SAP Fiori Application

SAP Users Type

Types of user in SAP	Uses and Purpose
Dialog Users	Named user who login to the user and have to logon in the system with his/her id and password.
Service Users	Service user is also can login to the system and password not expired and many user can login at a time. Mainly used for testing purpose.
System Users	Used for system to schedule jobs and background process
Communication Users	Used to connect other system and RFC call
Reference Users	To provide indirect access to the Dialog users

Project and Developer roles

Developer roles

Developer role needs access to design the UI Application and ABAP program and enhancement

Basis Role/Security Admin

Basis and Security role used by administrator to manager the system and access to the user and design the end user roles

Function team

Functional team have access for the designing the organization structure and functional design

Core Team

Key business users created in development system to check the configuration and executing business tcodes and Fiori applications

Production Users

End Users

All the Business users created in the Production system

Support Team

Basis, Security, Developer and Functional consultant also created in Production system for business support with no change access of any configuration data or master data.

SAP OSS id

This id created in production system and password will be shared with SAP in case of SAP support on any application

System user/Communication Users

System id created in production system to support system activities and connecting GRC system with Fiori system

Role Matrix

Types of Roles in SAP

Single roles

Provide the access to the user using a normal single roles

Master Derived roles

This role provide used to have some business function for different organization data.

All the derived role can provide the same application to users restricted with Area of responsibility

Eg Sales manager Finland, Sales Manager US

Composite roles

This role is combined the single and derived roles and used for better maintenance and support

Business Role Design Process

The Security team will work closely with the Business and Technical teams to define, develop, test, and implement end-user access. The application security approach will be developed for the following end user types

DEV, QA and Production business users
DEV, QA and Production security and basis technical support

A security role will be made up of the following key elements

Fiori Application/Transaction codes to be included in a role based on tasks defined in Business Function Matrix.
Fiori Catalog and Group added into the role menu based on tasks defined in Business Function Matrix.
Organizational level restrictions (e.g. certain Company Codes) for the Master role
Respective derived roles based on above restrictions
Tables to be viewed or maintained by the role
Other functional restrictions or user exits within transactions (e.g. specific document Types) • Field Level restrictions will need to be in place to restrict the user’s ability to see specific data on screen. The restrictions are provided in business functions matrix.

SAP S/4 HANA and Fiori Security implementation & SOD concepts in SAP