on 03-12-2009 6:10 AM
Hi all
I've restricted changes to the PRD system through Systems Change Option ie SE06 & Client Change Option ie SCC4. Despite this I notice it is possible for some users to modify roles in PRD via transaction PFCG.
How do I resctricted access to transaction PFCG by making it read only in PRD ?
Regards
Hi Joseph,
Select the Roles having PFCG and change the field values of S_USER_AGR object to 03 only(which is display roles and remove all other values) and S_USER_PRO object to 03 (profiles can only be displayed)
Regards,
Kalyan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
First of all System change setting using SE06 & SCC4 is not used to restrict role changes. Roles are client dependent. SE06 -->system change is used to change client independant objects.
Other than security team nobody should have access to tcode PFCG. First remove tcode PFCG from all end user roles in Dev system. Transport it to QA system & after successful testing import it to Production. Never change any role in prod system directly.
Find out which are the roles which contains tcode PFCG & then remove it from S_TCODE.
Hope this helps.
Thanks,
Sushil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.