Profiles for Basis Admins
Does anyone have a list of transactions that would be considered adequate for a basis administrator on a production system, which would allow them to do all the work they may need to without logging in with a sap_all id?
What is the best practice for access for basis in production?
Subramaniam Iyer replied
I think idea here should be to understand the process more than giving actual values for such kind of posts. If, Lee were to make a role directly based on these tcodes what would be his justification as a security consultant for having provided these values.
Every company would have its own unique policy for authorizing Basis consultants.
Some may want the consultants to be authorized with relevant tasks like system admin or database admin or security admin or user admin seperately.
While some may want these tasks to combined by one group of consultants.
I would also want to provide the display access to all functional tcodes to the security roles as it may be needed more often or not to solve the authorization issues.
I would rather stick to the security policy of my company and the job rrequirements of the consultant when designing these roles.