You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

 

This article outlines the process which needs to be followed when managing access in the PF1 and SF1 system.

 

PF1 and SF1 Systems

PF1 is the Production Environment and the SF1 is the Pre Production Environment.

Tickets :

The tickets for the management of users in the PF1 and SF1 systems can be of different types. These can be :

  • User Creations - With a Reference User / Without a Reference User
  • User Modifications - Addition / Removal of roles
  • Transaction Access
  • User Unlock / Validity Extension / Password Reset
  • Missing Access, etc.

Below are a few examples of how the tickets may look like.

 

 

Important

If a user asks to add the role (or in case of a User Creation) in the PF1 system then the same roles has to added in the SF1 system too. But the vice-versa should not be done, i.e. if the user needs access in the SF1 system then the same as to provided only in the SF1 system.

Approvals :

Before proceeding with these kind of tickets, we need to always check the approvals. The approvals for the PF1 and SF1 system are managed by the L0 Teams depending on the region. If there are approvals missing in the ticket then the ticket has to be transferred to the respective L0 Team asking them to get the approvals. Also, the things which need to be checked are the Reference User if the user needing access is a new user and SU53 text file if the user has an access issue which is not necessarily a missing Transaction Code.

The approvals are checked if an agent from the L0 Team mentions that the request has been approved. An example can be seen below :

Providing the Access :

User Creations and Modifications

When we receive User Creations, after we check the approvals, we always need either the Reference User or the list of all the roles which have to be added to the user. In this case of the new user creation, if the user only mentions the transactions which the user needs, then it is always a good idea to ask for the Reference User as otherwise the role added or the solution provided might not be too accurate.

Once we have the required information, the user group has to be set in the Logon Data tab and the roles have to be added to the user account using the IDM (Identity Management) through the Permissions tab.

 

 

 

Once this is done and saved in the IDM, we need to mirror the values in the PF1 and SF1 system tabs of the Reference User to the user who needs the access. This includes the information in the tabs Logon Data, Defaults and Parameters. This is followed by the password reset and the same is informed to the user and the ticket is Resolved.

 

Transaction Access

In case of a Transaction Access, the corresponding role to the transaction has to be found out through the transaction SUIM (User Information System → Roles → Roles by Complex Selection Criteria) based on the users Existing roles, Country, GBU, Function, etc.

Once the role is found out, the same is assigned to the user in the IDM and ticket is Resolved.

User Unlock / Validity Extension / Password Reset

 

Missing Access

  • No labels