on 05-07-2008 11:27 AM
Hi,
What is the difference between AUTHORIZATION, ROLE and PROFILE.
1) I NEED TO GIVE TO MY SD IMPLEMENTATION TEAM ONLY SD T-CODES.
2) I MUST GIVE TO THE END SD CLIENTS ONLY SD T-CODES.
Is there any difference to give to Implementation team and End clients SD t-codes.
Can any one tell the procidure how to give AUTHORIZATIONS only to SD people.
Thanks in Advance
Regards,
Sateesh J
In brief,
Authorization = The authorization object containing various fields like 'Activity', etc. which grant access(e.g. Activity - 03 will give display access for that particular authorization object.
Profile = grouping together of authorizations (max 150 authorizations in one profile).
Role = container of Profiles (makes it easier to track, since profiles have difficult nomenclature and can hold only 150 authorizations)
_______________________________________________
You cannot assign T-codes directly to Users. You need to assign them Roles.
To find SD Roles, got to Transaction PFCG
Enter SAP_SD* and press F4 key. You will get list of all SD standard roles, make a copy of these Roles and assign them to SD Uses
But SAP_SD* wont list out all relevant SD roles.
I suggest you use SAP_* to see all SAP standard ROles and then from their description determine whihc Role you want.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
To explain you in simple terms the differences btw authorizations, role and profile:
Roles are like C codes on the screen and profile are the output when u compile and run.
Authorization objects are assigned to the role and together they create the profile.
Autorization objects can be like create, display, etc.
Like SAP_ALL is a profile
Hope this is helpful..
Regards,
Mahesh
PS: pls close the thread so that it will be helpful for others to track later.
WHY ARE YOU TYPING IN UPPERCASE???
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You need to talk to your SD Team Lead. Hewill give a list of Transactions required for which group of users.
Then create a Role for each group.
Assign the transaction obtained earlier.
This would generate a list of authorization objects and classes.
You will need to attend all the open authorizations.
Once done, generate the profile associated with this role. It will prompt you for a name for the profile if it's a new role.
Hope this helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Just to gather people attention
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.