Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

providing all authorisations except basis transaction codes

former_member105207
Active Participant

‎10-10-2008 1:21 PM

0 Kudos

Dear all,

I am planning to give SAP_ALL authorisation to users in the system.

but I need to restrict such that they dont have access to critical basis t-codes like (SU01, PFCG, SCC4 etc..)

Can you pls let me know how to perform the same.

Is there any predefined roles to do the above....

I am using an ECC 6 server. This is a normal test server.

Any suggestions and ideas are warmly appreciated.

Regards,

chandru.

6 REPLIES 6

jurjen_heeck
Active Contributor

‎10-10-2008 1:36 PM

0 Kudos

> Any suggestions and ideas are warmly appreciated.

Use the forum search please.

Former Member

‎10-10-2008 1:39 PM

0 Kudos

Hi Chandru,

I think there is no predefined role as such.

The best way is to create a role which will be SAP_ALL minus Basis.You need to copy all the authorizations from SAP_ALL profile template and work on removing all the Basis tcodes and Authorization objects in the new role.

You can actually filter all important Basis tcodes that fall into the following categories and no one else except Basis team should have it:

User Administration

System Administration

Transport Administration

Archiving

Basis Development

It will be a tedious exercise but it is worth so that you make sure that no other user will get these authorizations.

You may need to take help of Basis team in identifying the Basis tcodes, Authorization objects and so forth.

Hope this helps,

Regards,

Kiran Kandepalli.

Former Member

‎10-10-2008 4:31 PM

0 Kudos

Is it possible that you might also soon be looking for "Display All" role and a "SPRO Only" role? These are often found together with the "SAP_ALL minus Basis" role...

There are a number of threads on this topic already. Let us know which option you take.

Cheers,

Julius

Former Member

‎10-10-2008 5:29 PM

0 Kudos 
I am planning to give SAP_ALL authorisation to users in the system.
but I need to restrict such that they dont have access to critical basis t-codes like (SU01, PFCG, SCC4 etc..)

Sounds like

"I wanna give the Master Keys to all Rooms of the Building but want to take away some duplicate ones"

Nice Try.

Gp

former_member105207
Active Participant
In response to Former Member

‎10-13-2008 1:45 PM

0 Kudos

Hi Gopi,

Since this is a test server for us we want to provide our end users with access while restricting some basis critical t-codes so that it wouldnt impact much the already running system.

chandru

Former Member

‎10-14-2008 2:44 PM

0 Kudos

Hi Chandru ,

If you want have a customized role SAP_ALL and exlcude all BASIS and Security authorizations in the role following is one way of approach.

1) GOTO PFCG transaction and create a new role

2) Now go to MENU tab , here is transactions column , click on *FROM SAP MENU* and select all the fields except Admistration and CCMS options under TOOLS and now click on transfer.

3) this will transfer all SAP transaction codes in the system except BASIS and SECURITY transactions

4) Now go to authorization --> change authorization data .

Here inactivate the following :

BC_A --> Basis - Administration

BC_C --> Basis - Development Enviromment

BC_Z --> Basis Central Functions

And finally save and generate the role.

This will role will give you the access to all the SAP transactions of all the functions in the system except the critical modules BASIS and SECURITY.

Thanks & Regards

Kantikiran Duggirala