the modules being utilized.
T1- Roles with common access like Spool, ESS etc
T2- Roles with Common transactions across Business
T3- Roles with Transactions according jobs in Business Area
T4- Roles with Job Specific access