09-01-2007 4:15 AM
hi,
I control the SAP_ALL Access to all except IT guys specially the developer still have this access. How we control the access for ABAPer. Pls list out the Tcode i'll give to them.
Thks
Rajesh
09-06-2007 7:45 AM
Hi,
Assign "Abap Workbench" role to the ABAP user.
<b>How to do it?</b>
1. Go to pfcg Transaction.
2. Type "z_abapers" and click create.
3. Go to "menu" bar.
4. Click "From SAP menu"
5. Choose "ABAP Workbench" under the tree and check it.
6. Generate the profile and save the role.
7. Give this role to the desired users using su01 Transaction Code.
I hope it will serve your purpose. Please give me the feedback.
Thanks and Regards
Anirban.
09-01-2007 11:35 AM
09-01-2007 12:46 PM
09-05-2007 1:10 PM
Hi,
Auke is right, look for sap roles and edit them. You can also go to the PCFG and look for the role with transaction se38. Make you choise. You also can create a role with the pfcg using sap menu. Goto tools, abapworkbench and select the things you need. Goto the authorizations tab, fill in the objects which are yellow and generate the role. Don't give away to much and let the complain method work.
have fun
Jan van Roest
09-05-2007 5:24 PM
>> Don't give away to much and let the complain method work.
>>
>> have fun
That reminded me of some fun users from the Argument Clinic methodology group.
I can see John Cleese saying "No, it's SE80".
09-06-2007 12:22 AM
If I am reading your question correctly you need a list of tcodes for an ABAP developer. Here are the tcodes for the ABAP developer role that we built. Do it quick so you can start removing SAP_ALL from the developers.
Good Luck!
Authorization value
MCAY
MCAZ
MCAX
MCAW
MCKY
MCKZ
MCAV
MCAU
MCAT
MCAR
MCAQ
MCAP
MCAO
MCAN
MCAM
MCAL
MCM?
PFTC_DEL
PFTC_COP
PFTC_CHG
PFOS
PFOM
PFCT
PFAL
PFAC_INS
PFAC_DIS
PFAC_DEL
PFAC_CHG
OOMV
OOHQ
OODT
NACE
MCYY
MCSX
MCSW
MCAK
MC23
MC22
MC21
MC20
MC19
MC18
MC09
MC08
MC07
MC06
MC05
MC04
MC03
MC02
MC01
LSMW
BSVW
BDTP
BDM6
MC24
MCAJ
MCAI
MCAH
MCAF
MC?9
MC?8
MC?7
MC?6
MC?5
MC?4
MC?3
MC?2
MC?1
MC?0
MC95
MC94
MC93
MC26
MC25
RE_RHRHDC00
RE_RHRHAZ00
RE_RHREPL20
RE_RHNAVIG0
RE_RHMOVE30
RE_RHGRENZ4
RE_RHGRENZ2
RE_RHGRENZ1
RE_RHGRENZ0
RE_RHEXIST0
RE_RHDESC10
RE_RHDBST00
RE_RHCOPYSTRUCT
RE_RHCOPY10
RE_RHCOPY00
RE_RHCOPLPT
RE_RHCOPL00
RE_RHCHECKV
RE_RHCHECK1
RE_RHRHDL00
RSWWCLEAR
RSWEWWDHSHOW
RSWEWWDHMSHOW
RSWELOGD
RE_RHXSTR08
RE_RHXSTR07
RE_RHXSTR06
RE_RHXSTR05
RE_RHXSTR04
RE_RHXSTR03
RE_RHXSTR02
RE_RHXSTR01
RE_RHXSTR00
RE_RHXEXI04
RE_RHXEXI03
RE_RHXEXI02
RE_RHXEXI01
RE_RHXEXI00
RE_RHTRANS0
RE_RHBEGDA0
PPOM
PPOC_OLD
PPOCW
PPOCE
PPOC
PPO4
PPO3
PPMS
PPME
PP03
PP01
PO13
PO10
PO03
PO01
PGOM
PFUD
PFTC_INS
PFTC_DIS
PPOME
RE_RHAUTH00
RE_RHALESMD
RE_RHALECPS
RE_RHAKTI00
PSO4
PSO3
PSO1
PSO0
PPST
PPSS
PPSM
PPSC
PPOS_OLD
PPOSW
PPOSE
PPOS
PPOM_OLD
PPOM_MODE
PPOMW
BDFG
DBG*
CMOD
AL11
PPOSE
BD105
BD104
BAPI
AWUW
Z*
S_AHR_61015540
SWO2
STWB_WORK
STWB_SET
STWB_INFO
STWB_2
STWB_1
STMS_QA
ST22
ST05
ST02
SQVI
SQ03
SQ02
BD47
BDBS
BDBR
BDBP
BDBG
BDA4
BD99
BD96
BD95
BD81
BD71
BD66
BD65
BD60
BD59
BD58
BD57
BD52
BD51
BD48
SQ01
SE73
SE72
SE71
SE43
SE30
SE19
SE18
SE16
SE10
SE09
SE03
SE01
SCPM
SCEM
SCAT
OSS1
OLE
LSMW
DWDM
SE74
SM37
SPDD
SPAU
SPAM
SOLO
SOLI
SOLE
SO10
SMOD
SM21
SLIN
SEPS
SE95
SE84
SE80
SE78
SE77
SE76
SE75
RSWWCOND
WELI
WECP
WE82
WE81
WE64
WE60
WE57
WE55
WE47
WE46
WE45
WE44
PPOS
WE43
WE07
WE06
WE02
S_PH0_48000088
S_PH0_48000087
S_PH0_48000086
S_PH0_48000085
S_PH0_48000084
S_ALR_87000881
S_ALR_87000878
S_ALR_87000710
S_AHR_61007156
S_AHR_61007150
S_AHR_61003751
S_AHR_61003750
S_AHR_61003603
S_AHR_61003187
S_AHR_61003172
S_AHR_61003170
WE08
WE42
WE41
WE34
WE32
WE31
WE30
WE27
WE24
WE21
WE20
WE19
WE18
WE17
WE16
WE15
WE14
WE12
WE10
WE09
SM51
SM04
SHDB
SHD0
SECATT
PPOM_OLD
PPOM_MODE
PPOMW
PPOME
SMARTFORMS
S_AHR_61003129
SOY9
SOY8
SOY7
SOY6
SOY5
SOY4
SOY3
SOY2
SOY1
SOTD
SOPE
SOCP
SOAD
SO99
SO80
SO55
SO44
SO43
SO42
SPHB
SWEHR3
SWEHR2
SWEHR1
SWED
SWEC
SWE5
SWE2
SWDS
SWDM
SWDD_CONFIG
SWDD
SWDC_RUNTIME
SWDC_DEFINITION
SWDB
SWDA
SWB_COND
SU21
SU20
SSCA
SO41
SE54
SE51
SE43N
SE41
SE39
SE38
SE37
SE36
SE35
SE33
SE32
SE24
SE11
SD11
SCOT
SCDO
SBWP
RSWWERRE
RSWWDHEX
SE91
SO38
SO36
SO32
SO31
SO30
SO28
SO19
SO16
SNRO
SNL3
SMW0
SM59
SM58
SLG0
SINA
SIAC1
SFAW
SE93
SE92
SWU_OBUF
SWU_EWLIS
SWU_EWCD
SWU_EWBTE
SWU_CONT_PERSISTENCE
SWUY
SWUV
SWUU
SWUS
SWUR
SWUI_VERIFY
SWUI_DEMO
SWUI_BENCHMARK
SWUI
SWUE
SWUD
SWU9
SWU8
SWU7
SWWA
SXDA
SWXML
SWXF
SWW_SARA
SWW_DISPSWWCOND
SWW_DISPSWWCLEAR
SWW_ARCHIV
SWWL_TOPLEVEL
SWWL
SWWH
SWWERRE_INSERT
SWWERRE_DELETE
SWWDHEX_DELETE
SWWD
SWWCOND_INSERT
SWWCOND_DELETE
SWWCLEAR_INSERT
SWWCLEAR_DELETE
SWWB
SWU4
SWI2_DEAD
SWI2_ADM1
SWI1_RULE
SWI1_COND
SWI14
SWI13
SWI11
SWI1
SWH_PROCESS_INFO
SWH_EXIT_DISPLAY
SWH_ADM1
SWF_RFC_DEST
SWETYPV
SWEQBROWSER
SWEQADM_1
SWEQADM
SWELS
SWEL
SWEINST
SWI2_DIAG
SWU3
SWU2
SWU10
SWU0
SWR_WEBSERVER
SWPR
SWPC
SWPA
SWO1
SWLV
SWLD_INPLACE2
SWLD_INPLACE1
SWL1
SWIE
SWIA
SWI6
SWI5
SWI2_FREQ
SWI2_DURA
SPROXY
/
SU20
SO23
SNRO
SNL3
SM58
SLG0
SFAW
SE93
SE91
SE54
SE51
SE41
SE39
SE38
WE17
WE16
WE15
WE14
WE12
WE10
WE09
WE08
WE07
WE06
WE05
WE02
SWO1
SU21
BDLR
BD51
BAPI
ABAPDOCU
SE37
SE36
SE35
SE33
SE32
SE24
SE14
SE13
SE11
SD11
SCID
SCDO
SAINT
EFRM
WE18
WE45
WE44
WE43
WE42
WE41
WE34
WE32
WE31
WE30
WE27
WE24
WE21
WE20
WE19
WELI
WECP
WE82
WE81
WE64
WE60
WE57
WE55
WE47
WE46
PPOM
STWBM
SXDA
TPDA_START
SXDB
SXDA_TOOLS
SMQ2
SMQR
SRMD
ST03
ST06
SXMB_MONI
SXMB_MONI_BPE
SMQ1
IDX1
IDX4
SICF
SM58
SMICM
PPOC_OLD
PPOCW
PPOCE
PPOC
PPO4
PPO3
PPOSW
RE_RHAUTH00
RE_RHALESMD
RE_RHALECPS
RE_RHAKTI00
PSO4
PSO3
PSO1
PSO0
PPST
PPSS
PPSM
PPSC
PPOS_OLD
PFOS
PFOM
PFCT
PFAL
PFAC_INS
PFAC_DIS
PFAC_DEL
PFAC_CHG
OOMV
OOHQ
OODT
NACE
MCYY
PFTC_CHG
PPMS
PPME
PP03
PP01
PO13
PO10
PO03
PO01
PGOM
PFTC_INS
PFTC_DIS
PFTC_DEL
PFTC_COP
RE_RHBEGDA0
SE37
RSWWCLEAR
RSWEWWDHSHOW
RSWEWWDHMSHOW
RSWELOGD
RE_RHXSTR08
RE_RHXSTR07
RE_RHXSTR06
RE_RHXSTR05
RE_RHXSTR04
RE_RHXSTR03
RE_RHXSTR02
RE_RHXSTR01
SE36
BD48
RSWWCOND
RSWWDHEX
RSWWERRE
SBWP
SCDO
SCOT
SD11
SE11
SE24
SE32
SE33
SE35
RE_RHGRENZ2
RE_RHGRENZ1
RE_RHGRENZ0
RE_RHEXIST0
RE_RHDESC10
RE_RHDBST00
RE_RHCOPYSTRUCT
RE_RHCOPY10
RE_RHCOPY00
RE_RHCOPLPT
RE_RHCOPL00
RE_RHCHECKV
RE_RHCHECK1
RE_RHGRENZ4
RE_RHXSTR00
RE_RHXEXI04
RE_RHXEXI03
RE_RHXEXI02
RE_RHXEXI01
RE_RHXEXI00
RE_RHTRANS0
RE_RHRHDL00
RE_RHRHDC00
RE_RHRHAZ00
RE_RHREPL20
RE_RHNAVIG0
RE_RHMOVE30
BDBS
BDBR
BDFG
BDM6
BDBP
BDBG
BDA4
BD99
BD96
BDTP
BSVW
SE39
SE38
LSMW
MC01
MC02
MC03
MC04
MC05
BD95
MCAW
MCAV
MCAU
SE41
AWUW
BAPI
BD104
BD105
BD47
BD51
BD52
BD57
BD58
BD59
BD60
BD65
BD66
BD71
BD81
MC?4
MC?5
MC?6
MC?7
MC?8
MC?9
MCAF
MCAH
MCAI
MCAJ
MCAK
MCAL
MCAM
MCAN
MCAO
MCAP
MCAQ
MCAR
MCAT
MC?3
MC06
MC07
MC08
MC09
MC18
MC19
MC20
MC21
MC22
MC23
MC24
MC25
MC26
MC93
MC94
MC95
MC?0
MC?1
MC?2
MCAX
MCSX
MCSW
MCM?
MCM/
MCM-
MCM+
MCKZ
MCKY
MCAZ
MCAY
SWUI_VERIFY
WELI
WECP
SWUR
SWUS
SWUU
SWUV
SWUY
SWU_CONT_PERSISTENCE
SWU_EWBTE
SWU_EWCD
SWU_EWLIS
SWU_OBUF
SWWA
SWWB
SWWCLEAR_DELETE
SWWCLEAR_INSERT
SWWCOND_DELETE
WE82
WE81
WE64
WE60
SWL1
SWLD_INPLACE1
SWLD_INPLACE2
SWLV
SWO1
SWPA
SWPC
SWPR
SWR_WEBSERVER
SWU0
SWU10
SWU2
SWU3
SWU4
SWU7
SWU8
SWU9
SWUD
SWUE
SWUI
SWUI_BENCHMARK
SWUI_DEMO
WE18
WE17
WE16
WE15
WE14
WE12
WE10
WE09
WE08
WE07
WE06
WE02
S_PH0_48000088
S_PH0_48000087
S_PH0_48000086
S_PH0_48000085
S_PH0_48000084
S_ALR_87000881
S_ALR_87000878
S_ALR_87000710
S_AHR_61007156
S_AHR_61007150
WE57
WE55
WE47
WE46
WE45
WE44
SWWCOND_INSERT
SWWD
SWWDHEX_DELETE
SWWERRE_DELETE
WE43
WE42
WE41
WE34
WE32
WE31
WE30
WE27
WE24
WE21
WE20
WE19
SWIE
SOY3
SOY4
SOY5
SOY6
SOY7
SNL3
SMW0
SM59
SM58
SLG0
SINA
SIAC1
SFAW
SE93
SE92
SOY8
SOY9
SPHB
SE91
SE54
SSCA
SU20
SO19
SO28
SO30
SO31
SO32
SO36
SO38
SO41
SO42
SO43
SO44
SO55
SO80
SO99
SOAD
SO16
SNRO
SOCP
SOPE
SOTD
SOY1
SOY2
SWEQADM
SWEQADM_1
SWEQBROWSER
SWETYPV
SWF_RFC_DEST
SWH_ADM1
SWH_EXIT_DISPLAY
SWH_PROCESS_INFO
SWI1
SWI11
SWI13
SWI14
SWI1_COND
SWI1_RULE
SWI2_ADM1
SWI2_DEAD
SWI2_DIAG
SWI2_DURA
SWI2_FREQ
SWI5
SWI6
SWIA
SU21
SWB_COND
SWDA
SWDB
SWDC_DEFINITION
SWDC_RUNTIME
SWDD
SWDD_CONFIG
SWDM
SWDS
SE51
SWE2
SWE5
SWEC
SWED
SWEHR1
SWEHR2
SE43N
SWEHR3
SWEINST
SWEL
SWELS
S_AHR_61003751
S_AHR_61003750
S_AHR_61003603
S_AHR_61003187
S_AHR_61003172
S_AHR_61003170
S_AHR_61003129
SXDA
SWXML
SWWERRE_INSERT
SWWH
SWWL
SWWL_TOPLEVEL
SWW_ARCHIV
SWW_DISPSWWCLEAR
SWW_DISPSWWCOND
SWW_SARA
SWXF
09-06-2007 8:29 AM
would not go for all these t_code as it is far to much and you are out of control what developpers do in your system, (do not believe that the transport system will be the gateway, as no one checks transports before release, as most transport personnel have no clue how to check!)
Go at it the easy way
1 ask them what TRX they need.
2 create a role with only the requested TRX
3 from there add more TRX on request
But before you start seek OK from management, better try to find a manger who will take onwership of this. As there is a change you would like to say no to a certain TRX that has been requested and then you should have a manger who approves, or rather disapproves. Besides you will see that after a while the number of requeste will go down as they will hate to have to explain why additional TRX are needed to a manager! Thing to remember, a security administrator should never be responsible for the access granted, and there should be a auditable approval process in place for allowing additional access for all users in the sytem, being it changes to role asigmnet or changes to roles itself. Approval can ONLY be given by functional supervisor of requester (for role assigment changes) and by senior control management for changes in roles. Be aware that for every change in access there should be a quick evaluation on SoD.
09-06-2007 9:23 AM
Thanks John!
Did you restrict on package, object and name as well, or deal with it organizationally?
How many authorizations for S_DEVELOP did it take?
Cheers,
Julius
09-07-2007 9:24 PM
Julius,
Pretty much full access The only thing I restricted was their ability to release their on transports. Their team leads are the only one's who can release a transport they created before it get sent to Basis.
Building project team roles is probably one of the must daunting tasks.
09-06-2007 7:45 AM
Hi,
Assign "Abap Workbench" role to the ABAP user.
<b>How to do it?</b>
1. Go to pfcg Transaction.
2. Type "z_abapers" and click create.
3. Go to "menu" bar.
4. Click "From SAP menu"
5. Choose "ABAP Workbench" under the tree and check it.
6. Generate the profile and save the role.
7. Give this role to the desired users using su01 Transaction Code.
I hope it will serve your purpose. Please give me the feedback.
Thanks and Regards
Anirban.
09-06-2007 9:45 AM