We are a small SAP shop, so our BASIS person is responsible for various Admin functions in the system.
I need to create a role for BASIS Admin. I tried to use SAP_ALL to start with, then to inactivate parts of it. It works from the security point of view (although it is a lot of work), but it does not give me a list of transactions and therefore makes it difficult to maintain going forward.
I searched multiple old threads, but was unable to obtain a clear answer.
Will it be considered acceptable (<i>i.e. a good practice</i>) to just gather list of transactions which, in my opinion, (possibly by combining transactions from SAP supplied standard roles) BASIS Admin needs and then add/remove additional ones as need arise?
Thanks in advance