This article outlines the process which needs to be followed when managing a request for transaction access, missing access and additional access (eg. Plant, Sales Org, etc.) in the PF1 and SF1 system.

PF1 is the Production Environment, SF1 is the Pre Production Environment and QF1 is Quality Environment.

Identifying the Tickets :

When the users mentions that he / she needs access to a Plant, Sales org, etc. or if the user has added a screenshot of an error or the SU53, then it can be identified as a Missing Access. If the user needs access to a Transaction, then it can be identified as ticket for Transaction Access. The users generally do exist in the system. These tickets may have the accompanying information like the Name of the User / IDReference User Name / IDSystems, etc. Below is an example of how the ticket may look like.


Approvals :

Before proceeding with these kind of tickets, we need to always check the approvals. We need manager approval to proceed further, either we can find approval already in ticket or If there are approvals are missing in the ticket then we need to ask in ticket to provide approval of manager to proceed on the issue. Also, we need to ask for a Reference User ID if there is a confusion in obtaining the accurate role.

The request is approved if an agent from the L0 Team mentions that the it is approved or if the one requesting the access is the User's Manager. An example can be seen below :


Providing the Access :

  • When we receive a Missing Access request, after we check the approvals, we always need the SU53 screenshot or text file in order to obtain the Object and the Object Values. In the case of a transaction access, the object for the transaction code is generally s_tcode and the object value is the transaction code itself. The SU53 file looks like the below.



  • In the above screenshot, M_BEST_EKO is the Object and the Object Values are ACTVT - 01 and EKORG - NAHA.
  • The corresponding role for the transaction or the missing access has to be found out through the transaction SUIM (User Information System → Roles → Roles by Complex Selection Criteria) based on the users Existing roles, Country, GBU, Function, etc. If we have a reference user we need to copy that user id need to select "With valid assignment of" check box and need to give concerned details then execute.





  • Once the role is found out, the same is assigned to the user in the IDM and ticket is Resolved.

Important

If a user asks to add the role (or in case of a User Creation) in the PF1 system then the same roles has to added in the SF1 system too. But the vice-versa should not be done, i.e. if the user needs access in the SF1 system then the same has to provided only in the SF1 system. Also, if required, we can ask for the Reference User too.


We have now finished the request for the Missing Access for the user in the PF1 and SF1 system.



  • No labels

1 Comment

  1. Nipun Tomar

    Approved.