Deletion of SAP standard roles

Similar Messages

• Break sap standard role into two sub roles

  hi,
  i have one SAP standard role. now i want to break this role into two  sub roles. how shall do it.
  please suggest me.
  regards
  ramesh
  Edited by: Ramesh Sammiti on Jul 31, 2008 11:00 AM

  Hi Ramesh,
  When you say that you want to split the SAP Standard role into two roles:
  1.Do you mean to say that you want to split the transactions and authorization data of the SAP Standard role into two separate Z* or Y* roles?
  2.Do you want to copy the SAP Standard role into two different Z* or Y* roles and then modify the authorization data according to your company's requirements?
  In the above two scenarios you must copy the SAP Standard role into Z* or Y* roles in PFCG transaction with the appropriate naming convention and make necessary changes in both the transaction data and the authorization data.
  Please be clear which SAP Standard role you are willing to split into roles and i can provide more details.
  Hope this helps.
  Regards,
  Kiran Kandepalli

• SAP Standard Roles

  Hello everyone.
  What is SAP's best practice for using (customizing) the SAP standard roles? I have always used the standard roles as templates to customize for my customers. Is there a stated SAP best practice for this?
  If I use a standard role, customize it and copy it to the company namespace and the standard role it is customized off of changes, does my customized role change?
  How do release upgrades affect the standard SAP roles?
  Thanks!
  Todd

  Hi Todd,
  If you copy the roles to a your own namespace then they won't be touched during upgrade.
  I can't comment on what happens to standard roles during upgrade as I tend to avoid them.
  There is no accepted best practice around using standard roles, though there is reasonably wide belief that developing your own from the ground up is a better way to develop roles to meet your customers business processes. 
  I find that where standard roles have been used, the end user roles have generally a lot of unused transactions.  Functional & business people see a large list & choose most of them rather than building up from a subset of inscope transactions which are also used for training, BPP's etc.
  There is also the consideration that using standard roles guides you to building in the same way.  That's not to say it is a bad way, just can limit flexibility if you build down to a task level (nasty, nasty, nasty) or higher at a job or function level.
  Cheers
  Alex

• SAP Standard roles assignment

  Hi,
  I want to assign a SAP standard role SAP_BC_BMT_WFM_ADMIN to a user.
  Since I do not directly assign a SAP standard role to a user,i created a copy of the SAP_BC_BMT_WFM_ADMIN of the role and tried assigning it to the user.
  But when I tried to generate the role I was not able to because all the objects are Inactive.So when i tried to activate the object it is not possible to do so.
  Can anyone provide me a solution for this.
  Regards,
  Arjun

  > But when I tried to generate the role I was not able to because all the objects are Inactive.
  Please try to tell us a bit more about what you see and which messages you get. I had a look at this role in my customers'system and did not see any deactivated objects.

• Download all roles Individually and list all the SAP standard roles

  Hi ,
  I have two questions .
  1. I want o download all the roles individually in SAP.
  2. I want to list all the SAP standard roles whose profile is generated.
  Can anyone help me . to achieve this

  Dear,
  I am no sure what kind of problem you have faced that requires revert back. Which took 2 days. If it's for mass role revert back then mass role download should work. If it few selective role then change history should help you out.
  Anyway I might pull this out of the topic.
  Even you download mass role in a single file then also if you want then can upload a single role only with 2-3 mins spending on replace function in notepad!!
  Let say you have taken 1000 role in a single file and want to upload a specific role only. Open the file (copy of the file) in a notepad. Now replace(Ctrlh) LOADED_AGRS with nothing. Find(Ctrlf) the role you want to upload. In begining of that line paste LOADED_AGRS
  Above file will upload the specific role only.
  Regards,
  Arpan Paik

• SAP standard roles for Mii inside of objects?

  Hi,
  It is our practice to rename SAP standard roles we plan to use "as is" to our company's naming convention.  I am being told by an Mii implementer that Mii uses the standard role names in objects and that by changing these names to our convention, I will create "complications" in their implementation process.  I find this hard to believe, it would be a departure from what (little) I know about SAP and how they handle authorizations and roles.  It also seems to be very limiting when it comes to customization in the future.
  Is this true?  Does Mii name standard roles inside of objects? (These "objects" were not clearly defined to me and I plan on calling a meeting so they may show me examples.)
  Anyone else on Mii have this issue?

  As far as I know, in Mii a user typically needs at least one of these roles:
  SAP_XMII_User
  SAP_XMII_Developer
  SAP_XMII_Administrator
  You can of course add additional roles with the authorization the different users require using your own naming convention.
  I think this is what the Mii implementer is talking about.
  Good luck!

• Customer role from sap standard role SAP_SM_SCHEDULER_DIS or SAP_SM_SCHEDUL

  HIi,
  according SAP Note Note 1054005 - FAQ: Job Scheduling Management with SAP Solution Manager we want to design a customer role with this roles as templates.
  But:
  There are a lot of open authorization objects.
  We need proposal how to fill this role with adequate values.
  Does anybody has designed customer roles from that standard roles ?
  What values are advisable ?
  Regards,
  Roland Fischl

  Dear Aviya Paul,
  1. Who will responsible for Authorization Matrix?
  Authorization Matrix that define "what position may have access to which authorization/ role" shall be developed by User (Management), with support from BASIS. User is the one who have the authority to decide, while BASIS should help User in understanding the technical knowledge of access authorization.
  2 to 5. BASIS.

• Modifying SAP standard roles - best practice

  Hi,
  Is there a Best practice How-to guide for configuring SAP BPs roles for client use.  I know I shouldn't change the content delivered by SAP but I'm not quite sure what I should delta link copy into client namespace.
  I am implementing MSS.  Do I just delta link copy the Manager role into client namespace or I should make a delta link copy of the My Staff workset then make changes to the workset and assign it to a completely new ClientManager role?
  I have the TransportEP6Content how to guide but it doesn't say explicitly what is best parctice.  This doc references 'HowTo Use Business Packages in Enterprise Portal 6.0' but it isn't where it says it is on service marketplace.
  TIA,
  J

  Hi,
    'How to use Busiess Packages in Enterprise Portal 6.0' is available in this link.
  http://help.sap.com/bp_epv260/EP_EN/documentation/How-to_Guides/misc/Using_Business_Packages.pdf
  Check out for the best practices.
  Regards,
  Harini S

• Best practice for deletion of SAP standard configuration

  Does anyone have any documentation related to deletion of standard SAP configuration?  My client is requesting deletion of all the standard delivered company codes and I believe it is best practice to never delete them.  I am looking for supporting documentation that supports this.

  Rhonda,
  I have never seen a system where the standard delivered company codes did not exist, so I can't say what the implications of deletion are.  I suppose it is possible to do....
  For documentation,  I guess you could search through service.sap.com/support. 
  I would think you would respond to the request as follows:
  Tell the client it will be extra work to delete the items.  Which will translate into additional billable fees.
  Tell the client (in writing) that you cannot predict what all possible outcomes will be, but that you are willing to work with him to fix anything that gets broken in the process.  For additional billable fees.
  In the end, the client is paying for your advice and your services.  In the end, he owns the license and the system upon which it is running.    He can have anything he wants, there is no other 'right' or 'wrong'.
  I suggest you don't delete anything in client 000.  Most companies keep this as a reference.  If the client later decides to reconstruct, this would be a nice source of info.
  Since company codes greatly affect FI/CO, you might want to post the question in one of those forums.
  Best Regards,
  DB49

• List of SAP standard Roles

  What are the Authorization Roles that already exists in an SAP system?
  Could you list them out if possible?
  Also, there are many System RFC Roles whats the significance of S_RFCACL role?

  Hi Gautam
  These are the pre-defined roles exist in the SAP System, as you can adopt and make template to design your own roles.
  For the list of existing roles, please click on the "Other Roles"  and click on the start search with the * selection, then you can request for the print.
  S_RFCACL replced by the SAP_S_RFCACL being manage by the SAP Solution manager to help you to manage and run your mysap.com e-business platform.
  Kindly refer to see: SAP Note: 831535
  Regards
  Anwer Waseem

• Best practices / preferred usage of SAP standard (delivered) roles

  Dear Experts,
  When going about designing roles for a new system, what is the preferred usage on SAP standard/delivered roles?  I was thinking of using them as a "base", then tweaking auth objects here and there to make the roles work but the more I work with them, I find it may be better to create roles entirely from scratch.  A lot of the time, I find a lot of inactivated auth objects or objects that seem to not really be needed when looking at the t-codes offered in the menu (S_TCODE).
  In that case, I figured it might be cleaner if I started creating roles and adding t-codes via the Menu and maintaining only the auth objects that are proposed in PFCG (and adding a few if necessary).
  Do people typically build their roles around these the standard SAP role set or is it preferred to create your own and only use the SAP standard roles as reference (i.e. the t-codes offered in the menu, etc.)?
  Thanks for any insights!

  > When going about designing roles for a new system, what is the preferred usage on SAP standard/delivered roles?
  Those are provided by SAP as a reference so that you can consult with the Authorization Structure of a Standard Position / Task for which you are going to create your own role. For e.g. what are the TCodes, values of Objects should be given to users for their tasks.
  I was thinking of using them as a "base", then tweaking auth objects here and there to make the roles work but the more I work with them, I find it may be better to create roles entirely from scratch.
  Absolutely! Please do not use SAP delivered roles for you use and also don't try to alter any values.
  A lot of the time, I find a lot of inactivated auth objects or objects that seem to not really be needed when looking at the t-codes offered in the menu (S_TCODE).
  >
  > In that case, I figured it might be cleaner if I started creating roles and adding t-codes via the Menu and maintaining only the auth objects that are proposed in PFCG (and adding a few if necessary).
  >
  > Do people typically build their roles around these the standard SAP role set or is it preferred to create your own and only use the SAP standard roles as reference (i.e. the t-codes offered in the menu, etc.)?
  >
  Yes.. as reference.. as you say..
  Regards,
  Dipanjan

• Deleting unused transactions from roles

  I am planning for unused transaction cleanup activity for SAP roles as mentioned below.
  There are lot of roles which are copied from SAP menu due to which they consist of around 1000 transactions. Now I know there will be around 50 transactions which might be used and rest of them not used at all.  I have made the strategy to find all the transactions which are not used during the last 3 months(using ST03N) and than consult the list with the role owners and delete the unused transactions.
  I would like to know whether this is the correct strategy to follow, will the ST03N data-> transactional profile provides the relevant data to sort out the transactions not used in last 3 months.  Please suggest or any alternative strategy can be followed. I know about sm19 audit log, but the problem is that it cannot be activated for all the users due to file space and performance issues.
  Regards,
  Sanjay

  There are lot of roles which are copied from SAP menu due to which they consist of around 1000 transactions.
  I am tempted to move this to the Test&Playground forum, because that is what building authorization roles from SAP Menü navigation nodes is.
  If course if you do not care and it is better than manual profiles then it is not all bad, so I will leave it here in the security forum fir now.
  From my side, if you have no clue... then go for the SAP standard roles and copy them into your own namepsace and work from there to start with. Check the objects included against audit check lists as step two. Take a closer look when you have a chance as step three (there are many manual auths in there...). You will be better off this ways than inventing roles of your own without any tcode or blue-print infos.
  I would however still not call it "best practice" and it will backfire over time, but it can be done in a few days (so that you can get your bones out of the project and onto the next one without learning about the pain-points).
  Eventually you become a professional bull-*******...
  Cheers,
  Julius

• Issue on copying standard role

  Dear Guru's,
  We're implementing E-rec system and we have two users name as user1 & user2, standard role was assigned to both the users
  User1 - SAP_RCF_EXTERNAL_CANDIDATE
  User2 - SAP_RCT_UNREGISTERED_CANDIDATE
  webdynpro application was working fine with the above roles.
  Once we made a copy of the standard role z-role, we assigned the z-role to those users and removed the standard role. After assigning the z-roles for the above user, the webdynpro application was not funtioning properly. Only I can see the initial screen, the next screen is not responding.
  Could anyone suggestion me on this.
  regards,
  Guna

  Hi,
  the most common reason for this error is a missing change in the customer version of role SAP_RCF_UNREGISTERED_CANDIDATE. The sap standard role contains the name of role SAP_RCF_EXTERNAL_CANDIDATE in the authorization object S_USER_AGR field ACT_GROUP. People often forget to change this to the name of the client role.
  In spite of the e-rec mechanism that the service user assigns the authorization to the external candidates user by assigning a reference user, it still needs the authorization to assign the roles and profiles the reference user has as if it would assign the them directly. If you do not put the name of the customer copy of role SAP_RCF_EXTERNAL_CANDIDATE  into your copy of SAP_RCF_UNREGISTERED_CANDIDATE the user creation can't be done properly and the appiication runs into an error when it tries to switch the session to the user.
  Kind Regards
  Roman

• SAP Delivered Roles

  Can anybody tell me how to find SAP deliver roles for specific Modules (CD,FI) and stuff. Please tell me how can I find SAP Standard roles?
  Thanks in Advance
  Faisal

  Hi Fisal,
                   This you can find from PFCG, go to PFCG-----> in the roles field pull down the menu, then give a search with FI, finance, or accounts yopu will get all the SAP delivered standard roles.
  This way you can search for the other modules/ areas as well.
  Regards,
  Hari.
  PS: Award points if helpful.

• Hot to get the deleted Standard Role in ABAP Stack ??

  Hello All,
  When I was testing a role in PFCG, unfortunately I deleted a standard SAP role. Now I need to bring it back or recreate the same one. Can any one advice me who can I get it back please. And one more thing here that when I am trying to copy the standard role from the temperory copied role, I am getting an error saying that "A namespace Conflict has occurred". please advice.
  Thanks in Advance.
  Sardaar.

  Hi Sardaar,
  You can download the role from quality server and upload the same into development as you said its a satandard SAP role you will find the same in Quality or Production server.
  If you need further help let me know
  Cheers
  Soma
  Message was edited by:
          soma pradeep