Skip to Content

SAP_J2EE_Admin has PFCG Access Rights?

Apr 27, 2017 at 03:51 PM


avatar image
Former Member

We just got the Information, that a user can create roles in pfcg. The search / SUIM for S_USER_AGR with ACTVT 01 for this user provides the following role as a result: SAP_J2EE_ADMIN... Nevertheless, the role SAP_J2EE_ADMIN is empty / has no Profile at all.

Is this a known issue?

We added a random object to the role SAP_J2EE_ADMIN and generated it, then the search for S_USER_AGR with ACTVT 01 does not provide the Role SAP_J2EE_ADMIN as a result anymore. So this would help, but is not really a good solution either.

Any ideas?

Thanks a lot!

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Colleen Hebbert
Jul 07, 2017 at 11:02 AM

Hi Sybil

Could the SAP* role have been previously generated so that the use had the profile? Might be too late to replicate this but did you look in the user's buffer to see which profile the authorisation was coming from? Afterwards, run PFUD for user compare and cleanups to see that it disappears (assuming the profile was deleted)



10 |10000 characters needed characters left characters exceeded