I administer an SAP ECC 6.0 system on Oracle 10.2.0.2 /AIX 6.1. Ocasionally some mischievous superusers make direct change roles in the production system. This is a serious compromise of security and I'm under instructions to curtail this practice
I require your assistance on the following
1) Is it possible to disable generations of profiles via PFCG in the PRD & QAS systems ? I reckon such a development all changes to roles will have to be done in the DEV system & thereafter transported across the landscape. How else should I overcome this problem ?
2) Is it possible to identify the particular user who made the direct change to the roles in the PRD system ?