Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

ABAP Roles

Former Member
0 Kudos
1,677

Hi,

What are the basic roles that would need to be assigned for a normal abap developer?

We have just installed new system and would like to know the basic roles that would give authorizations to these transactions

IDOC

ALE

RFC

Queues etc

Development Transactions

Regards

1 ACCEPTED SOLUTION

lalitha_mantha
Explorer
0 Kudos
609

go to su01 and set up roles for

1.ABAP Developer

2.Basis Job Creation/Scheduling

3.Create Transports

4.Workflow Administration

8 REPLIES 8

lalitha_mantha
Explorer
0 Kudos
610

go to su01 and set up roles for

1.ABAP Developer

2.Basis Job Creation/Scheduling

3.Create Transports

4.Workflow Administration

Former Member
0 Kudos
608

Hi Krish,

I thinks that you should define a new role for Abap Developer. In this role, you can assign all basis transactions and you can add more if need.

- You can use PFCG create new role and assign some basis transaction as SE38, SE37, SE11,SE16, SE18, SE19 ...

Regards,

Nguyen Huy.

Former Member
0 Kudos
608

HI Krish

You can go to Tcode SU01, there you can find some tabs like Address, Logon data, SCN, Roles, Profiles etc.,

here in the Roles tab, alot the roles and

in Profiles tab, just give SAP_ALL and SAP_NEW

I hope your problem may get resolved

Cheers

NZAB

Former Member
0 Kudos
608

Yes, most developers will want SAP_ALL and/or SAP_NEW.

Hurray! Me too.

However, usually there will be the (annoying?) Masterdata Responsible who will now get shivers and will probably start looking for ways to block your access to the system.

In all honesty, in a development system or a sandbox, yes. Those two might be okay to give. But, most companies will have different views. Talk to the Basis team or Masterdata team.

I would vote for:

ABAP/4 Development Workbench: S_DEVELOP

Workflow: Work item handling: S_WF_WI

Authorization check when using RFC to access program modules (such as function groups): S_RFC.

You can always use SU53 to check for failed authorisation checks and let them decide if you NEED to perform the task.

mithun_shetty4
Contributor
0 Kudos
608

In addition to the Above,

access to table (S_TABU_DIS) and S_ADMI_FCD, access to create RFC Destinations would be needed by the developers

Former Member
0 Kudos
608

Krish,

rather than waiting for answers here, just dont give any roles to the users and keep executing the required tcodes, you can easily find out which auth objects are needed. goto SUIM,find the roles and assign them.

former_member203501
Active Contributor
0 Kudos
608

Dear Krish,

All these roles are client specific , based on the requirement only we will assign authorisations for the user, Again it is different from DEV to Quality and Production. A custom role/profile will be created first, all the tcodes will be assigned to that. again based on the activity ( create, change, display, execute) we can control these transactions.

Generally an abaper will have tcodes

for CTS

se01

se09

se10

scc1

scc4

for development

se11

se14

se18

se19

se24

se37

se38

se39

se41

se51

se63

se71

se73

se80

smartforms

for analysis

se30

st22

st05

for rfcs

sm58

sm59

in general development will have SAP_ALL profile , in quality and PRD it will be controlled thru roles/profiles.

Former Member
0 Kudos
608

Moved from ABAP General to Security forum..