cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Regarding SPRO Display

Former Member

on ‎02-20-2008 7:11 PM

0 Kudos

Hi all,

My requirement is all the functional consultant's should have SPRO in Display mode. They should even able to see the settings but they should not have change authorization...<removed_by_moderator> please send me a detailed solution so that my problem gets solved

<subject_modified_by_moderator>

Read the "Rules of Engagement"

Regards

Surya

Edited by: Juan Reyes on Aug 22, 2008 1:18 PM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎02-22-2008 8:38 PM
0 Kudos

Suyra,

As a general question, is there a reason that your functional people are accessing a development client? I would guess that if they are functional but not allowed to do configuration, why not put them in the testing client of the development system?

I know that there are some execptions to this but it is much easier to lock the client for changes that they are in than chasing them with security roles that they can probably get around anyway if they are smart enough.

Thanks and if this answers your question, please set this thread to answered.

Show replies
Show replies
Former Member
‎02-21-2008 12:09 PM
0 Kudos

Hi surya,

You try the kunal link. It is ok for me. or U check your role if any Basis Administration access given or not...

Rajesh.

Show replies
Show replies
Former Member
‎02-21-2008 10:05 PM
0 Kudos

Surya,

To be more specific.

1. Go to Tcode PFCG --> Enter a rolename ( e.g. ZSPRO) --> Click Single Role

2. Add the Transaction SPRO

3. Go to the Authorizations tab --> Change Authorization Data

4. Utilities --> Technical Names on and change the objects as below

Change all the activities of all the objects to 03 (display).Remove all create or change access For other objects like S_RFC you can give execute access, S_TABU_DIS should be Not Allowed.

Then Save , Generate and assign to user.

If you still cant get it to work, please post a better explanation as to what is happening

Edited by: Kunal Belnekar on Feb 21, 2008 2:05 PM

Edited by: Kunal Belnekar on Feb 21, 2008 3:49 PM

Former Member
‎02-22-2008 10:10 AM
0 Kudos

Hi Kunal,

It doesn't work for me. I followed your instruction on creating the new role and also referred to the link

http://www.sapsecurityonline.com/r3_security/r3_security_tips.htm

In this link, it mentions

Object Field Value

S_CODE REMOVE SPRO

There is no such object as S_CODE. Is it a typo ? should it be S_TCODE ? But even in S_TCODE object there is no REMOVE field.

After creating the ZSPRO_VIEW and assigned to user. User can go to tcode SPRO, but when drilling down, for example

SPRO --> Controlling --> General Controlling --> Organization --> Maintain Versions

will hit by the message "You are not authorised to use Transaction SM34"

same message prompted at the bottom of the screen if try other structure in SPRO.

my work around is to add another object S_TCODE and assign * to the field TCD. after this, most of the item in SPRO structure can be execute with DISPLAY only.

not sure if this is the right way to do.

pls advise.

Thanks.

Regards,

Kent

Former Member
‎02-22-2008 6:05 PM
0 Kudos

Kent,

SM34 by default gives change access to S_TABU_DIS. Since you have only 03 activity in the SPRO display role, it will complain about executing SM34 and most of the Tcodes in SPRO.

my work around is to add another object S_TCODE and assign * to the field TCD. after this, most of the item in SPRO structure can be execute with DISPLAY only.

I like this way of doing it.

What I would usually do is, keep adding Tcodes (SM34) to the role and maintain the objects to display only on a request basis. That way, you know that whoever gets SPRO can access the other ones he needs and you dont need to have different roles for it.

But your way is a lot easier and convenient. I tried it out and it works.

Hope this helps.

Kunal

Former Member
‎08-22-2008 4:13 AM
0 Kudos

Dear Surya Sir,

Pleae give me details of SPRO to step by step & how to use.

Santosh Shivane

HR COMP DIV

Former Member
‎08-22-2008 1:02 PM
0 Kudos

Hi Santosh,

See http://help.sap.com for more information on SPRO.

It would also be a good idea to read the Rules of Engagement before posting.

Best Regards,

Matt

Former Member
‎02-20-2008 7:19 PM
0 Kudos

Try this

http://www.sapsecurityonline.com/r3_security/r3_security_tips.htm

Also, try looking at the earlier posts. This message has been posted earlier.

Thanks,

Kunal

Edited by: Kunal Belnekar on Feb 20, 2008 11:20 AM

Show replies
Show replies
Former Member
‎02-21-2008 8:09 AM
0 Kudos

Hi Kunal,

I tried out all these but there i could not find my solution

Regards

Surya

Former Member
‎02-21-2008 8:12 AM
0 Kudos

Hi Surya,

Just create a new role with the transaction SPRO

then maitain the authorization as display for all the authorization. Then generate the profile.

Then assign this role to all the users you want.

<removed_by_moderator>

Regards,

Vamshi.

Edited by: Juan Reyes on Aug 22, 2008 1:19 PM

Ask a Question