- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- why multiple profiles per authorization obj. in pf...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
why multiple profiles per authorization obj. in pfcg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2011 9:45 PM
Hi,
In PFCG for a specified role, you can display authorizations. In this screen, you can add authorization objects and modify them. My question is, for some authorization objects, for example C_PRPS_ART, there can be multiple profiles, each showing the same thing. i.e. for *, allow 'change and display'.
What is the reason for this? Also if one profile allowed only '02 - display' and a second profile allowed 'all values', the second profile would overwrite the first?
Thanks for clearing this up,
Edited by: pistols123 on Mar 11, 2011 10:45 PM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2011 10:35 PM
Hi (Sorry I just can't bring myself to call you your ID - a real name would be nice)
Looking at your other postings you appear to have an FI background? The reason for multiple auth objects is due to SU24 or manually added objects (generalism) - they may or may not be doing different things depending on the clarity of the S&A documentation.
If the same objects are supporting different transactions and they have been set to check/maintain in SU24 then these are included in the role you are investigating. I noticed that you mentioned adding an object in another thread but it wasn't clear how you did this - please colud you confirm if you are using SU24 or using SU53's'on the fly'?
Cheers
David
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2011 10:35 PM
Hi (Sorry I just can't bring myself to call you your ID - a real name would be nice)
Looking at your other postings you appear to have an FI background? The reason for multiple auth objects is due to SU24 or manually added objects (generalism) - they may or may not be doing different things depending on the clarity of the S&A documentation.
If the same objects are supporting different transactions and they have been set to check/maintain in SU24 then these are included in the role you are investigating. I noticed that you mentioned adding an object in another thread but it wasn't clear how you did this - please colud you confirm if you are using SU24 or using SU53's'on the fly'?
Cheers
David
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2011 10:43 PM
Actually those are multiple authorization instances per object of the same role. Profiles don't count for mzch anymore and manually naming them is a sign of not having read the docs
As indicated by David, the status and type of the authorization is more important but also does not really count in number.
That they are repeatedly correct is important --> SU24.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2011 7:32 AM
