Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Revoke rights

Go to solution
Former Member

‎02-25-2009 6:32 AM

0 Kudos

Hi,

1. How to revoke all basis rights with objects for all users role ?

2. How to confirm the same ?

3. Is there any list of commands used in Basis ?

Thanks in advance

1 ACCEPTED SOLUTION

Go to solution
jurjen_heeck
Active Contributor

‎02-25-2009 7:12 AM

0 Kudos

> 1. How to revoke all basis rights with objects for all users role ?

You cannot. SAP security is about allowing stuff, not denying. You'll have to build a new role with the proper rights.

>

> 2. How to confirm the same ?

I do not understand this question, what do you mean?

>

> 3. Is there any list of commands used in Basis ?

There are many lists and I think the list does not exist but if you take a look at the SAP standard roles beginning with SAP_BC_ you can get an idea about SAP transactions and authorizations needed for basis tasks.

4 REPLIES 4

Go to solution
jurjen_heeck
Active Contributor

‎02-25-2009 7:12 AM

0 Kudos

> 1. How to revoke all basis rights with objects for all users role ?

You cannot. SAP security is about allowing stuff, not denying. You'll have to build a new role with the proper rights.

>

> 2. How to confirm the same ?

I do not understand this question, what do you mean?

>

> 3. Is there any list of commands used in Basis ?

There are many lists and I think the list does not exist but if you take a look at the SAP standard roles beginning with SAP_BC_ you can get an idea about SAP transactions and authorizations needed for basis tasks.

Go to solution
Former Member
In response to jurjen_heeck

‎02-25-2009 8:48 AM

0 Kudos

start with taking away all S_ objects from all roles, that will be to much, but you can add them when wanted.

Still i agree with jurjen this is a stange approach to sap Security

Go to solution
Former Member
In response to jurjen_heeck

‎02-25-2009 11:04 AM

0 Kudos

Hi,

Thanks for your reply ,

I just wants to give all rights to any user except basis . No bady should able to run any basis transection .

1. Is there any predefined role in the system for my requirement ?

2. if it is not there , where I can get all the list of transection except basis ?

3. One more question . I have to give spro read only rights to any user in production and quality server .

what will be the procedure ?

Thanks

Go to solution
jurjen_heeck
Active Contributor
In response to jurjen_heeck

‎02-25-2009 11:40 AM

0 Kudos

For all three of your questions the forum search is the best answer.

Building roles bases on SAP_ALL minus critical transactions/objects has been discussed several times here. The general opinion here is that no one needs "all transactions except basis" since that would be tens of thousands of transactions.......so no, such a role does not exist.

Besides that, security on transaction level is a bad idea in itself.

A search for "spro display" will also give you several discussions on that subject. Here as well, take into account that the transaction SPRO is nothing but an entry point to an enormous wealth of functionality, each and every one of them with its own security issues.

Happy hunting!

Jurjen