SAP GRC vs IdM
The other day I attended a SAP GRC (Governance, Risk and Compliance) presentation and demo by SAP and Deloitte. I was pretty impressed by the functionality and particularly interested in some of the functionality around provisioning of SAP access by the tool (automating work currently done manually by my team). I also liked their implementation of 'super user' functionaility (basically allowing a group of users access to much more powerful roles in a tightly controlled and monitored environment).
Then a few days later I attended a presentation and demo of SAP IdM (Identity Management). This was also quite cool functionality, but I ended up qutie confused, as we had been shown the same functionality in both sessions, despite the modules being completely seperate.
After a few calls to SAP I managed to get the story. GRC only provisions user access for SAP, while IdM can handle this for all systems. Interestingly, one of the big selling points for GRC is it's ability to analyse security roles in different systems, so it seems a little odd that provisioning is left out. I suppose it wouldn't be a wild suggestion to propose they did this on purpose to leave space in the portfolio for IdM (call me a cynic).
Parameter EKO & Defaulting Purchasing Organization in the Purchase Requisition
Edit: I wasn't able to get our Basis guys to make the change in our sandbox system to either prove or disprove this post. However I believe it to be accurate and would appreciate your comments.
---
First up, apologies for that awfully long title.
I spent hours yesterday trying to sort how to use user parameter EKO to default a purchasing organization (organisation) into a purchase requisition (PR).
All over the web about half the people said "all you have to do is set user parameter EKO" and the other half said "you're a bunch of idiots, it doesn't work!"
The answer, as is usually the case, is that you're all wrong (or right depending on how you look at it).
Here's the text for SAP OSS Note 73241 (hopefully these notes aren't proprietary or anything):
Symptom
The field 'Purchasing organization' on the detail screen of the purchase requisition item is not supplied from user parameter EKO when you create a purchase requisition.
Additional key wordsME51NCause and prerequisitesIn most cases, it is not necessary to preallocate the field;it can even cause errors.
The purchasing organization is transferred with the selection of a source of supply when you start a source determination on the detail screen, thus, a manual entry is not required.In addition, you must only enter the purchasing organization during the manual allocation of a source of supply if there are several purchasing organizations responsible for the plant.Thus, the actual entry aid for the user would be a minimum.
A preallocation is a problem since the detail screen is generally processed in the background and, as a result, the user could not see the allocation of a value to the field.If you were working with another purchasing organization in a previous transaction, an incorrect purchasing organization would be written to the purchase requisition by the SET/GET mechanism.For this reason, preallocating fields via SET/GET parameters is generally limited to the initial screens of the transactions.
A further problem is the creation of purchase requisitions from other applications in the background (via function module ME_REQUISITION_EXT). For reasons of consistency, the field would have to be preallocated here also which in turn can easily cause incorrect values in the purchase requisitions.Solution Provisioning the purchasing organization from the SET/GET parameter is not implemented until further notice.You must make a manual entry in the few case in which this is required.
So, as you can see, there are problems with setting the purchasing org automatically. However if you still want to do it, just get a developer (since you'll need a development key) to go into SE51 (Screen Painter), enter program SAPLMEGUI and screen 3322. Select Element List and go to the 'Special Attributes' tab. Ensure that the 'EKO' paramter is entered and check the 'GET' checkbox.
You should now be away and laughing.
SAP Transaction List
This page contains a list of transaction codes, their descriptions and the functional areas that are responsible for their configuration. I had originally planned to include the entire list, until I realised there were approximately 57,048. So I will start with the codes I've had to use, or at least heard of. Obviously as I study and work more, this list will be expanded.
If you're still looking for a particular SAP transaction, here is a complete list.
| Transaction | Description | Comments | Functional Responsibility |
| AC03 | Create Service Master | MM | |
| BP | Maintain Business Partner | Commonly used in CRM | CRM |
| CJ01 | Create Project | PM | |
| CJ02 | Change Project | PM | |
| CJ03 | Display Project | PM | |
| FBL1 | Display Vendor Line Items | FI | |
| FBL3 | Display G/L Account Line Items | FI | |
| ME21 | Create Purchase Order | MM | |
| ME23 | Display Purchase Order | MM | |
| ME27 | Create Stock Transport Order | MM | |
| ME28 | Release Purchase Order | MM | |
| ME41 | Create Request for Quotation (RFQ) | MM | |
| ME42 | Change Request for Quotation (RFQ) | MM | |
| ME43 | Display Request for Quotation (RFQ) | MM | |
| ME45 | Release Request for Quotation (RFQ) | MM | |
| ME47 | Create Quotation | MM | |
| ME48 | Display Quotation | MM | |
| ME49 | Price Comparison List | MM | |
| ME4B | Purchasing Documents by Document Number | MM | |
| ME4C | Purchasing Documents by Material Group | MM | |
| ME4L | Purchasing Documents by Vendor | MM | |
| ME4M | Purchasing Documents by Material | MM | |
| ME4N | Purchasing Documents by Document Number | MM | |
| ME4S | RFQ's by Collective Number | MM | |
| ME51 | Create Purchase Requisition | MM | |
| ME52 | Change Purchase Requisition | MM | |
| ME53 | Display Purchase Requisition | MM | |
| ME54 | Release Purchase Requisition | MM | |
| ME55 | Collective Release of Purchase Requisitions | MM | |
| ME57 | Assign and Process Purchase Requisitions | MM | |
| MM01 | Create Material Master | MM | |
| MM02 | Change Material Master | MM | |
| MM03 | Display Material Master | MM | |
| MM60 | Materials List | MM | |
| MMPI | Initialize Periods | MM | |
| MMPV | Close Periods | MM | |
| OKENN | Display Standard Hierarchy | HR | |
| PA20 | Display HR Master Data | HR | |
| PA30 | Maintain HR Master Data | HR | |
| PFAL | HR: ALE Distribution HR Master Data | Used to replicate HR Data to SRM, also used for CRM | HR |
| PFTC | General Task Maintenance | Used to display and edit workflow | HR |
| PPOMA | Change Attributes | HR | |
| PPOSA | Display Attributes | Used to display attributes in SRM | HR |
| PPOSE | Display Organization and Staffing | Used to look at org structure | HR |
| SE16 | Data Browser | Alternative to SE16N | BASIS |
| SE16N | General Table Display | A must! | BASIS |
| SE17 | General Table Display | Alternative to SE16N | BASIS |
| SU01 | User Maintenance | Security | |
| SUIM | User Information System | Security | |
| SWI1 | Selection Report for Workflows | BASIS | |
| SWIA | Execute Work Items without Agent Check | Used because it had a "forward to" icon | BASIS |
| SWUS | Test Workflow | Used to restart failed workflows | BASIS |
| VA01 | Create Sales Order | SD | |
| VA02 | Change Sales Order | SD | |
| VA03 | Display Sales Order | SD | |
| VA21 | Create Quotation | SD | |
| VA31 | Create Scheduling Agreement | SD | |
| VA41 | Create Contract | SD | |
| SM04 | Session Manager (Close Hung Sessions) | A must know |
SAP Handbook
This file is a fairly comprehensive SAP handbook by the Australian National Audit Office, and below is a representation of the contents page for your reference. Enjoy.
|
|
Initial SAP Users
Alternate Search Terms (I searched for these before finding my answers
- SAP Default Users
- SAP First User
- SAP Basis User
Unfortunately, I can't remember where I got this document from, so I'm unable to reference my source. If you wrote this article, or know where it comes from, please let me know. Cheers.
R/3 and AS/400: Changing Administrator Passwords
Ready-to-Run R/3 comes with predefined administrators and other users, at the network domain level, locally on the servers, and within the and R/3 Systems. All these users are delivered with standard passwords.
To make sure that the security of your system is secure, you have to change all the standard passwords as soon as you have finished setting up your R/3 Systems. Thereafter, you should change them at monthly intervals, with the exception of R/3 service accounts and R/3 internal users. You should not change the passwords of these users.
The following tables show the predefined users and their passwords.
Users on PRDSAP
| User name | Belongs to Group | Description | Password |
| QSECOFR | *SECOFR | Default AS/400 administrator | QSECOFR |
| QSYSOPR | *SYSOPR | Administrator for backups | QSYSOPR |
| OFR | *PGMRR3OWNERR3GROUP | R/3 administrator, production system | SAPOFR |
| OFR | *PGMRR3OWNERR3GROUP | R/3 administrator, development and Customizing system | SAPOFR |
| OPR | *PGMRR3OPRGRPR3GROUP | R/3 operator | SAPOPR |
| OPR | *PGMRR3OPRGRPR3GROUP | R/3 operator | SAPOPR |
| SAPUSER | *USER | R/3 user to be copied when creating R/3 users | user |
| nn | R3OWNERR3GROUP | Work process background user | SAP00PWD (see Note below) |
Users on DEVSAP
The nn user profiles are set in such a way that it is not possible to log on to the system and that the password never expires. You do not have to change these passwords. They are listed here for the sake of completeness.
The passwords for the users OPR , OFR , and nn must be the same on both AS/400 systems.
To change the passwords of the predefined AS/400 users, you have to log on to the AS/400. To change R/3 passwords, you have to log on to and .
R/3 Administrators in and in All Clients
| User Name | Description | Password |
| ddic (not in client 066) | R/3 default administrator | 19920706 |
| sap* | R/3 default administrator | 06071992 |
| adminbc | R/3 administrator (superuser) | init |
| sapcpic | R/3 default user for R/3 program-to-program communication (CPI-C) (no dialog user)No password required; the user cannot be used for logon. |
|
| tmsadm | Internal user for the Transport Management System (CPI-C, no dialog user)No password required; the user cannot be used for logon. |
|
Pages
SAP News
- Delegate registrations open for Saphila 2012 - SAP SA Press Office - ITWeb (press release)
- Netsuite 'glad to help rival SAP with their ERP' - Reseller News
- 'Yucky' maple syrup as temperatures spike - TVNZ
- Politicians must get out of the way: SAP Co-CEO - Times of India
- Heat, wind sap wheat crop's potential in key grower Kansas - Reuters
- SAP Builds Ecosystem To Boost Hana - InformationWeek
- ASUG and CEO Bridgette Chambers Named Finalists In Three 2012 American ... - MarketWatch (press release)
- Microsoft exec: Dynamics CRM, AX aims to feast Oracle, SAP switchers - ZDNet (blog)
- SAP Chairman Plattner Courts Startups, Asian Customers - Bloomberg
- SAP Considers External Candidates to Oversee Personnel - BusinessWeek
Recent Posts
- Best SAP Blog Post Ever
- SAP Jobs at Auckland Council
- SAP Mobile Application Collaboration
- Real Value in SAP’s Customer Appreciation Program
- SAP Support in ‘the Cloud’
Categories
- Application Management
- Cloud Computing
- Enhancement Packs
- Enterprise Support
- General SAP
- Materials Management (MM)
- Procurement
- Recruitment
- Sales & Distribution (SD)
- SAP
- Site Admin
- Supplier Relationship Management (SRM)
- Supply Chain Management (SCM)
- Warehouse Management (WM)