Thanks for your answer Julius, but I donu2019t have the u201CApplication Helpu201D installed, so my red u201C?u201D does not work. Anyway, I have read SAP notes, help.sap.com, SAP materials ADM940 and ADM950, etc, and my doubt is about the difference between u201Capproved by system administrationu201D and u201Capproved by departmentu201D. I understand that the only difference is that each one requires different authorization values (TADM or QTEA), so we can segregate the options using authorizations profiles. We have much more authorizations with tadm value (such as execute tp command), e with qtea just approve transports.

About the u201Crequest owneru201D option, it was my previous configuration, and I know how it works u2026 :).

Thanks

Alex

Activating the "approved by department" means that it is "sufficient" to perform the QA approval step with authorization value QTEA.

TADM also still works for system admins (e.g. basis guys in client 000, etc...) so you will need to take away this stronger authorization for the more granular control to be available for the users who are to be limited to it.

Typically, this is the QA department, who typically do procedural type of checks, and typically don´t have anything to do with tp...

What was wrong with the "request owner"? Too complicated? User´s changing the owner?

If I remember correctly, you cannot remove the system admin check - you need to remove the access.

Cheers,

Julius

Thatu2019s ok now. u201CApproved by departmentu201D means that only the authorization value QTEA is necessary to approve requests in QA.

We had to change the step u201Cby request owneru201D because of SOx procedures. There is a SOx ITGC Control where users who create requests in DEV systems cannot approve them in QA. It is to segregate the access to promote changes to Production system.

Thanks

Alex