Académique Documents
Professionnel Documents
Culture Documents
Agenda
Role Purpose
Role Mapping Process
Roles and Responsibilities
Role Mapping and Scheduling Tool (RMS) Summary
Role Mapping Timeline
Business Role A logical grouping of activities/tasks performed in SAP by a specific job. The business role is the
one that launches a process, makes decisions on which of the available paths in the process to take
and in the end finishes the process. Business roles are not HR jobs or positions. One person can
be member of multiple business roles, and multiple persons can be member of the same business
role
SAP Technical Role Within a Business Role, a number of additional more granular technical security roles will exist that
make up the details of the overall security role design. Security Team will build appropriate
authorizations. Technical authorizations can be expressed in terms of Business Roles and aligned to
jobs which the business can easily understand (The Security Technical Roles will not exposed to
end users)
Segregation of Duty (SoD) The concept of having more than one person required to complete a SAP transaction to prevent
fraud and/or error.
Transaction Code (T- A specific function in SAP that allows an end-user to perform one of his/her job responsibilities (e.g.
Code): T-Code VA01 “Create Sales Order)
Task Role: A logical group of transactions (T-Codes) into a specific task (e.g. “Process Sales Order Task Role
includes T-Code VA01 “Create Sales Order, VA02 – “Change Sales Order’, VA 03 – “List Sales
Orders” )
RMS Tool IBM’s Automated Role Mapping & Scheduling (RMS) System. Next generation role mapping
accelerator/tool that facilitates the process of mapping end users to SAP security roles.
Send role mapping file to security to grant required access based on roles
assigned
Each user is mapped to an business role (s) that prescribes a learning path
Course 3
• Role name
• Role Description Course 2
• Tasks Course 1
• Subprocess
• Process Steps
During role mapping, end users are identified and assigned to a learning path
Learning paths include both web-based and instructor-led courses
End users complete the learning paths in sequence and must pass
certification at the completion of each instructor-led course
Training Schedules and End User Access Ids are Enabled by the
Role Mapping and Scheduling Tool (RMS)
Business
Businessroles
roles Role
Rolelearning
learningpaths
paths End
Endusers
usersby
byname
name
Role RMS
Role Mapping
Mapping and
and
Scheduling
Scheduling Tool
Tool
Role
Rolespecific
specifictraining
trainingschedules Link
schedules Linkto
tosecurity
securityfor
foruser
useraccess
accessids
ids
Understand the roles assigned Assist role mappers in Understand the transactions
to the end users that they are answering questions assigned to the roles that
responsible for mapping regarding access required for they own
Review the roles with the first end users’ jobs Ensure that the end users
line managers if unsure about Agree with the role mappers assigned to the roles should
the tasks the end users assignments of their direct have access to that role
performs in their individual reports Formally approve in the RMS
jobs
Formally validate their direct tool the assignment of the
Make any required additions reports in the RMS tool end users roles
or deletions to the
assignments based on the end
users’ tasks required to
perform their jobs
Ensure the first line managers
validate the role assignments.
Allows for mapping of end users to roles, assigns required training, and schedules
course offerings all in one tool
Reduces the need to manage multiple spreadsheets and the potential for errors
Supports compliance through RMS reports documenting all internal end users as
well as their responsible role mapper and all approvals
Allows syncing end user data with LDAP data to maintain current end user
information and minimize changes
Creates the ability for role mappers will tomake any changes during the change control
period
Accessing RMS
Log into RMS using your user id and password and select your deployment
- http://dltds07.atlanta.ibm.com:9080/IBMRMS/login.jsp
Select the role you would like to map end user(s) in the “Role to Map” dropdown menu
- End users can be mapped to multiple roles required for them to perform their jobs
Check the box to the left of the name of each end user you would like to map to the
designated role and click the “Map” button
Brief weekly touchpoints for each role mapping process team scheduled by OCM
– OCM will generate status summary reports by Role Mapper to review progress
– Process Leads and Process Owners will be invited to help resolve any issues and
expedite mapping
– Provides dedicated time for Role Mappers to ask questions about the roles, RMS tool,
and end users
OCM Team is available to provide additional support during the mapping process as needed
Once Manager validation begins, Role Mappers will no longer have access to the system
to make changes and must contact the Role Mapping Lead
OCM
Next Steps Role Mapping Team
End User Managers
September October November December January Feb March
Manager
Training
Manager
Validation
Last Date
Change Control Process stop
For Changes
GO LIVE
Q&A