This website is not affiliated with, sponsored by, or approved by SAP AG.

Authorizations for importing roles via SCC1

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Authorizations for importing roles via SCC1

Postby Christina » Wed Sep 19, 2012 7:14 am

In order to keep role development separate across business functions/modules etc., my company has a strategy, where role developers are only allowed to develop/maintain roles within a certain namespace. I.e. role developer A has authorization for working with roles and profiles beginning with the letter A whereas role developer B has authorization for working with roles and profiles beginning with the letter B.

When testing roles, the roledevelopers enter the role in question into a transport and moves this transport to another client via SCC1. Here the problem arises, since SCC1 requires authorization for objects S_USER_AGR (ACTVT 01 and ACT_GROUP *) and S_USER_PRO (ACTVT 01 and PROFILE *), which violates the development principle in our organization.

Has anyone encountered this issue and have you found a solution for it?

Regards,
Christina
Christina
 
Posts: 22
Joined: Wed Feb 18, 2004 2:55 am
Location: Denmark

Re: Authorizations for importing roles via SCC1

Postby jurjen » Thu Sep 20, 2012 6:23 am

In which client are these rights required? The source or the target client?
jurjen
 
Posts: 298
Joined: Wed May 17, 2006 8:17 am
Location: The Netherlands

Re: Authorizations for importing roles via SCC1

Postby Christina » Thu Sep 20, 2012 6:43 am

They are required in the target system :)
Christina
 
Posts: 22
Joined: Wed Feb 18, 2004 2:55 am
Location: Denmark

Re: Authorizations for importing roles via SCC1

Postby jurjen » Mon Sep 24, 2012 4:59 am

So, what's wrong with your developers having different rights in the development client and the test client?
As long as the development client always is the starting point of your role transports and no rights are granted to create transports in your test client I do not think there is a real issue. if the developers are allowed to create roles in the test client they can't transport them through your landscape.
jurjen
 
Posts: 298
Joined: Wed May 17, 2006 8:17 am
Location: The Netherlands


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 4 guests





This website is not affiliated with, sponsored by, or approved by SAP AG.