Hi,

Yes you have to maintain one particular client in ED! for creating and maintaining roles for all clients and then transport.

Regards,

Parimala

Thankyou very all of you.

>There are some things which you cannot add into roles if they are not set up (responsibility area heirachies, profit centre groups etc) so you need to ensure that non-transportable config is also made in your security client.

Thats a imp point th to my that you have bought to my notice. Are there any coustomizing such no range and stuff that can not be transported?

I wonder if its the case then all coustomizinf will be need to be done in QUA and PRD system seperately as well.

Also one thing i would like to mention is that I am trying to avoid development of roles on Actual devement client cause I am afraid of hamppering the coustoming data which developing roles . Cause most of my development of roles will take place by trial and error method .

So I am aprehensive to use development cline and find alternatives

Hi Hussein,

There is always some config which is non-transportable. These are typically referred to as Red Book entries. They are generally applied to Dev, Test and Prod systems manually.

As long as you don't touch config data then there is no problem using the Dev system to build roles and it's unlikely that you will damage config unless you are trying things which should really be done in a sandbox. As some config is also cross client then you would have the same result in a different security specific client.

Are this configuration (that cannot be transported or not copied during client copy) Importrant for developing and testing roles ?

It depends what it is. Personally I would not want to do any meaningful testing in a system without adequate data or config. 90% of the time it will be OK, but the other 10% you could have problems.

>role will be created in developemnt/customizing client.No need to create seperate client.Because some times you need to test in devlopment and all your customization will not be in this client, so you have to again transport the role to dev client.

>So you better create role in customizing client

If I start developing Roles in Coustomizing clients then it can hamper the data since it most of authorization will be required to be tested there it self.

So I am not using a blank client for creating role. I am making a copy of coustomizing client in Dev sys. I dont need to transport it to coustomizing client to test.

Hi,

That is fine hussain.But make sure if all transports including customizations are transportd to your dev client also.

Otherwise even security people need to check if authorizations work before making transport in quality.

Because in soem companies you need approvals for transport in Quality even

You will never test fully in dev for that you ahve to user quality as data is present in it.

Your way is also right, But i told you an option to make it work better

hope this helps

Hi Hussain,

All the roles should be created in development/customizing client as rightly said by Trupti.

It depends if there is a requirement of unit testing in DEV by developers then you need to have separate client for testing and later roles are transported to Staging and with thorough testing/approval roles can be finally transported to production.

Thanks and Good Day

Santosh Kumar