on 08-14-2008 1:57 PM
Dears:
The auditor tole me we can't use sap_all for basis administrator. If your company also has the same situation with me? If we can't use sap_all for basis administrator, so what role should we have so that we will not have authorization restrict?
I check there are lots are sap basis role in SAP_BC*. So should i need to copy all of them to a composite role and assign to myself?
Dears:
Thanks for your reply again. I think i will try to define my job and assign some Basis role to it.
By the way, now i want to know how to create a customize role copy from SAP_ALL. In PFCG, i try to find the singal role SAP_ALL*, but i can't find this role in SAP, so i can't copy a customize role from it.
Is there anyone know how to do SAP_ALL copy?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would recommend you to first define the scope of your work.
Like security, fine tuning, Transport and basic administration/Monitoring and accordingly you can create a role and assign respective classes and t-codes to that role
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dears:
Thanks for your reply. So if as Sandeep Nayak said we can copy SAP_ALL to a customize profile. But SAP_ALL is not a role, just a profile, so how can we do the SAP_ALL profile copy?
By the way, if copy the sap_all profile to a customize profile, which can pass the audit or not?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you make an exact copy of SAP_ALL it probably won't pass your audit as well.
I'd recommend you do that copy and afterwards deactivate or decrease some authorizations which you know you won't need. We have a similar concept in our company and have mainly authorizations in the BC_C and BC_Z branches, but no specific authorizations e.g. in the HCM and FI departments.
Hi,
You can copy the SAP_ALL role to some custom role and use that if you want sap_all authorization else you create a custom role with neccessary authorization.
Regards,
Sandeep Nayak
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This will vary from company to company as it depends upon what your basis administrator is responsible for. Bottom line you will need to create a role with specific access for basis.
One way to do this in creating the role is to use the SAP menu - under the "tools" menu and select the areas that you think you need access to.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
We have the same situation in our company also.
So we created a custom role by adding necessary roles,tcodes, auths, auth objects etc, and after serveral testing confirmed a role for a basis person.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
94 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.