Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

max no of profiles per user

Go to solution
former_member1180130
Explorer

‎04-05-2014 2:43 PM

0 Kudos

HI everybody

An interviewer asked  that you have to assign 10 roles to user,but 9 roles it self the max no of (312) profiles, are reached.then how to assign 10 th role

what procedure you follow.Of course i have this doubt since sap career started but i was not much interest to find answer

I read  410993 note  and searched all the stuff  on net but didn't get solution.

thanks in advance.

regards

siddu

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎04-05-2014 11:31 PM

0 Kudos

That you have not reached this limit indicates that you are doing a good job!

Tell the interviewer that if the limit is reached, then there is a design error.

If the interviewer presses harder, then there are two technical solutions. The first is in the authorizations tab of PFCG to use the "read old and merge new" option via the "Expert options". This you are probably doing hence you don't have the problem, but it can also be triggered manually within the menus in the authorization data.

There is one more joker you can play, but you must first tell the interviewer that they are using "Edit old data" to support a design error in the way they build and maintain roles.

Cheers,

Julius

10 REPLIES 10

Go to solution
Former Member

‎04-05-2014 11:31 PM

0 Kudos

That you have not reached this limit indicates that you are doing a good job!

Tell the interviewer that if the limit is reached, then there is a design error.

If the interviewer presses harder, then there are two technical solutions. The first is in the authorizations tab of PFCG to use the "read old and merge new" option via the "Expert options". This you are probably doing hence you don't have the problem, but it can also be triggered manually within the menus in the authorization data.

There is one more joker you can play, but you must first tell the interviewer that they are using "Edit old data" to support a design error in the way they build and maintain roles.

Cheers,

Julius

Go to solution
Colleen
Advisor
Advisor
In response to Former Member

‎04-06-2014 12:00 AM

0 Kudos

Very impressive if 9 roles can hit maximum profile. Most places I've seen this is due to 300+ roles assigned to the user.

Redesign and build again to fix root cause. Short term is to compare the roles to see if all of them are necessary

I suspect this question was meant to be more about using you security knowledge and showing you can critically analyse and problem solve

Finally, end your question with fire your architect and let me design and build security so you never have to ask this question again. Smile of course to show confidence.

regards

Colleen

Go to solution
mvoros
Active Contributor
In response to Former Member

‎04-06-2014 2:21 AM

0 Kudos 


Colleen Lee wrote: 




I suspect this question was meant to be more about using you security knowledge and showing you can critically analyse and problem solve

I doubt this. I would say that interviewer was looking for reference user.

Mohd: check this blog for info related to reference user. Discussion is full of useful tips.

Cheers

Go to solution
Colleen
Advisor
Advisor
In response to Former Member

‎04-06-2014 6:30 AM

0 Kudos

Can I change suspicion to hope instead? I would hope part of the question would involve knowing what/why the limitation is and how to fix it?

Go to solution
mvoros
Active Contributor
In response to Former Member

‎04-06-2014 7:32 AM

0 Kudos

My opinion was influenced by rainy weather. So if you have a nice sunny Sunday then I am not surprised that you have more optimistic view 😉

Cheers

Go to solution
Colleen
Advisor
Advisor
In response to Former Member

‎04-06-2014 7:35 AM

0 Kudos

There was sun...followed by a thunderstorm and p|ssing down rain. I'm now starting to agree with your assessment

Go to solution
former_member1180130
Explorer
In response to Former Member

‎04-06-2014 8:15 AM

0 Kudos

Hi Julies,Lee and Martin,

Really thankful to you but unfortunately i haven't showed my confidence with interviewer on this question.

thanks to scn and  all of you.

Go to solution
Colleen
Advisor
Advisor
In response to Former Member

‎04-06-2014 12:43 PM

0 Kudos

Hi Mohd

Do you now understand what the limitation is and why and what are you options to resolve this?

Confidence aside (that comes with experience), if you were asked this question in future (or more importantly faced this scenario in your system) would you know what to do?

Regards

Colleen

Go to solution
Former Member
In response to Former Member

‎04-07-2014 4:08 PM

0 Kudos

yes, probably that is the answer being looked for.  But it's like saying "we have a bad security design here, how can we mask the problem and pile even more profiles on our users"       Reference users aren't supposed to be used to bypass profile limitations, they serve a different purpose.  I would be careful seeking employment there, it could be a frustrating system to support.

Go to solution
former_member196995
Explorer

‎04-07-2014 7:53 PM

0 Kudos

HI siddhu,

Create one Reference user id and assign the addition roles and map to dialog user.