Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Role for Basis Admins

Former Member

‎04-26-2012 9:27 PM

0 Kudos

Dear Gurus,


We are in the realisation phase of  an implementation project and I want to make a role for Basis Administrators.

I need some suggestions as this role will be a complex one to make as it shall have lots of tcodes.

Can someone please suggest me how to approach this issue ?

Also how can i make a DISPLAY ALL role, I heard that display all role was avaialbe till 4.6 C but we dont have any 4.6c system to take references.

Cheers !

Shobhit

5 REPLIES 5

Former Member

‎04-26-2012 11:47 PM

0 Kudos

Hi shobhit,

  Please go through the standard SAP basis role SAP_BC_BASIS_ADMIN and customize it according to your needs with the discussion of client.

Also for Display all role, please let me know what is your correct requirement?Are you looking for all display access in one role and for which team you are looking for this role.

Thanks,

Varun Jain

Former Member

‎04-27-2012 8:51 AM

0 Kudos

HI Shobhit Garg,

as mentioned by varun you can copy this standard role as per your naming convention eg Z_ and generate the profile.

if you want display all, copy the role to desktop and edit it using notepad, replace all the activity value 01, 02 etc with 03 and then upload the role. this is a easy way to have display role for basis.

same you can have a display role for SAP_ALL as well.

please let me know if you have further issues.

thanks

kanth

jurjen_heeck
Active Contributor
In response to Former Member

‎05-01-2012 5:21 PM

0 Kudos 
Kanth Kraleti wrote:
           if you want display all, copy the role to desktop and edit it using notepad, replace all the activity value 01, 02 etc with 03 and then upload the role. this is a easy way to have display role for basis.
same you can have a display role for SAP_ALL as well.
       

Only setting activity fields to 03 does not create a complete and/or reliable read-only role.

Besides that, editing downloaded role files is a great way to create a mess in your system. The upload functionality does very few integrity tests on the file. I consider this to be bad advice.

Jurjen

Former Member
In response to Former Member

‎05-07-2012 6:57 AM

0 Kudos

Hi Heeck,

I do accept this is a hard way, but in the present versions if you want things in quick action its better. or else we do take the requirement and edit each object individually which is a long process and may lead to errors

kanth

jurjen_heeck
Active Contributor
In response to Former Member

‎05-07-2012 8:51 AM

0 Kudos

Hi Kanth,

My basic objection with the solution you gave is that there are several objects without an ACTVT field, such as S_ADMI_FCD, S_BTCH_JOB, S_BTCH_ADM, S_CTS_ADMI  and several others which may leave some 'interesting' gaps in a role built by only editing the ACTVT field.

There are also some objects where the '03' activity does not reflect a 'read' authorization. Unfortunaltely I do not have an example at hand right now.

So yes, for a 'quick and dirty' approach it may work but I would never present it as a solution to create a 'read-only' role. My objection against editing PFCG download files still stands 😉

Cheers!

Jurjen