Dear SAP security experts,
I created a Role SAP_ALL_DISPLAY inherited from SAP_ALL profile. I made sure that ACTVT is 03 for all areas. But still it is allowing for some Tcodes like below :
RSA6 -- It is allowing to delete, change, create ...extractors. This is very dangeours
SM37 -- It is allowing to delete BG jobs..etc
.....some more I did not know...dont have time to check.
tcodes like RSA1...SCC*..SPRO... are OK. If finger the check indicators in SU24 for the above tcodes(RSA6,SM37..), what are the bad consequences?. How to fix this in an easy way?
Thank you very much