User making direct changes to PRD system

My enviroment is ERP 6 ABAP /Oracle 10G/Solaris 10

Some of my superusers are fond of making direct changes to PRD (as opposed to DEV & then transport via the landscape) though changes in PRD system have been restricted through client change options SCC4 & system change option SE06

I suspect the said users have ROLE with powerful authorizations that they ought not to have.

Kindy advice what I should look for the users roles or how I can go about to harden PRD system aganist direct changes


Edited by: Andale J on Sep 29, 2010 12:10 PM


As a best practice always work with Security Matrix designed at the time of Implemenation :

Just keep this below points:

1) Create Roles / Authorizations only with specific job function / job roles (PP,MM,SD,FI,CO,PM,PS etc)

2) Study about the Job function User level (on Organization level) and assigned only roles / authorization ex Purchase dept - MM roles, Production dept - PP roles , Finance dept - FI roles It may be possible that a user may be responsible to run cross function modules (MM,SD,PS,FI)

3) Before finalizing the roles always check for BC* object responsible for BASIS activites and deactivate it

4) As a best practice for handling critical / authorizations create seperate role like - Transports,Table / program access only display this can help you to handle this cetrall rather than going each roles


0 View this answer in context