Skip to Content
0
Former Member
Sep 13, 2007 at 07:10 AM

Issues with SAP_ALL - Display only

1945 Views

Dear SAP security experts,

I created a Role SAP_ALL_DISPLAY inherited from SAP_ALL profile. I made sure that ACTVT is 03 for all areas. But still it is allowing for some Tcodes like below :

RSA6 -- It is allowing to delete, change, create ...extractors. This is very dangeours

SM37 -- It is allowing to delete BG jobs..etc

.....some more I did not know...dont have time to check.

tcodes like RSA1...SCC*..SPRO... are OK. If finger the check indicators in SU24 for the above tcodes(RSA6,SM37..), what are the bad consequences?. How to fix this in an easy way?

Thank you very much