on 2005 Dec 28 8:04 AM
Hi Friends;
Does any one know abt combining SAP auth profiles/roles.
goal is to combine tr codes,auth objects with attribute values assigned, <b>from two 0r more profiles/roles to single profile/role.</b>
we are in process of streamlining the authoorization across system and thus want to reduce number of roles/profiles assigned to user to one.
Thanks in Advance
Nilesh
I really don't know exactly what you're asking for but in role maintanance (PFCG) you have the possibility to maintain "Single Roles" and "Composite Roles" (which consist of 1-n single roles). This is also possible for profiles. In profile maintanance (SU02) you're able to maintain "Single profiles" and "Composite profiles".
Is it that what you're looking for?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
Actually i am looking for mearging existing two or more profiles into single profile with auth atrribute values assigned.
composite profile/roles does not solve my problem as i want to delete existing single roles after mearging.
scenario
A user has five roles attached and want to make one role from those existing roles, and retain all authorization intact.
Thanks for the reply
Nilesh
Does anyone know if there is a function module or Bapi to maintain composite profiles? I need to write an ABAP program to remove a single from all composite profiles.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Nilesh,
I have worked out a solution for this issue. For example your fives roles are A,B,C,D and E. Create a new role F now. After creating the role go straight to authorizations tab and open it in Expert mode for profile generation with EDIT OLD STATUS mode.
Don't select any of the templates that SAP will ask you for.
Then in menu bar go to EDIT, then to INSERT AUTHORIZATIONS and then to FROM PROFILES. Now A,B,C,D and E all of them will have their respective profiles(You can check for the profile under authorizations tab of the pre-exisitng roles; of course make sure all the roles A,B,C,D and E are pre-generated). A pop up will come up and you can give the profiles of all the existing roles one by one. Complete this activity in toto.
Once you have finished this activity you will find that few of the authorizations are in red color. For this all you need to do is to go to organizational levels tab and input the appropriate values. These are of course organization specific but you can check the values from the original roles. Once you have done this all authorization objects will be in green color. All you need to do is to generate this new role.
Their is only one issue with this approach- the transaction codes will not show up in the role menu but this is not an problem since the authority-check is done with authorization object S_TCODE. We have quite a few roles like this in our system and they are working absolutely fine.
Let me know if this worked for you.
Warm Regards.
Ruchit.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.