Skip to Content
avatar image
Former Member

SAP_J2EE_Admin has PFCG Access Rights?

We just got the Information, that a user can create roles in pfcg. The search / SUIM for S_USER_AGR with ACTVT 01 for this user provides the following role as a result: SAP_J2EE_ADMIN... Nevertheless, the role SAP_J2EE_ADMIN is empty / has no Profile at all.


Is this a known issue?


We added a random object to the role SAP_J2EE_ADMIN and generated it, then the search for S_USER_AGR with ACTVT 01 does not provide the Role SAP_J2EE_ADMIN as a result anymore. So this would help, but is not really a good solution either.

Any ideas?

Thanks a lot!

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jul 07, 2017 at 11:02 AM

    Hi Sybil

    Could the SAP* role have been previously generated so that the use had the profile? Might be too late to replicate this but did you look in the user's buffer to see which profile the authorisation was coming from? Afterwards, run PFUD for user compare and cleanups to see that it disappears (assuming the profile was deleted)

    Regards

    Colleen

    Add comment
    10|10000 characters needed characters exceeded