12-21-2011 8:46 AM
Hi,
What are the basic roles that would need to be assigned for a normal abap developer?
We have just installed new system and would like to know the basic roles that would give authorizations to these transactions
IDOC
ALE
RFC
Queues etc
Development Transactions
Regards
12-21-2011 9:00 AM
go to su01 and set up roles for
1.ABAP Developer
2.Basis Job Creation/Scheduling
3.Create Transports
4.Workflow Administration
12-21-2011 9:00 AM
go to su01 and set up roles for
1.ABAP Developer
2.Basis Job Creation/Scheduling
3.Create Transports
4.Workflow Administration
12-21-2011 9:00 AM
Hi Krish,
I thinks that you should define a new role for Abap Developer. In this role, you can assign all basis transactions and you can add more if need.
- You can use PFCG create new role and assign some basis transaction as SE38, SE37, SE11,SE16, SE18, SE19 ...
Regards,
Nguyen Huy.
12-21-2011 11:25 AM
HI Krish
You can go to Tcode SU01, there you can find some tabs like Address, Logon data, SCN, Roles, Profiles etc.,
here in the Roles tab, alot the roles and
in Profiles tab, just give SAP_ALL and SAP_NEW
I hope your problem may get resolved
Cheers
NZAB
12-21-2011 11:38 AM
Yes, most developers will want SAP_ALL and/or SAP_NEW.
Hurray! Me too.
However, usually there will be the (annoying?) Masterdata Responsible who will now get shivers and will probably start looking for ways to block your access to the system.
In all honesty, in a development system or a sandbox, yes. Those two might be okay to give. But, most companies will have different views. Talk to the Basis team or Masterdata team.
I would vote for:
ABAP/4 Development Workbench: S_DEVELOP
Workflow: Work item handling: S_WF_WI
Authorization check when using RFC to access program modules (such as function groups): S_RFC.
You can always use SU53 to check for failed authorisation checks and let them decide if you NEED to perform the task.
12-21-2011 11:38 AM
In addition to the Above,
access to table (S_TABU_DIS) and S_ADMI_FCD, access to create RFC Destinations would be needed by the developers
12-21-2011 6:27 PM
Krish,
rather than waiting for answers here, just dont give any roles to the users and keep executing the required tcodes, you can easily find out which auth objects are needed. goto SUIM,find the roles and assign them.
12-21-2011 9:16 PM
Dear Krish,
All these roles are client specific , based on the requirement only we will assign authorisations for the user, Again it is different from DEV to Quality and Production. A custom role/profile will be created first, all the tcodes will be assigned to that. again based on the activity ( create, change, display, execute) we can control these transactions.
Generally an abaper will have tcodes
for CTS
se01
se09
se10
scc1
scc4
for development
se11
se14
se18
se19
se24
se37
se38
se39
se41
se51
se63
se71
se73
se80
smartforms
for analysis
se30
st22
st05
for rfcs
sm58
sm59
in general development will have SAP_ALL profile , in quality and PRD it will be controlled thru roles/profiles.
12-21-2011 9:20 PM