This website is not affiliated with, sponsored by, or approved by SAP AG.

How to Restrict administrator access to roles in PFCG?

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

How to Restrict administrator access to roles in PFCG?

Postby IAmLost » Thu Feb 17, 2011 3:13 am

Hihi,

Was wondering if anyone of you know if we can restrict the administrator access to certain roles in PFCG? Is there any values or objects that you can restrict to control the access?

Picture:
We have regional SAP administrator and Local Administrator. The company would like to restrict the access to local administrators, where they can only make changes to certain roles. They are able to vies the roles to see the Tcodes and objects but not able to change for those restricted roles.

Regional administrator is able to have full access.

Is there a way to control such restrictions? Appreciate any replies. Thank you!!

cheers
IAmLost
 
Posts: 1
Joined: Wed Jun 09, 2010 9:42 pm

Re: How to Restrict administrator access to roles in PFCG?

Postby jurjen » Thu Feb 17, 2011 5:08 am

A good naming convention will do the trick.
jurjen
 
Posts: 298
Joined: Wed May 17, 2006 8:17 am
Location: The Netherlands

Re: How to Restrict administrator access to roles in PFCG?

Postby John A. Jarboe » Thu Mar 03, 2011 10:32 am

You can do this using a combination of S_USER_AUT and S_USER_PRO. there may be another that might work as well so look at the S_USER_xxx authorization object.
John A. Jarboe
John A. Jarboe
 
Posts: 322
Joined: Tue Mar 07, 2006 8:48 am

Re: How to Restrict administrator access to roles in PFCG?

Postby mitrak » Wed Apr 20, 2011 12:40 pm

Where were you John Jarbo ! The ultimate Guru of SAP Basis.

Thanks for your comeback.

Kumar/Germany
Kumar from Germany
B. Sc.(Physics) / Wirt. Informatiker
SAP Consultant
mitrak
 
Posts: 237
Joined: Mon Mar 24, 2003 7:50 am
Location: Germany

Re: How to Restrict administrator access to roles in PFCG?

Postby os » Sat Apr 23, 2011 4:41 pm

Note that as of 7.02 the "authorization group" field of S_USER_GRP is an org. level field!

This will impact roles. There are several other "major release" aspects to consider.
os
 
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 5 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.