Skip to Content
0
Former Member
Nov 02, 2010 at 10:40 AM

access via profile

208 Views

Hi,

While auditing security at a company I noted that there was a user which had a non standard SAP_ALL equivalent profile assigned to it on profile tab of the user master (SU01). The assignment of this profile is not due to assignment of a role to user. (*Generally profiles are assigned to user by SAP automatically when user is assigned a role.*) The client informed me that this profile is old profile and was discarded long ago. May be this profile was existing in systems before 4.6c and has got to the user during upgrade.

This profile apparently provides the access to t code in question and client says that this profile is SAP_ALL equivalent so the user should have all access if this profile is effective. Client created another user before me using exact same access as old user and entered the t code in question for execution. The message was- u201CYou are not authorizedu2026.u201D Client says the profile so assigned to user does not provide any access to user since there is no matching role for this profile in user mater records.

Question:

My understanding was that a profile provides access to a user in SAP. Role is for general end users for ease of understanding and maintenance. If so, why in this case user does not have SAP_ALL access even if he has SAP_ALL equivalent non standard SAP profile.

Thank you,

Partha