topic Re: Authorization object in Application Development and Automation Discussions

Authorization object

Former Member — Wed, 29 Jul 2009 13:33:02 GMT

My requirement is to provide the users with access only to visualize all the customizing done through the transaction SPRO.

The solution adopted was to assign the user with the role SAP_BC_CUS_CUSTOMIZER. However this does not provide the users with the authorization to execute the transactions available in SPRO.

Is there a simpler way to provide the users with the authorization to visualize the transactions available within SPRO without having to deal with all the transactions one by one?

Thank you.

Re: Authorization object

Former Member — Wed, 29 Jul 2009 16:08:34 GMT

That is an SAP generated role and it is not preferred to assign these to users. Also, the SAP roles do not have profiles generated so the transaction would not be executable just by assigning it.

Copy this role to your own namespace such as Z_BC_CUS_CUSTOMIZER and maintain all authorizations and generate profile. This might give you what you are looking for.

Re: Authorization object

jurjen_heeck — Wed, 29 Jul 2009 16:28:02 GMT

Please use the forum search with strings "SPRO" and "display". This has been discussed several times before.

Re: Authorization object

sdipanjan — Wed, 29 Jul 2009 16:30:05 GMT

If you search with SPRO in Security forum you will get many details on Display specific SPRO authorizations.. please go thorugh them and let me know if you have any confusion then..

Regards,

Dipanjan

Re: Authorization object

Former Member — Thu, 30 Jul 2009 06:51:46 GMT

Hope this would help you...

As a starting point, your SPRO display role should S_PROJECT auth object

with display only, S_PROJECTS auth object with activity 01, SM30/SM31,

S_TABU_DIS with activity 03 and every other authorization object with

display-only access.

Depending on the IMG nodes you'd like to display, building such a role

may take a while.

If you need access to all nodes in SPRO, I suggest you create a new

Customizing role in PFCG (based on an existing IMG view) and then modify

the authorization objects to display-only:

- PFCG~~>Create~~>Menu Tab~~>Utilities~~>Customizing Auth~~>Add~~>IMG

Project view.

Re: Authorization object

Former Member — Sat, 01 Aug 2009 13:23:59 GMT

any update on this issue..

were you able to resolve this issue?

Re: Authorization object

Former Member — Mon, 03 Aug 2009 18:07:14 GMT

Hi ,

I tried to create a new namespace Z_BC_CUS_CUSTOMIZER but the problem persists as i have to maintain all authorization for all the transactions available within SPRO.

Re: Authorization object

Former Member — Mon, 03 Aug 2009 18:13:42 GMT

Hi mohan,

i tried to create a new SPRO display role with all the authorization objects you mentioned. But the problem persists as i still have to maintain the authorizations for all the transactions within SPRO.

I cannot create a role based on an existing IMG view as no project view exists.

Re: Authorization object

Former Member — Mon, 10 Aug 2009 11:27:25 GMT

The solution was available on the following thread:

Re: Authorization object

Former Member — Mon, 10 Aug 2009 15:15:05 GMT

You got your solution from that thread??

How odd...