on 02-20-2008 7:11 PM
Hi all,
My requirement is all the functional consultant's should have SPRO in Display mode. They should even able to see the settings but they should not have change authorization...<removed_by_moderator> please send me a detailed solution so that my problem gets solved
<subject_modified_by_moderator>
Read the "Rules of Engagement"
Regards
Surya
Edited by: Juan Reyes on Aug 22, 2008 1:18 PM
Suyra,
As a general question, is there a reason that your functional people are accessing a development client? I would guess that if they are functional but not allowed to do configuration, why not put them in the testing client of the development system?
I know that there are some execptions to this but it is much easier to lock the client for changes that they are in than chasing them with security roles that they can probably get around anyway if they are smart enough.
Thanks and if this answers your question, please set this thread to answered.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi surya,
You try the kunal link. It is ok for me. or U check your role if any Basis Administration access given or not...
Rajesh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Surya,
To be more specific.
1. Go to Tcode PFCG --> Enter a rolename ( e.g. ZSPRO) --> Click Single Role
2. Add the Transaction SPRO
3. Go to the Authorizations tab --> Change Authorization Data
4. Utilities --> Technical Names on and change the objects as below
Change all the activities of all the objects to 03 (display).Remove all create or change access For other objects like S_RFC you can give execute access, S_TABU_DIS should be Not Allowed.
Then Save , Generate and assign to user.
If you still cant get it to work, please post a better explanation as to what is happening
Edited by: Kunal Belnekar on Feb 21, 2008 2:05 PM
Edited by: Kunal Belnekar on Feb 21, 2008 3:49 PM
Hi Kunal,
It doesn't work for me. I followed your instruction on creating the new role and also referred to the link
http://www.sapsecurityonline.com/r3_security/r3_security_tips.htm
In this link, it mentions
Object Field Value
S_CODE REMOVE SPRO
There is no such object as S_CODE. Is it a typo ? should it be S_TCODE ? But even in S_TCODE object there is no REMOVE field.
After creating the ZSPRO_VIEW and assigned to user. User can go to tcode SPRO, but when drilling down, for example
SPRO --> Controlling --> General Controlling --> Organization --> Maintain Versions
will hit by the message "You are not authorised to use Transaction SM34"
same message prompted at the bottom of the screen if try other structure in SPRO.
my work around is to add another object S_TCODE and assign * to the field TCD. after this, most of the item in SPRO structure can be execute with DISPLAY only.
not sure if this is the right way to do.
pls advise.
Thanks.
Regards,
Kent
Kent,
SM34 by default gives change access to S_TABU_DIS. Since you have only 03 activity in the SPRO display role, it will complain about executing SM34 and most of the Tcodes in SPRO.
my work around is to add another object S_TCODE and assign * to the field TCD. after this, most of the item in SPRO structure can be execute with DISPLAY only.
I like this way of doing it.
What I would usually do is, keep adding Tcodes (SM34) to the role and maintain the objects to display only on a request basis. That way, you know that whoever gets SPRO can access the other ones he needs and you dont need to have different roles for it.
But your way is a lot easier and convenient. I tried it out and it works.
Hope this helps.
Kunal
Hi Santosh,
See http://help.sap.com for more information on SPRO.
It would also be a good idea to read the Rules of Engagement before posting.
Best Regards,
Matt
Try this
http://www.sapsecurityonline.com/r3_security/r3_security_tips.htm
Also, try looking at the earlier posts. This message has been posted earlier.
Thanks,
Kunal
Edited by: Kunal Belnekar on Feb 20, 2008 11:20 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.