cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP_ALL authorization can't be used

Former Member

on ‎08-14-2008 1:57 PM

0 Kudos

Dears:

The auditor tole me we can't use sap_all for basis administrator. If your company also has the same situation with me? If we can't use sap_all for basis administrator, so what role should we have so that we will not have authorization restrict?

I check there are lots are sap basis role in SAP_BC*. So should i need to copy all of them to a composite role and assign to myself?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
‎08-16-2008 2:19 AM
0 Kudos

Dears:

Thanks for your reply again. I think i will try to define my job and assign some Basis role to it.

By the way, now i want to know how to create a customize role copy from SAP_ALL. In PFCG, i try to find the singal role SAP_ALL*, but i can't find this role in SAP, so i can't copy a customize role from it.

Is there anyone know how to do SAP_ALL copy?

Show replies
Show replies
mario_marschall
Participant
‎08-18-2008 10:09 AM
0 Kudos

SAP_ALL is not a role, but a profile. You could build a new role in PFCG (with any name you like) and in the authorization editor select SAP_ALL as a template (if your role is empty, a box will pop up providing multiple templates). Then all the authorizations can be customized.

Former Member
‎08-15-2008 11:39 AM
0 Kudos

I would recommend you to first define the scope of your work.

Like security, fine tuning, Transport and basic administration/Monitoring and accordingly you can create a role and assign respective classes and t-codes to that role

Regards

Show replies
Show replies
Former Member
‎08-15-2008 5:20 AM
0 Kudos

Dears:

Thanks for your reply. So if as Sandeep Nayak said we can copy SAP_ALL to a customize profile. But SAP_ALL is not a role, just a profile, so how can we do the SAP_ALL profile copy?

By the way, if copy the sap_all profile to a customize profile, which can pass the audit or not?

Show replies
Show replies
JPReyes
Active Contributor
‎08-15-2008 7:51 AM
0 Kudos

You can create a role using an authorization template... one of the templates is SAP_ALL.

Regards

Juan

mario_marschall
Participant
‎08-15-2008 9:35 AM
0 Kudos

If you make an exact copy of SAP_ALL it probably won't pass your audit as well.

I'd recommend you do that copy and afterwards deactivate or decrease some authorizations which you know you won't need. We have a similar concept in our company and have mainly authorizations in the BC_C and BC_Z branches, but no specific authorizations e.g. in the HCM and FI departments.

former_member682089
Participant
‎08-15-2008 2:35 AM
0 Kudos

Hi,

You can copy the SAP_ALL role to some custom role and use that if you want sap_all authorization else you create a custom role with neccessary authorization.

Regards,

Sandeep Nayak

Show replies
Show replies
Former Member
‎08-14-2008 8:56 PM
0 Kudos

This will vary from company to company as it depends upon what your basis administrator is responsible for. Bottom line you will need to create a role with specific access for basis.

One way to do this in creating the role is to use the SAP menu - under the "tools" menu and select the areas that you think you need access to.

Show replies
Show replies
Former Member
‎08-14-2008 5:14 PM
0 Kudos

Hi,

We have the same situation in our company also.

So we created a custom role by adding necessary roles,tcodes, auths, auth objects etc, and after serveral testing confirmed a role for a basis person.

Show replies
Show replies
Ask a Question