Skip to Content
author's profile photo Former Member
Former Member

Restrict access to Production system

Hi Friends,

We have an issue in our company. users with PFCG and masterdata maintainence role wants display only authorization for IMG. does this combination works? according to my knowledge when i will add display only role for IMG with PFCG and Masterdata role, it will give access to modify all data in IMG.



Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jun 13, 2008 at 09:41 PM

    Don't give it through IMG. Create a role with tcode PFCG and change the settings to display 03.

    My advise is NOT to give them PFCG. Give them relevant tables to check users to roles, composite roles, auth objects, etc. They have no business in PFCG.

    Relevant tables in se16 AGR* for roles.

    Besides if they have the role open in PFCG and that role is being transported to PROD, it can be a potential problem.

    Edited by: John Navarro on Jun 13, 2008 11:41 PM

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Alex Ayers

      Solution can be simple.

      DONNOT give access to IMG in production, if people want to know if changes have been transported they can review the transport log, if in doubt if transport was successfull they can check in QAS. if it worked there it must have worked in Production also.

      and if someone still claims that it does not work use a firefighter ID to check, but never give it to an normal userid!!!

  • Posted on Jun 13, 2008 at 05:43 PM

    This depends on a few things, not least how you have built your PFCG & Master Data roles. If you have S_TABU_DIS ACTVT 02 for a load of auth groups (or *) then you will be giving change access to a large number of IMG tables. Some will be protected by client settings and S_TABU_CLI but don't bet on it....

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.