we have one parent role and we derived five roles from that
and i assigned these derived roles to five users now i want
to restrict 2 users for couple of T-codes and rest of the
users work with those T-codes , How we can solve the problem
Answers were Sorted based on User's Feedback
Answer / rohit
you can't restrict. you have to create another child role and restrict there i.e add/remove t-code as per the requirement. This type of question is asked in interview for creating confusion :)
Is This Answer Correct ? | 20 Yes | 1 No |
Answer / siva
We can restrict via creating a new standalone role with the
required transaction codes restricting with org values of
the same plant/company code and assign the newly created
role and remove access to the already assigned derived role.
Is This Answer Correct ? | 4 Yes | 1 No |
Answer / seenivasan m u
Possible, restrict the required users in validity parts from and to dates, T-code access available but validity controls, system will be reflect assigned two users only, rest of users not facing any issues on this.
Is This Answer Correct ? | 0 Yes | 0 No |
We can change the Authorizations of those 2 specific derived roles by removing the desired tcodes and generate. But this actually defies the derived - template roles concept.
Also, whenever the template role is modified for some reason i future, and if the change is inherited via the template role, then the 2 specific derived roles will lose all the changes made to them (as above) and will get the same auths as the template role again.
The only solution in this case is to not derive all roles from the template role after template roles modification, but to derived individually each of those 3 derived roles, and make the changes exclusively to those 2 derived roles. This is possible but proposes a very weak and unnecessary overhead task for Security administrator.
Is This Answer Correct ? | 0 Yes | 0 No |
Answer / zaky
The answer is simple, We cannot remove the tcodes from child
roles, so we have to restrict at org level for that tcode,
The user might need tht access to different company code or
plant, So at org level maintain a wildcard value which wont
allow user to fully access the tcode
Is This Answer Correct ? | 0 Yes | 5 No |
Answer / annavarapu
first we need to add those t-codes for the users who required
access to execute and then remove the codes from the roles.
Automatically the users who doesn't required the t-code access
will workout
Is This Answer Correct ? | 0 Yes | 7 No |
Answer / kamal
We can restrict the users in the particular derived
roles........... For this we dont need to creste another
child role....
Thanks
Is This Answer Correct ? | 2 Yes | 12 No |
What are the mandatory authorization object should have like Reporting user ,power user ,super user and administrator user
how do we get list of users who are having mail-id’s in SU01 (Address tab)
1) Explain me about your SAP Career? 2) Tell me your daily monitoring jobs and most of them you worked on? 3) which version of SAP are you working on? Is it a java stack or abap stack? 4) Tell me about derived role? 5) what is the main difference between single role and a derived role 6) Does s_tabu_dis org level values in a master role gets reflected in the child role?? 7) Tell me the steps to configure CUA? 8) Is RAR a java stack or Abap Stack? 9) What is the report which states the critical T-codes? and also What is the T-code? 10) What is the T-code to get into RAR from R/3? 11) Explain about SPM?
What is the different between single role & composite role?
In which table you can see authorization group for table and which table to see authorization group for program?
What are the uses of an authorization group?
what is the use of s_tabu_nam,s_tabu_dis,s_tabu_cli
How to assign more than 312 profiles to any user?? As 312 profiles are limited to assign in any user account.
What are su25 t-codes used for?
Explain secure store and forward?
SAP SECURITY Training in Hyderbad,contact 7893255000. R3 SEC,BW/BI Sec,HR SEC,SRM SEC,EP SEC,VIRSA and GRC Tools.
Explain x-glueb and its use in sap security.