09-11-2009 7:46 PM
Hi Guys,
Can anyone please guide me or route me to the right direction to collect right t-codes for (Basis, security and Developer) support roles. I know the major t-codes for the above mentioned support roles. But I do like to know if I can get the correct or at least 80% to 90% t-codes that would be use in production.
Thanks in advance
Faisal
09-11-2009 9:57 PM
Take help of SAP templates while deciding and creating your custom roles. That is why they are there for ..for example ..
SAP_BC_AUTH_DATA_ADMIN Authorization Data Administrator
SAP_BC_AUTH_PROFILE_ADMIN Authorization Profile Administrator
SAP_BC_BASIS_ADMIN System Administrator
SAP_BC_BASIS_MONITORING System Administrator - Display Monitoring Data
SAP_BC_BATCH_ADMIN Background Processing Administrator
SAP_BC_BDC_ADMIN Batch Input Administrator
SAP_BC_DWB_ABAPDEVELOPER ABAP Developers
SAP_BC_DWB_PROJECT_MANAGER Development Project Leader
SAP_BC_DWB_WBDISPLAY ABAP Developer: Display Authorization
SAP_BC_ENDUSER Noncritical Basis Authorizations for All Users
09-11-2009 8:27 PM
Development access should not be there in production system. Basis and Security tcodes can be googled.
09-14-2009 1:31 PM
Thank you so m,uch guys, Really helpfull information,
I do have some confussion about Developer access in production. I guess they need at least little bit of access in production because they are the one who's going to use custom transaction that they created in Dev for Conversion. I'm not sure why we shouldn't grant access to Developter even though my developer sadi that some of the conversion custom tcodes they created they need it in production.
please provide your feedback
Thanks in advance
Faisal
09-14-2009 1:45 PM
as ageneral rule ONLY give display access to these people in PRODUCTION. And then wait for them to give you TRX they need including a reason and if in doubt have a manager approve before granting the access.
Basis consultants do need wide acces BUT NEVER to business TRX
09-14-2009 1:52 PM
Hello Faisal,
Simply have a list of illegal tcodes and NEVER give them SAP_ALL, even if the ask for it. If they do ask for it or say that they cannot work without it, then take their DISPLAY_ALL access away for 1 week as punishment.
Kind regards,
Julius
09-11-2009 8:34 PM
You will be better off relying on the SU24 proposals that trying to do it on your own, to be honest.
Choose the transactions carefully and try to stick to the standard SAP roles in copies of your own, and have a list of objects (with values) which are not allowed in some systems of the landscape to do a sanity check on it.
Eventually you can tune SU24 to your requirements. Please read the documentation on the transactioon (and the FAQ thread at the top of the forum).
Cheers,
Julius
09-11-2009 9:57 PM
Take help of SAP templates while deciding and creating your custom roles. That is why they are there for ..for example ..
SAP_BC_AUTH_DATA_ADMIN Authorization Data Administrator
SAP_BC_AUTH_PROFILE_ADMIN Authorization Profile Administrator
SAP_BC_BASIS_ADMIN System Administrator
SAP_BC_BASIS_MONITORING System Administrator - Display Monitoring Data
SAP_BC_BATCH_ADMIN Background Processing Administrator
SAP_BC_BDC_ADMIN Batch Input Administrator
SAP_BC_DWB_ABAPDEVELOPER ABAP Developers
SAP_BC_DWB_PROJECT_MANAGER Development Project Leader
SAP_BC_DWB_WBDISPLAY ABAP Developer: Display Authorization
SAP_BC_ENDUSER Noncritical Basis Authorizations for All Users