Solved: User Comparison Not Performed - Does this remove p...

Former Member · ‎03-31-2010

Dear Experts,

This may seem a strange question, but hopefully one that can be asnwered easily.

I urgently need to know if a role has been changed and transported to the live system (ECC 6.0) and the user comparison has not been done does this remove all access to the authorisations in the role. Or does it just prevent the changes to the role from taking place?

The reason I ask is that a role has been changed in our UK system by someone in Europe without permission and its showing red against the user names, I need to know if I should perform this to enable users to access other transactions etc assigned to this role or if I should leave it so the changes which are incorrect do not take place?

Thanks for any help.

Nicnac

Former Member · ‎03-31-2010

Hi,

If The chnages are already into production

If you do user comparison, the chnages will be applied to users.

If not done they will have access as before changes

hope this helps

Former Member · ‎03-31-2010

Hi,

If The chnages are already into production

If you do user comparison, the chnages will be applied to users.

If not done they will have access as before changes

hope this helps

Former Member · ‎03-31-2010

Hi Trupti,

So the user will not be able to run any changes made but will still have access to previous authorisations?

Thanks

Nicnac

Former Member · ‎03-31-2010

Nicnac,

You can refer to the following forum thread for more information in addition to my comments below.

http://help.sap.com/saphelp_bw21c/helpdata/en/52/6711ec439b11d1896f0000e8322d00/content.htm

My thoughts are this, have you compared the role in production to dev/quality for authoriations differences and reverted these chagnes? Why are changes allowed directly in production or unapproved changes via transports allowed to be imported? Do you have "PFUD" job scheduled daily to run this user comparison automatically?

I believe that if you run the user comparision that means the next time the user logs into the system the generated authorizations will be available to the end user.

Thanks,

Matt

Former Member · ‎03-31-2010

Hi Matt,

Thanks for your help.

I have compared the roles and we have decided to create a temporary role which will be assigned to the users until we get the correct sign off for the original role.

As to why the changes made it through, well the company have a separate UK change control process and a separate European one. I am trying to get this changed to one change control board meeting for which a representative from each area has to be present.

Regarding the PFUD again this is something I have challenged but so far the question has been avoided. I do have a meeting in Europe soon where I will address all of my concerns!

Thanks for your help.

Nicnac

arpan_paik · ‎04-01-2010

Hi Ninac,

As the role is shown in red in user profile that means users does not have access to this role at all. However the changes made by that unauthorized guy is present in production system. Once you do user compare users assigned to that role will get access to the role with all new changes made in place. Here are the things that you need to take care.

1) Revert the changes made by unauthorized user and transport it to production system again.

2) Restrict any access to modify role for any users who are not suppose to modify role in your system. It should be the 1st Security implementation you should take care.

Arpan

Former Member · ‎04-01-2010

Thanks for all your answers.

User Comparison Not Performed - Does this remove previous Authorisations?