Hi,

I think the first step to think about is, if it is really necessary to perform that 'project' (whatever it is) really in PRD....

If you know already, which transactions the project memebers need to have access to, you have to check and countercheck each of that transactions, if

a) critical data can be reviewed

b) any data can be changed

If you have verified, that no such critical actions can be performed, you could then create the appropriate roles in PFCG for the project members (but never give 'full access' what you have mentioned !!!).

Please verify, if that members have already an existing account on your PRD, and if so, if they have already some authorizations there. It is dangerous to simply add your new project roles to existing users, as the assigned authorizations might cumulate and give unwanted access....

As soon the project members gest any developement authorizations, you have lost the game anyway, as they can then help themselves to get the access they want (you know, debug/replace is sufficient to crack any auth.-check). Please also review the threads in this forum about SE16, S_DEVELOP,S_PROGRAM,.....

At last point I can recommend to switch on the security audit log before the project members access your system.

b.rgds, Bernhard