cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

if a user asking for authorisation of a t-code and the user has more than three roles.how do I know to which role I should assign the t-code ?

Go to solution
Former Member

on ‎06-20-2016 11:37 AM

0 Kudos

Hello!

I am new in authorization and roles.I am facing this problem user asking for t-code to assign but I couldn't understand among 5 roles to which role the t-code needs to be assigned.

Please help.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member201910
Participant
‎06-22-2016 7:31 AM
0 Kudos

hello Sarita,

Just to add Yuksel's

Search what module does the Tcode belong,

For example the user wants to add FS00 which includes in FICO module.

try to search if there are related authorization.

Anyway, what Tcode does the user wants to be assigned?
if it is okay to share.

Maria

Show replies
Show replies
Former Member
‎06-22-2016 7:40 AM
0 Kudos

Hi Maria,

One user is asking for T-code ZRLOT and another is for F110.

How will search for related authorization from where?

yakcinar
Active Contributor
‎06-22-2016 7:47 AM
0 Kudos

Hello Sarita,

SUIM is your first tool for seaching roles, users.

Use roles by complex selection criteria if you want to see the roles that has the tcode you asked.

Use users by complex selection criteria if you want to see the users who has the tcode you asked.

Regards,

Yuksel AKCINAR

former_member201910
Participant
‎06-22-2016 7:52 AM
0 Kudos

For F110 ids under FI-Financial Accounting,

Check the roles if there are related transactions like F110, FBL1N, etc

go to SUIM, under "Transactions" tick the icon beside (Executable for Role)

Type the specific role in the "With Role" Search box.

If you see some tcodes executable in a specific role.

I guess there is where you can add tcode F110.

Maria

Former Member
‎06-22-2016 7:54 AM
0 Kudos

Hello Sarita,

F110 transaction is related to SAP FI/CO  so please assign that transaction to the role related to FI.

and ZRLOT is a customized t-code, check the functionality of the t-code and assign it to the related role.

Z defined that the T-code is customized as per our requirement.

Answers (4)

Answers (4)

Former Member
‎06-22-2016 11:27 AM
0 Kudos

Thank you all for such helpful informative solutions.

Show replies
Show replies
former_member185488
Participant
‎06-22-2016 11:55 AM
0 Kudos

Hi Sarita,

If a user comes up with any transaction then proceed with the below steps,

1. Decide first whether the transaction belongs to which module.

2. Once you identify the module then you can easily select the reference role or single role to add.

3. Every customer will have different naming conventions out of which you can easily pick a role to add.

For Z* transactions,

Z* transactions are customized transactions and you can discuss with Functional teams before adding if you have any doubt.

Regards,

Jegan Raj

Former Member
‎06-22-2016 6:43 AM
0 Kudos

Hello Sarita,

First of all you should be knowing that the User belongs to which Category and whether he really needs it.

- Development or FA or SD etc.

- Is the T-code is necessary for his daily work.

- Ask him to send SU53 Screenshot and check.

- Also check with Basis the RISK of the Role or Transaction.

- After verifying all these - Assign him the proper T-code.

Show replies
Show replies
Former Member
‎06-22-2016 6:54 AM
0 Kudos

Yes, I have checked those categories but the issue is with the roles.I mean to which role the t-code needs to be assigned as the user has many roles.

Former Member
‎06-22-2016 7:07 AM
0 Kudos

Hello Sarita,

Go to those roles and check whether any related transaction is present in there to the transaction he is asking.

- Like Display and Change.

- Check if it is display access or change -  Check all the 5 roles for this. If he has any related T-code

else you can create a new role and assign the Transaction to the newly created role once you find its really needed to him for his daily work.

yakcinar
Active Contributor
‎06-22-2016 7:11 AM
0 Kudos

Hello Sarita,

As I said in previous answer functional teams or data owners must decide about the roles and assigned transactions.

If you cannot find a responsible person, check the transaction's module and select one of the related role of that user and assign it. You can also select a role that is not assigned to that user and has the required transaction.

A lot of roles with signle transactions are not recommended of course.


Regards,

Yuksel AKCINAR

former_member201910
Participant
‎06-22-2016 6:36 AM
0 Kudos

Hi Sarita,

First, I guess you have to seek recommendations or help from the BASIS Guys.

They have role list and they are the one who should decide for this.


Question, are you going to add the single t-code to only 1 user?

If yes, the safest way to add the tcode is to make a new role and add the t-code. just like what Yuksel said.

Show replies
Show replies
Former Member
‎06-22-2016 7:00 AM
0 Kudos

Say, two separate users use a single role along with other roles.how will I know which user ids using the particular role?

Is there any particular procedure to determine which t-code should be assigned to which role apart from asking basis person.

yakcinar
Active Contributor
‎06-20-2016 2:41 PM
0 Kudos

Hello Sarita,

Technical teams must not decide which roles should be given to a user.

This selection should be done by functional teams or data owners (busines).

If there is no one for this decision you could decide according to risks of the roles.

If you see all of them are risky create a new role for the transaction or assign the transaction to one of the roles that the user has.

Regards,

Yuksel AKCINAR

Show replies
Show replies
Former Member
‎06-22-2016 7:00 AM
0 Kudos

If I create a new single role for every single t-code then there will be so many roles for every single t-code.will that solve my issue? Won't that be ambiguous for later?

Ask a Question