05-22-2015 3:18 AM
Hey all,
I would like to know if there is a possibility that authorizations get added to roles when you remove t-code from it... Kindly help me understand why this could happen or what can I check to know from where these "un-wanted" authorizations came in from..
I'm eagerly waiting for an answer... Thanks in advance!
- Anju Choudhary
05-22-2015 4:47 AM
Dear,
When ever you Add or Remove dependency authorization objects will be added , so we need to clear those unwanted over laped authorization objects and we need to generate profile for every action.
System will not remove customized object values at the time of removing T.Code from a ROLE.We need to take care of this action.
Regards,
pardhu
05-22-2015 4:37 AM
Yep. It's possible that additional authorizations were only just made effective depending on how the role has been maintained previously.
If an authorisation default was maintained, or updates were delivered by SAP, but the role profile has been maintained manually until now (as opposed to compared) then it might be that the new authorisation defaults have only just been brought in.
05-22-2015 4:47 AM
Dear,
When ever you Add or Remove dependency authorization objects will be added , so we need to clear those unwanted over laped authorization objects and we need to generate profile for every action.
System will not remove customized object values at the time of removing T.Code from a ROLE.We need to take care of this action.
Regards,
pardhu
05-22-2015 6:48 AM
Thanks for replying ... also I've been hearing about the expert mode concept.. can u tell me how does that help in maintaining authorizations in a role..
05-22-2015 7:32 AM
Dear,
Please read SAP notes:113290 and 679050 for better understanding.
Expert mode is using the values assigned in SU24 transaction
Regards,
pardhu