- SAP Community
- Products and Technology
- Additional Q&A
- Role Expert and transporting of roles
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Role Expert and transporting of roles
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 08-28-2007 2:25 PM
Dear all,
With a typical ECC landscape consisting DEV, QAS and PRD, roles are created in DEV using PFCG and then transported from DEV using the truck icon in PFCG.
With Access Controls - Role Expert installed and connected to my ECC DEV system, I create roles on DEV.
What do you suggest to do next:
1) transport roles from DEV using PFCG
or
2) create the same roles on QAS and PRD via a Connector on the Landscape
3) install a GRC Role Expert box for each system (QAS and PRD) and use the Role Import function to upload role files previously downloaded from DEV.
Any help greatly appreciated.
Thanks,
Babak
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Good Practice would be to undertake all role maintenance (create, change etc) in your RE front end which is connected to your DEV R/3 system and then push your completed roles across.
All your testing etc is performed in the appropriate systems and if any changes are required perform them back in RE.
You push the roles from DEV -> QA -> PRD using standard R/3 transports.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Answers (3)
Answers (3)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear All,
i've read with interest this topic due to that we are facing with similar problems.
We are planning to put RE 5.2 in production environment and chalenge is how to transport roles eficiently.
I agree with all of you that PFCG is easist way. This is what we are doing now to move roles from DEV, QAS to PROD.
But where is RE in this story? It should be used for central maintenance of all roles. And requests for a role change should come from Business Process Owners. Apperently they are also RoleOwners (used in AE too).
Administrators should only receive task list which authorization and other data they should maintain and what role has to be transported after approval (testing and QA).
Also additional security must be available for BPO's.
Currently none of this is not possible with RE 5.2.
One of the solution is that request for change come in e-mail and all changes is done by Admin. After testing, done by BPO, and approval role should be transported. But again how to configure that Admin is notified that request for
certain role is approved and WF closed so transort of the role can be done later in PFCG.
If everything should be done by Admin then I don't see significant benefits of using RE against PFCG (except list roles of all systems)
Can you describe your business scenario and usage of RE.
Thanks,
Robert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I would go with option 1 - it is the least amount of effort compared to the 2 others you mention. There is mass transport function within PFCG as well so you can move all of your roles. I believe the transport function would also be faster from a performance point of view.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Babak,
You can use <i>Role Import function to upload role files previously downloaded from DEV</i>.
Regards,
Naveen.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
thanks for your reply Naveen.
Yes I know about the Role Import function.
I guess my question is more to do with what is the best option.
Because if I use this Role Import method, I guess the transport mechanism for roles will no longer be used. This can be disadvantagous due to lack of logging and ability to roll back etc.
What do you think?
Thanks,
Babak
- Freight Generation in Data Collation Document using Freight Rate Table or Pricing Multireference in Supply Chain Management Blogs by Members
- FAQ on Upgrading SAP S/4HANA Cloud Public Edition in Enterprise Resource Planning Blogs by SAP
- New webcast series on “SAP BTP DevOps and Observability in Action” in Technology Blogs by SAP
- Innovate Faster: The Power Duo of SAP Activate and Scaled Agile Framework (SAFe) in CRM and CX Blogs by SAP
- Integrate CI/CD with cTMS as part of SAP Cloud ALM in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.