we have one parent role and we derived five roles from that
and i assigned these derived roles to five users now i want
to restrict 2 users for couple of T-codes and rest of the
users work with those T-codes , How we can solve the problem
- 7 Answers
- 13841 Views
- Cognizant, I also Faced
- E-Mail Answers
Answer Posted / sumeithmn
We can change the Authorizations of those 2 specific derived roles by removing the desired tcodes and generate. But this actually defies the derived - template roles concept.
Also, whenever the template role is modified for some reason i future, and if the change is inherited via the template role, then the 2 specific derived roles will lose all the changes made to them (as above) and will get the same auths as the template role again.
The only solution in this case is to not derive all roles from the template role after template roles modification, but to derived individually each of those 3 derived roles, and make the changes exclusively to those 2 derived roles. This is possible but proposes a very weak and unnecessary overhead task for Security administrator.
| Is This Answer Correct ? | 0 Yes | 0 No |
Post New Answer View All Answers
What does the pfcg_time_dependency clean up?
Hi Experts, can any one let me know the Tables which we use for compliance calibrator & Access enforcer of grc and please let me know the background jobs of grc, Please it's urgent so please answer as soon as possible to these questions , I really appreciate your help, Thanks karunakar
what things you have to take care before executing run system trace?
In Agr_1251 we are able to see 100 roles but in SUIM we are able to see 120 roles what's the reason behind this ? why is the difference between the SUIM and the AGR table ?
what is centralize FFID?
What does the item category specify in a purchasing order in SAP Materials Management?
Can you anybody tell me what are the questions frequently asked 3 years of SAP Security experienced level in INFOSYS company.
When would you update a sap table directly? What precautions would you taje?
what is the difference between usobt_c and usobx_c?
The user wants to create like a time table in BEX but when the open BEX its showing empty screen . in this situation what will u do.. And How will solve u …What r the steps u will take the to solve the solution..
What are the uses of an authorization group?
What does the account assessment category specify in a purchasing requisition in SAP Materials Management?
What profile versions?
how we Completely designed and implemented methodology for controlling end user access to plants, cost centers, etc. and how we Applied to both R/3 and BW environments.
Explain protecting public keys?
