- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Alternative to PFCG?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alternative to PFCG?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2009 5:53 PM
Hi all,
I have a user who is an HR authorizer and wants to see the contents of roles for assignment to users. They used to be able to view the contents of profiles with ZTRAN_TO_PROFILES but now in 5.0 our new roles do not allow them to see that. I tried giving the person ZTRAN_TO_ROLES, however it's saying that they need PFCG to view the contents.
Does anyone know an alternative tcode to PFCG that will allow some kind of "display only" authorization for this user to view role contents?
I haven't found any so far and any help would be much appreciated.
Thanks!
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2009 6:16 PM
If your custom Z-tcode is using parts of the PFCG coding, which is now performing a stricter check on S_TCODE, then this will typically be done using function module AUTHORITY_CHECK_TCODE in the application coding (search the forum for more infos about the FM and what it does).
A possible solution is to go to transaction SE97, and there define for PFCG that your Z-tcode is "coupled" to it and the check may be successfull (flag "no check").
This way the user can indirectly use the PFCG coding only if their calling context is sy-tcode = 'ZTRAN_TO_PROFILES' but they cannot start nor call transaction PFCG directly.
Cheers,
Julius
ps: Why don't you use one of the SUIM reports from a z_transaction with a variant, or a selection screen of your own which submits the SUIM report with the parameters you want?
Edited by: Julius Bussche on Feb 23, 2009 7:20 PM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2009 6:09 PM
>
> Hi all,
>
> I have a user who is an HR authorizer and wants to see the contents of roles for assignment to users. They used to be able to view the contents of profiles with ZTRAN_TO_PROFILES but now in 5.0 our new roles do not allow them to see that. I tried giving the person ZTRAN_TO_ROLES, however it's saying that they need PFCG to view the contents.
>
> Does anyone know an alternative tcode to PFCG that will allow some kind of "display only" authorization for this user to view role contents?
>
> I haven't found any so far and any help would be much appreciated.
>
> Thanks!
Check the following table in SE16.
AGR_USERS
AGR_1251
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2009 6:16 PM
If your custom Z-tcode is using parts of the PFCG coding, which is now performing a stricter check on S_TCODE, then this will typically be done using function module AUTHORITY_CHECK_TCODE in the application coding (search the forum for more infos about the FM and what it does).
A possible solution is to go to transaction SE97, and there define for PFCG that your Z-tcode is "coupled" to it and the check may be successfull (flag "no check").
This way the user can indirectly use the PFCG coding only if their calling context is sy-tcode = 'ZTRAN_TO_PROFILES' but they cannot start nor call transaction PFCG directly.
Cheers,
Julius
ps: Why don't you use one of the SUIM reports from a z_transaction with a variant, or a selection screen of your own which submits the SUIM report with the parameters you want?
Edited by: Julius Bussche on Feb 23, 2009 7:20 PM
- SAP Managed Tags:
- Security
