Skip to Content
avatar image
Former Member

SAP_ALL DISPLAY only

Dear ALL,

I need to create a role with SAP_ALL but display only. But it is long and tedious task to change all ACTVT to value 03.

Please suggest some quick solution. If anyone of you has this role already created in your system, please send that to me.

Thanks in Advance

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Jun 05, 2007 at 10:19 AM

    Hi Hemant,

    Adding to the above, if you download it into excel ( .xls ) then you will be able to replace all the values for all the ACTVT fields by 03 in one stroke; using find and replace functionality.

    1. Download the role to your harddisk in excel format.

    2. filter it with the term AGR_1251*

    3. Replace all values for ACTVT with 03.

    4. Save it and upload it into the system.

    Please confirm if solved.

    Cheers.

    ---Shamish

    Message was edited by:

    Shamish Lele

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 04, 2007 at 11:32 AM

    Hello Hemanth,

    Prior to 4.7 there was a role "SAP_ALL_DISPLAY" but not after that.

    If you are working on 4.7 versions you can download the role from 4.6 and upload to 4.7 ver and then generate the role.

    Or we can create a new role from SAP_ALL profile

    For this create a Zee role in PFCG. Go to authorization tab in change mode (don't select template). Go to Edit tab -Insert Authorizations -From Profile. In the profile name tab enter SAP_ALL. This will copy all the authorization objects from SAP_ALL into this new Zrole and generate.

    Download this role to your PC, Open the role with notepad, Search for 'ACTVT * '

    Replace it with "ACTVT 03", S_TCODE -


    Transaction should be *

    And then upload and generate the role.

    Note: But this is not good practice.

    Thanks

    Purna

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      HI Mahtab,

      have you replaced all the ACTVT fields with 03 ( and 08, 09 if required )?

      Please check it once again. Also please let me know few of the transaction codes that according to you are not getting restricted...

      Cheers.

      ---Shamish

  • avatar image
    Former Member
    Jun 05, 2007 at 07:12 PM

    Hi Hemant,

    You might also want to consider ACTVT 08 (display change docuemnts) and deactivating some other objects entirely.

    Also, if you want the user to only display the audit log (SM20) you would need to maintain the program context name and the exact name of the routine to distinguish between change and display.

    I dont think that there is any quick solution, but working with such a role is worth mentioning that the user should not have any other roles at the same time. Most likely that is also why SAP removed the temptation of their generic delivered SAP_ALL_DISPLAY role? Just a guess.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 12, 2010 at 07:15 AM

    Well,

    Unfortunately it's not a simple find and replace.

    You'll find anomalies after you upload the role.

    Even though it's maintained in the a.object, you'll get authorization check failed.

    If you don't believe me, just do SE37, ME1M, or MM03 after you've uploaded the role contain ACTVT 03 only.

    Check with SU53 and PFCG to compare.

    Best Regards,

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 12, 2010 at 08:22 AM

    Hi

    Run the transaction PFCG->assign su01n transaction is a display activity of SU01 then generate

    Thanks

    Manish Gupta

    Add comment
    10|10000 characters needed characters exceeded