2009 Feb 25 6:32 AM
Hi,
1. How to revoke all basis rights with objects for all users role ?
2. How to confirm the same ?
3. Is there any list of commands used in Basis ?
Thanks in advance
2009 Feb 25 7:12 AM
> 1. How to revoke all basis rights with objects for all users role ?
You cannot. SAP security is about allowing stuff, not denying. You'll have to build a new role with the proper rights.
>
> 2. How to confirm the same ?
I do not understand this question, what do you mean?
>
> 3. Is there any list of commands used in Basis ?
There are many lists and I think the list does not exist but if you take a look at the SAP standard roles beginning with SAP_BC_ you can get an idea about SAP transactions and authorizations needed for basis tasks.
2009 Feb 25 7:12 AM
> 1. How to revoke all basis rights with objects for all users role ?
You cannot. SAP security is about allowing stuff, not denying. You'll have to build a new role with the proper rights.
>
> 2. How to confirm the same ?
I do not understand this question, what do you mean?
>
> 3. Is there any list of commands used in Basis ?
There are many lists and I think the list does not exist but if you take a look at the SAP standard roles beginning with SAP_BC_ you can get an idea about SAP transactions and authorizations needed for basis tasks.
2009 Feb 25 8:48 AM
start with taking away all S_ objects from all roles, that will be to much, but you can add them when wanted.
Still i agree with jurjen this is a stange approach to sap Security
2009 Feb 25 11:04 AM
Hi,
Thanks for your reply ,
I just wants to give all rights to any user except basis . No bady should able to run any basis transection .
1. Is there any predefined role in the system for my requirement ?
2. if it is not there , where I can get all the list of transection except basis ?
3. One more question . I have to give spro read only rights to any user in production and quality server .
what will be the procedure ?
Thanks
2009 Feb 25 11:40 AM
For all three of your questions the forum search is the best answer.
Building roles bases on SAP_ALL minus critical transactions/objects has been discussed several times here. The general opinion here is that no one needs "all transactions except basis" since that would be tens of thousands of transactions.......so no, such a role does not exist.
Besides that, security on transaction level is a bad idea in itself.
A search for "spro display" will also give you several discussions on that subject. Here as well, take into account that the transaction SPRO is nothing but an entry point to an enormous wealth of functionality, each and every one of them with its own security issues.
Happy hunting!
Jurjen