Solved: Modifying Roles in PRD

Former Member · ‎03-12-2009

Hi all

I've restricted changes to the PRD system through Systems Change Option ie SE06 & Client Change Option ie SCC4. Despite this I notice it is possible for some users to modify roles in PRD via transaction PFCG.

How do I resctricted access to transaction PFCG by making it read only in PRD ?

Regards

former_member603052 · ‎03-12-2009

Hi Joseph,

Select the Roles having PFCG and change the field values of S_USER_AGR object to 03 only(which is display roles and remove all other values) and S_USER_PRO object to 03 (profiles can only be displayed)

Regards,

Kalyan

Former Member · ‎03-12-2009

Hi,

First of all System change setting using SE06 & SCC4 is not used to restrict role changes. Roles are client dependent. SE06 -->system change is used to change client independant objects.

Other than security team nobody should have access to tcode PFCG. First remove tcode PFCG from all end user roles in Dev system. Transport it to QA system & after successful testing import it to Production. Never change any role in prod system directly.

Find out which are the roles which contains tcode PFCG & then remove it from S_TCODE.

Hope this helps.

Thanks,

Sushil

Modifying Roles in PRD

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

Re: Connecting SAP CAP with SAP Cloud ALM

How to use CopyProvider on Table created by TypeSc...

How to execute/fire onPost when user press enter o...

Re: Connecting SAP CAP with SAP Cloud ALM

Re: How can assign in Identity Authentication Serv...