Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Changing Role created with Customizing Auth. Utility

Former Member

‎02-23-2010 1:48 AM

0 Kudos

I created a role in PFCG using the Customizing Auth. option under Utilities by referencing a project view that I created in the IMG. My intent was to create a security role with access to all of the SPRO tcodes and related security objects. I then modified that role so that it only granted display access to these transactions.

Later, I discovered that this role also granted access to SE38, SE37, SA38 and other critical transactions. I know this will raise concerns with my auditors so I attempted to delete these transactions from my role. I was unable to do this because my role was created with the Customizing Auth. option.

Does anyone know of a way that I can remove these tcodes from the S_TCODE object?

Thanks,

Dennis Beausoleil

<telephone_number_removed_by_moderator>

Edited by: Julius Bussche on Feb 23, 2010 12:04 PM

Please use your business card options for such details.

4 REPLIES 4

Former Member

‎02-23-2010 6:20 PM

0 Kudos

> 

> I created a role in PFCG using the Customizing Auth. option under Utilities by referencing a project view that I created in the IMG.  My intent was to create a security role with access to all of the SPRO tcodes and related security objects.  I then modified that role so that it only granted display access to these transactions.
> 
> Later, I discovered that this role also granted access to SE38, SE37, SA38 and other critical transactions.  I know this will raise concerns with my auditors so I attempted to delete these transactions from my role.  I was unable to do this because my role was created with the Customizing Auth. option.
> 
> Does anyone know of a way that I can remove these tcodes from the S_TCODE object?
> 
> Thanks,
> 
> Dennis Beausoleil    
> <telephone_number_removed_by_moderator>
> 
> Edited by: Julius Bussche on Feb 23, 2010 12:04 PM
> Please use your business card options for such details.

Dennis,

In PFCG authorization change, inactivate the S_TCODE auth object then manually add S_TCODE and enter/paste the desired transactions with the exception of SE38, SE37, SA38 and other critical transactions.

Good Luck!

Former Member

‎02-23-2010 6:34 PM

0 Kudos

Julius,

Thanks for your suggestion but there are hundreds of tcodes in this role and I am only able to cut and paste 8 at a time. It would take a VERY long time to do this. Does anyone know how to enlarge the size of the Field Values pop-up window in PFCG??

Dennis Beausoleil

Former Member
In response to Former Member

‎03-12-2010 5:03 AM

0 Kudos

Dennis,

Please refer note 389675. You can download all these transactions from AGR_TCODES and then create a text file. In PFCG menu tab you can use function Import from file.

Former Member
In response to Former Member

‎03-12-2010 6:46 AM

0 Kudos

please see the comments of John , and Mr Gupta..

This is the only way..

either use text file to upload or list you tcodes in excel and disbale S_TCODE ..

Insert S_TCODE manually.. and add those TCODES you have in your list that need to be executed with the role ..

Thanks,

Prasant k Piachha