Hi Vikram,

The Q is abit unclear to me. Is it as below ?

1. What actions/transactions are to be performed by a systema dmin daily.

or is it...

2. What roles should a system get himself assigned to perform his daily routines ?

To get the idea right ...let us know how u look at the issue.

Br,

sri

If you have an application authorization concept which actually works, and you want the client admin to make changes to the T000 settings, then you are best off by creating a role of your own or amending their existing one to do client admin.

First check tcode SUCU to see which authorization group (tdddat-class) table T000 has. If need be, move it to a more exclusive group...

Then add the following objects to the role:

S_TCODE = SM30

S_TABU_DIS = Activity = 02, 03, 08 and others if you must, and table calss= <Exclusive value you give in SUCU>

S_TABU_CLI = X

However, this will mean that the user(s) from any clients can administrate the other client settings if they have this or a stronger role!

If you want to control this client specifically, then activate S_TABU_LIN for table T000 field MANDT (you can find this in SPRO -> IMG -> General Settings... or somewhere close to that) or there should be transaction code for it (SE93 -> LIN -> F4)? Not sure. In this case you also need to add S_TABU_LIN table = T000 field = MANDT value = <the client they can maintain>.

The same restriction will apply to SE16 and if the user has something stronger in another role then chances are good that they will bypass this control.

Take a look at SAP predelivered role

SAP_BC_CLIENTCOPY.

Message was edited by: Keerti Vemulapalli