Role & Profile
What is the difference between role and a profile?
Role and profile go hand in hand. Profile is bought in by a role. Role is used as a template,where you can add T-codes, reports..... Profile is one which gives the user authorization.When you create a role, a profile is automatically created.
Personalization Tab Within PFCG
Please expalin the personalization tab within a role.
Personalization is a way to save information that could be common to users, I meant to a user role...E.g. you can create SAP queries and manage authorizations by user groups. Now this information can be stored in the personalization tab of the role.(I supposed that it is a way for SAP to address his ambiguity of its concept of user group and roles: is "usergroup" a grouping of people sharing the same access or is it the role who is the grouping of people sharing the same access?)
Table of authorisation field settings
Is there a table for authorisations where I can quickly see the values entered in a group of fields?
In particular I am looking to find the field values for P_ORGIN across a number of authorisation profiles, without having to drill down on each profile and authorisation.
AGR_1251 will give you some reasonable info.
Table with deleted users
Someone has deleted users in our system, and I am eager to find out who. Is there a table where this is logged?
Debug or use RSUSR100 to find the infos.
Run transaction SUIM and down its Change documents.
How can I make T_Code SPRO Read Only
I have a requirement to make SPRO read only. As you know it has a tree like structure and to make it read only seems like impossible.
You cannot make SPRO 100% display only by ANY setting. The SCC4 option only turns configuration tables to not-modifyable but still allows the non-config delivery class tables (or those configured to be changeable) to be modifed. It does nothing for the tcodes that are NOT table maintenance and not controlled by S_TABU_DIS. These will still allow configuration. All the tcodes in the SPRO are in several tables CUST_ACTOBJ (spelling?) is one.
You only real option is to create a role with all the tcodes in them that are in the SPRO , remove the create and change to display ( generally by changing the last nunmer on the 4 digit tcodes to 3) and removing all the Create and change access in all the activities and allow only the display.
PFCG allows you to create a role from a SPRO project so the usermenu will come close to the SPRO menu, which your changes it will be display.
Mass Delete of Old Roles
How can i do a mass delete of the roles without deleing the new roles.
There is a SAP delivered report that you can copy, remove the system type check and run. To do a landscape with delete, enter the roles to be deleted in a transport, run the delete program or manually delete and then relase the transport and import them into all clients and systems.
It is called: AGR_DELETE_ALL_ACTIVITY_GROUPS.
To used it, you need to tweak/debug & replace the code as it has a check that ensure it is deleting SAP delivered roles only. Once you get past that little bit, it works well.
|