Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SAPALL for customizing (in some module)

Former Member
0 Kudos

Hello,

I found some post with a similar question....so now I know for example that all the profiles that begin SAP_MM* (transaction PFCG) are profiles standard SAP for give all the authorization for the module MM.

My question is: with this profiles I give to the user also the authorization to the customizing for the specific module (example: MM) ??

(I don't want to give the sap all profile (valid for all the SAP) but I want to restrict the customizing for the specific modules.

thank you beforehand

1 ACCEPTED SOLUTION

Colleen
Advisor
Advisor
0 Kudos

Hi Alessandra

The SAP_MM* ones are more to do with end user functionality and not configuration access.


I want to restrict the customizing for the specific modules.

How are you trying to restrict access? Do you mean you want to limit users within the SPRO to certain IMG activities only?

If restricting on IMG search information for using PFCG > Create single role > Utilities > customizing auth (at a minimum look at the sap help information in PFCG for this).

Glad you don't want to grant SAP_ALL. However, to provide cut down IMG access you will need to look at all the tables for the S_TABU* access where it is a SM30 call.

Regards

Colleen

6 REPLIES 6

Colleen
Advisor
Advisor
0 Kudos

Hi Alessandra

The SAP_MM* ones are more to do with end user functionality and not configuration access.


I want to restrict the customizing for the specific modules.

How are you trying to restrict access? Do you mean you want to limit users within the SPRO to certain IMG activities only?

If restricting on IMG search information for using PFCG > Create single role > Utilities > customizing auth (at a minimum look at the sap help information in PFCG for this).

Glad you don't want to grant SAP_ALL. However, to provide cut down IMG access you will need to look at all the tables for the S_TABU* access where it is a SM30 call.

Regards

Colleen

Former Member
0 Kudos

Hi Alessandra,

As suggested by Colleen, you have to check and give S_TABU* with SM30 and also SM34 for cluster view access.

As SPRO is cockpit, there is no method to allow access for all transactions or module specific transaction, the only way left is to identify transactions separately.

You can opt to create module specific Z roles which included SM30, SM34 along with S_TABU* plus module specific configuration transactions.

BR,

Mangesh

0 Kudos

In addition to S_TABU_DIS (also: check out S_TABU_NAM because most of the MM-tables are in the same range - so that might be an alternative) you can restrict access to the SPRO-tree to the MM-functionalities by not granting authorization for transaction SPRO, but just for the specific menues like OLME, OLMSRV etc.

Or, you can go a little out of your way and use Customizing Projects in transaction SPRO. Create a project, assemble the MM-tree you want in the project and assign the people working on that project. This has the additional benefit of collecting all the transports to that project - which you can see from the project view (extremely helpful! you never forget a transport when going live! this helped me a lot in the past). Here's the documentation, in case you're interested in this tool. Needless to say, your authorization problem can be solved this way: by granting access only to that one project.

0 Kudos

Hi Mylene,

How to give authorizations for menues? by making user menues mandatory? or do you have other solution?

BR,

Mangesh

0 Kudos

Not necessarily, no. OLME for example is just another transaction. Many of the customizing "trees" in SPRO have transaction names. Check out in SE93 O*.

0 Kudos

Aha, thanks.