How to Set Up and Implement User Defaults in SAP Access Control 10.0

  • by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
  • April 9, 2013
Learn how to configure user defaults functionality in SAP Access Control 10.0 to drive automatic assignment of values to user master data based on specific request attributes.
Key Concept
A user defaults business rule can be used to define the default entries automatically maintained for a user master record based on defined attributes and conditions in a Business Rules Framework plus application. The user default assignment is performed on successful approval of an access request and just before provisioning occurs in the target system. The attributes for the user default are mostly values available in transaction code SU01 (user maintenance). Additionally, you can maintain user group assignment and parameter IDs to be provisioned by default based on a defined business rule.

A typical business environment needs to maintain default values for specific users based on clear-cut reasons such as operational responsibility or organizational structure. For example, in the SAP Advanced Planner & Optimizer (SAP APO) system where the time zone is critical for production planning activities, you can use user defaults to drive the automatic assignment of a time zone based on a user’s physical location. The system allows you to automate the assignment of a user default to users at the point of access provisioning using business rules defined in Business Rule Framework plus (BRFplus).

This capability provides control to access provisioning, saves time in maintaining numerous master records, and makes the assignment of transaction code SU01-specific values less error prone. The user defaults are normally associated with user details that exist in transaction code SU01 (user maintenance). A number of fields in the user master data can benefit from user default assignment.

Figure 1 diagrams the behavior of the business logic on which the user default functionality is based. It shows that user default fields (which exist as fields in transaction code SU01) should be provisioned for an access request when the location and system are defined as LAGOS and GECCLNT800, respectively. In the same vein, when the location and system are defined as LONDON and GECCLNT800, respectively, the corresponding user defaults need to be provisioned. For example, the time zone in the former system scenario is WAT and the time zone in the latter scenario is GMTUK. This assignment is provisioned in the target system (for example, SAP APO) by the access request management functionality of the SAP Access Control 10.0 system.


Figure 1
The user default access control application business rule

I discuss the capability of the User Default Business Rule and describe the following processes:

  • Maintain user defaults master data
  • Maintain actions for request types
  • Maintain the BRFplus function ID and access control application mapping
  • Configure BRFplus logic for a user defaults business rule
  • Simulate a business scenario

Kehinde Eseyin

Kehinde Eseyin is a senior SAP security and GRC consultant with Turnkey Consulting (UK) Limited. He has more than eight years of SAP authorizations, GRC, and Basis experience. In the past, he has managed teams to coordinate security, GRC, and Basis administration activities within a multinational environment and operated as an independent consultant, performing SAP system audits and SAP GRC Access Control implementations. He holds a bachelor’s degree in computer science. He has different certifications, including SAP Access Control 10.0 Consultant; SAP Technical Consultant (SAP NetWeaver on Oracle); SAP Solution Manager Operations Consultant; SAP Support Engineer – SAP Solutions Manager; SAP Business One Consultant; Oracle Database Administration Professional (OCP DBA); ITIL v3; and PRINCE2. He is the co-author of SAP BusinessObjects Access Control 10.0 Application Associate Certification [Review Questions and Answers].

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.