Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Locking the quality server but allowing to create local objects.

Former Member

‎12-09-2008 12:27 PM

0 Kudos

Hi ,

Problem we are facing is many people are creating the transport request in quality server and moving it to PRD and the same change is not present in the development server.

The basis guys cant block the quality server in SCC4 because then the even the abapers cant create any local objects.

So is there any way so that we do not allow creating of TR's but in turn allow the abapers to create the local objects.

Regards,

Pooja

10 REPLIES 10

Former Member

‎12-09-2008 1:57 PM

0 Kudos

just do not give to wide access, create roles for every type of user instead of giving SAP_ALL

Former Member

‎12-09-2008 2:14 PM

0 Kudos

Hai,

Try to find out the users who are doing the changes directly in Quality system, you can find out them in SE10 who have created Transport requests, then check their access using SUIM and restrict their access by editing their profiles.

It is always better to give restricted access to users.

You have also mentioned that many users are creating requests and moving them to Production, this seems to be peculiar, normally you will not find this kind of activity in any organisation keeping in mind the consistency of the data in Production system.

You can deactivate the Basis authorization objects for these users who release requests and Transport them to Production.

As you know Transporting is the activity of Basis admins and not the users in the system.

So you can restrict them by deactivating the BC - Basis Administration object class.

Hope this helps.

Regards,

Yoganand.V

jurjen_heeck
Active Contributor
In response to Former Member

‎12-09-2008 2:27 PM

0 Kudos

> So you can restrict them by deactivating the BC - Basis Administration object class.

Allthough basically right I find this one a bit crude. Deactivating a whole object class may trigger unwanted side-effects.

Transport authorizations concentrate around the objects S_TRANSPRT and S_CTS_ADMI. To find out which other objects are also relevant have a look at the proposal values for SE10 and STMS in transaction SU24.

morten_nielsen
Active Contributor

‎12-09-2008 7:15 PM

0 Kudos

Hi

Just wondering why ?

.....but in turn allow the abapers to create the local objects.

Why not just ask the abapers to create there report on Dev and transport them to QA ? I can't think of any reason for opening QA for development local or not, except in very few very special cases.

If your allowing your abapers to create Cross-Client development on QA, you can't ensure a consistent environment for testing, and it will not be possible for you to work with "live" data (test of data loads, etc) on your QA system i a secure way.

Regards

Morten Nielsen

Former Member
In response to morten_nielsen

‎12-10-2008 6:46 AM

0 Kudos

Hi,

Thanks for ur reply.

Need to allow abapers to create local objects is due to the fact that no data is there for testing in dev server and they are creating lot of Transport requests as they are not able to check in dev server.

Regards,

Pooja

Former Member
In response to morten_nielsen

‎12-10-2008 7:12 AM

0 Kudos

Hi,

As I understand, you want to restrict client specific customizing done by functional team (thereby not allowing any customizing request generation) and allow cross client customizing (workbench request). But please be aware that certain modules do have cross client customizing as well.

The best approach is to lock the client in quality server and allow developments in only DEV. For data, we have followed a small amount of data upload in DEV. Otherwise, you'll need to maintain proper authorizations.

regards, Sean.

morten_nielsen
Active Contributor
In response to morten_nielsen

‎12-10-2008 7:41 AM

0 Kudos

Hi

In that case I would recommend that you create a sandbox client on your development system with data (could be at client copy from QA or.... ). ABAP is cross client so development in one client can be tested in the sandbox client immediately - and if needed you can "move" customizing request without releasing them with SCC1

Regards

Morten

Former Member
In response to morten_nielsen

‎12-10-2008 7:31 PM

0 Kudos

Vital answer isstill missing--> Settingson to SCC4? did you make them as suggested ?

Former Member
In response to morten_nielsen

‎12-10-2008 10:04 PM

0 Kudos

Very good and valid remark, for a QAS client.

Former Member

‎12-09-2008 8:40 PM

0 Kudos

Hi Pooja

First of all you need to review your transport strategy, it needs to be starting from Dev-----> QA--

> Prod and you need to lock the clients accordingly in SCC4.

I am not sure what options have been in SCC4 but the best place to decide whether the objects created or modified in the client is transported or not is SCC4.

If you dont want them to transport but create local objects, you can choose these options:

Changes w/o automatic recording , no transports allowed

and

No changes to cross client customizing objects

The above one should work.

If still that doesnot work then you can restrict them at the authorisation object level.

1. You can restrict the user using S_CTS_ADMI. Go through that authorisation object and identify which you would need to restrict.

2.You can also restrict using S_TRANSPRT.

Go through the above two authorisation object and you would be able to do it.

Thanks and regards

Arun R