Page 1 of 1

Authorizations for importing roles via SCC1

PostPosted: Wed Sep 19, 2012 7:14 am
by Christina
In order to keep role development separate across business functions/modules etc., my company has a strategy, where role developers are only allowed to develop/maintain roles within a certain namespace. I.e. role developer A has authorization for working with roles and profiles beginning with the letter A whereas role developer B has authorization for working with roles and profiles beginning with the letter B.

When testing roles, the roledevelopers enter the role in question into a transport and moves this transport to another client via SCC1. Here the problem arises, since SCC1 requires authorization for objects S_USER_AGR (ACTVT 01 and ACT_GROUP *) and S_USER_PRO (ACTVT 01 and PROFILE *), which violates the development principle in our organization.

Has anyone encountered this issue and have you found a solution for it?

Regards,
Christina

Re: Authorizations for importing roles via SCC1

PostPosted: Thu Sep 20, 2012 6:23 am
by jurjen
In which client are these rights required? The source or the target client?

Re: Authorizations for importing roles via SCC1

PostPosted: Thu Sep 20, 2012 6:43 am
by Christina
They are required in the target system :)

Re: Authorizations for importing roles via SCC1

PostPosted: Mon Sep 24, 2012 4:59 am
by jurjen
So, what's wrong with your developers having different rights in the development client and the test client?
As long as the development client always is the starting point of your role transports and no rights are granted to create transports in your test client I do not think there is a real issue. if the developers are allowed to create roles in the test client they can't transport them through your landscape.