Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

display rights

Former Member

‎06-10-2008 9:34 AM

0 Kudos

i want to assign the display only rights of all the transaction to our auditors

pl suggest me how to do it i have a seperate ID for auditors.

i was to try SAP_DISPLAY_ALL or SAP_ALL_DISPLAY. we are using ecc 5.0 where i did not found any role such as SAP_DISPLAY_ALL (or SAP_ALL_DISPLAY)

how do i do this.

4 REPLIES 4

Former Member

‎06-10-2008 9:38 AM

0 Kudos

There is no such thing (anymore). Your only option is to use the search.

Sorry,

Julius

Bernhard_SAP
Advisor
Advisor

‎06-10-2008 12:47 PM

0 Kudos

....furthermore SAP_ALL_DISPLAY was quite useless, as it contained also change authorizations......

thats the cause, why it is not delivered anymore. too many wise role administrators trusted the title of the role without checking the content of that role. and suddenly their users got change rights....

b.rgds, Bernhard

Former Member

‎06-10-2008 8:39 PM

0 Kudos

Hi,

You can try this .....

Create a new role or edit the existing role to add set of transactions related to auditors.

Whenever a new transaction is added ,the authorization objects

related to it are automatically added to role.ACTIVITY values or these object can be maintained as 03(display) and 08(display changed documents).

(It is better to add one transaction at time and then edit the authrization object).

Regards,

Ajit

Former Member
In response to Former Member

‎06-10-2008 9:32 PM

0 Kudos

> ACTIVITY values or these object can be maintained as 03(display) and 08(display changed documents).

There is a little problem with that....

The "activity" related fields of auth objects are not only related to field ACTVT (values defined in table TACTZ). There are many other "action" type, "function" type, "name of..." typoe fields which control this.

An observation which I have made are the obscure names of some transaction codes, including the cryptic ones of generated tcodes. I don't think that SAP expects any person to remember the names of them... nor any admin to find them and add them to a menu manually...

> (It is better to add one transaction at time and then edit the authrization object).

I like that approach, although I have mostly (as user) used roles with ranged tcode values. I always believed (and am still convinced it is correct) that if I have the correct authorizations to use the transactions or reports are checked for appropriate authority, then all is OK (and rolled back). Well, that does not hold true, and I don't think that I will ever find all of the exceptions.

Eventually the ranges looked like Swiss cheese in my role

Cheers,

Julius