Copy sap_all profile to other role

hi
How i can copy sap_all profile to other role?

Hii sorry for the last post!
But don't just remove the transactions - make the objects display
only. There are many ways into the functionality, but it's controlled
ultimately by the objects
Rohit

Similar Messages

  • Copying SAP_ALL profile

    Hello,
    Our client want to have a SAP_ALL profile without VA01, VA02, ME21N and ME23N.
    I have copied sap_all profile and the single profile that has the stcode with the &SAP_ALL authorization: &_SAP_ALL_13. Then I have changed the stcode to limit the access to these transactions. All Ok till here. The point is that when I try to save the copy of the &_SAP_ALL_13 profile the message is:
    Cannot activate. 
    The following authorizations are missing or have the status generated
    And the profile isn't active and the authorizations are missing.
    I have given a look at the objects definition of this profile, and they have the status active version - type generated. It looks like if they were have been created with PFCG, but this is not the case, isn't it? Do you know what can I do to solve it?
    I know this is the usual way: I want all except X, Y ans Z, but after a few days they don't want some transactions more, and so on, the tale of never ending...
    Thanks and best regards,
    Ana.

    > I know this is the usual way: I want all except X, Y ans Z, but after a few days they don't want some transactions more, and so on, the tale of never ending...
    Nope, that is not the usual way. The usual way is to have people tell what they do need and build roles from that. The way you described is like building a house by excavating rooms from a big pile of building materials. It's bound to fail.
    besides that, copying individual profiles is not the way to go.
    If you insist on building a role based on SAP_ALL better go to PFCG, create a role and enter the profile. Here choose SAP_ALL as a template and work from there.
    Disclaimer: This advice is not security related but only a way to get around the error messages.

  • Creating single role by copying profiles from other roles

    HI ,
    I am creating a single role from 4 roles. Ihave copied the authorizations of 4 roles and added into the new role. This is done by copying the profiles.
    Problems Faced :-->
    1. )In table AGR_TCODES i am not able to see the Tcodes for this new single role present in  the new role, whereas if i goto object S_TCODE i am able to see tcodes and have that access.
    2.) Some of the objects are not copied into this new role. Even from the roles whose all other objects are copied into this role.
    Can anybody help me on this and also if someone knows what other problems can be faced by doing this.
    <removed_by_moderator>
    Thanks,
    Rajesh
    Edited by: Julius Bussche on Oct 15, 2008 3:55 PM

    Hi Rajesh,
    If you have created a role by copying authorizations, then it is possible to get the t-codes provided your role contains the auth.obj S_TCODE which you might have copied manually from one or two among the 4 roles.
    If S_TCODE exists in your role then you can find out the t-codes belonging to this role through SUIM->Transactions->Executable for Roles-> Insert your role name
    or
    Go to SE16-> Table AGR_1251->
    In the field AGR_NAME, give the role name
    In the field OBJECT, enter S_TCODE and then
    Execute.
    Q.My second question THere is one role created by some user I am checking it in AGR_Tcodes and SUIM ....I am finding that the no. of Tcodes in both cases donot match....Can anybody tell where i can look for this and what is the possible reason.
    Possible reasons for this could be that some of the t-codes have been entered into the role manually and not through the menu in PFCG and as mentioned earlie that AGR_TCODES only shows the transactions that exists in the menu of the role.
    It could also be that the manually entered t-codes contains wildcards specifying a range of values.
    The best option would be to find it out from the AGR_1251 table.
    Hope this helps !
    Thanks,
    Saby..

  • How to copy and remove admin Role from SAP_ALL profile

    Hi SDN Experts,
    I need to copy SAP_ALL profile to another in CRM 5.0 system, thereafter i need to remove admin Role from SAP_ALL profile. Can any help regarding this point..
    regds
    gcp

    Chandra,
    I saw ur post in this forum regarding configuring sap intergration with genesys gplus adapter. We are in need of the same configuration. Can you please help me in configuring sap phone for gplus adapter. Reply me on [email protected]
    Thanks in Advance

  • How to remove SPRO from SAP_ALL profile

    Hi Friends,
    Since my client needs access to SAP but we dont want to give them SPRO Tcode authorization.
    So i would like to have your advice on that so as wht to be done and how can we create a profile without SPRO Tcode.
    Regards
    Ayush

    Ayush Johri wrote:
    > I think its not that difficult, although i dont know this. but i have heard people saying that they have made SAP_ALL profile without SPRO...
    It is easy to copy SAP_ALL and create a role without SPRO
    This will not stop people from accessing the functions behind SPRO for the reasons posted before.
    Lots of people claim they create a SAP_ALL without SPRO, I will bet £1000 (I know it's worth many euro's at the moment) that 90%+ of those roles which people think have SPRO removed will not stop people accessing config.
    Ask yourself this question....
    If you build a house do you:
    1. Buy a giant piece of rock and cut holes in it
    2. Build it from components - bricks, windows, doors etc

  • Restricting SCC4 Tcode, from the Role that was extracted from SAP_ALL profile

    Hi,
    Recently we have created a role extracting from SAP_ALL profile. We have deactivated many Basis, and other Critical Tcodes for our Dev & QTY systems by identifying the authorization objects.
    But- for SCC4 we want to know if there is any other way to restrict the access.
    Since we created the role by extracting the profiles from SAP_ALL. S_TCODE has * value, and S_TABU_CLI: has "X" value.
    - problem is we cant deactivate or limit the usage of S_TABU_CLI:X as we have many ZTcodes for direct maintenance, which needs this AO.
    - At the same time, we are trying hard to restrict SCC4.
    So, please suggest if there is any other alternative way to restrict Tcode SCC4, by not being able to run using the New Role.
    Regds,
    Satish.

    First of, let me say that I fully agree with Sunil Bujade. The building block approach is the way to go when designing roles.
    But if we're being practical, you could use authorization groups for tables (T-code SE54) and assign a custom auth. group to table T000. Then use this group to authorize (or actually not authorize) with object S_TABU_DIS.
    Again, this is just a practical tip. The whole "create a role from SAP_ALL" thing is a totally different subject altogether.
    Good luck!
    Dimitri.

  • S_TCODE object is not coming in role after adding profile of another role.

    Dear Gurus,
    I have added profile of a existed role to a newly created role in pfcg (edit->insert authorisation-> from profile), but I can't see the S_TCODE object of that role of the added profile.
    For some roles, it appears, but for some, it don't come.
    Please let me know the reason behind this, so that I can go forward.
    Regards,
    Nilutpal.

    Hi,
    S_TCODE will be added in your authorization profile when you add some T-Codes in Menu Tab of that role in PFCG.
    This may be the case for your role.  In this case it will not be copied with profile. It will be added only if you add the T-Code in Menu Tab.
    The other case is if you directly insert it in bthe authorization objects. In this case it will be copied with profile.
    Please revert.
    Regards,
    Jaya

  • Background job fails for BDC profile creation and role assignment

    Hi Experts,
    I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
    Below is the process of job
       1. ZMIS_AUTH_OBJECT_CREATE
           Variant : auth-create
       2. ZMIS_AUTH_ASSIGN_TO_ROLE
           Variant : auth-assign
    The problem is in second program, runs in foreground but fails in background.
    Code which i have written in my second program
    ***BDC for Profile creation and assignment to Roles
        CALL FUNCTION 'ZROLE'
          EXPORTING
           ctu                     = 'X'
           mode                    = p_mode
           UPDATE                  = 'L'
    *   GROUP                   =
    *   USER                    =
    *   KEEP                    =
    *   HOLDDATE                =
           nodata                  = '/'
            agr_name_neu_001        = wa_role-role_name
            text_002                = wa_role-desc
            text_003                = wa_role-desc
            text_004                = wa_role-desc
           value_01_005            = 'T-ML330881'
            h_fval_low_01_006       = wa_role-auth
            profn_007               = lv_profile
            ptext_008               = lv_text1
    * IMPORTING
    *   SUBRC                   =
         TABLES
           messtab                 = temp_message.
    ***Generation of Profile created
    CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
         EXPORTING
           activity_group                      = wa_role-role_name
    *     PROFILE_NAME                        =
    *     PROFILE_TEXT                        =
          no_dialog                           = ' '
          rebuild_auth_data                   = ''
          org_levels_with_star                = ' '
          fill_empty_fields_with_star         = 'X'
          template                            = ' '
          check_profgen_tables                = 'X'
          generate_profile                    = 'X'
          authority_check_pfcg                = 'X'
       EXCEPTIONS
         activity_group_does_not_exist       = 1
         activity_group_enqueued             = 2
         profile_name_exists                 = 3
         profile_not_in_namespace            = 4
         no_auth_for_prof_creation           = 5
         no_auth_for_role_change             = 6
         no_auth_for_auth_maint              = 7
         no_auth_for_gen                     = 8
         no_auths                            = 9
         open_auths                          = 10
         too_many_auths                      = 11
         profgen_tables_not_updated          = 12
         error_when_generating_profile       = 13
         OTHERS                              = 14  .
    Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
    Regards,
    Chetan

    Hi Praveen,
    Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
    To achieve this i have written two programs
    1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
    "" Creation of Authorization Object
    CALL FUNCTION 'ZAUTHOBJ'
            EXPORTING
             ctu                    = 'X'
             mode                   = p_mode
             UPDATE                 = 'L'
    *   GROUP                  =
    *   USER                   =
    *   KEEP                   =
    *   HOLDDATE               =
             nodata                 = '/'
             g_authname_001         = 'ZDUMMY_MIS'
              g_targetauth_002       = wa_tab-auth
              g_authtxt_003          = wa_tab-short_desc
              g_authtxtmd_004        = wa_tab-med_desc
             marked_04_005          = 'X'
              g_authtxt_006          = wa_tab-short_desc
              g_authtxtmd_007        = wa_tab-med_desc
             tctiobjnm_04_008       = 'ZBUS_UNIT'
              g_authtxt_009          = wa_tab-short_desc
              g_authtxtmd_010        = wa_tab-med_desc
             marked_05_011          = ''
             opt_01_012             = 'EQ'
              low_01_013             = wa_tab-bu
              g_authtxt_014          = wa_tab-short_desc
              g_authtxtmd_015        = wa_tab-med_desc
             marked_04_016          = 'X'
              g_authtxt_017          = wa_tab-short_desc
              g_authtxtmd_018        = wa_tab-med_desc
             tctiobjnm_04_019       = 'ZCONTRCT'
              g_authtxt_020          = wa_tab-short_desc
              g_authtxtmd_021        = wa_tab-med_desc
             marked_05_022          = ''
             opt_01_023             = 'EQ'
              low_01_024             = lv_contract
              g_authtxt_025          = wa_tab-short_desc
              g_authtxtmd_026        = wa_tab-med_desc
              g_authtxt_027          = wa_tab-short_desc
              g_authtxtmd_028        = wa_tab-med_desc
              g_authname_029         = wa_tab-auth
    * IMPORTING
    *   SUBRC                  =
           TABLES
             messtab                = temp_message.
    "" Creation of role
    LOOP AT it_role INTO wa_role.
          CLEAR wa_text.
          wa_text-text = wa_role-desc.
          wa_text-langu = 'E'.
          APPEND wa_text TO it_text.
          wa_jobrole-agr_name = wa_role-role_name.
          wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
          wa_method-usmethod = 'CHANGE'.
          CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
            EXPORTING
              jobrole          = wa_jobrole
             parent           = wa_parentrole
             method           = wa_method
           TABLES
    *   RETURN           =
             shorttext     = it_text
    *   LONGTEXT         =
    *   MENU_NODES       =
    *   MENU_TEXTS       =.
        ENDLOOP.
    2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
      ""*BDC for Profile creation and assignment to Roles
        CALL FUNCTION 'ZROLE'
          EXPORTING
           ctu                     = 'X'
           mode                    = p_mode
           UPDATE                  = 'L'
    *   GROUP                   =
    *   USER                    =
    *   KEEP                    =
    *   HOLDDATE                =
           nodata                  = '/'
            agr_name_neu_001        = wa_role-role_name
            text_002                = wa_role-desc
            text_003                = wa_role-desc
            text_004                = wa_role-desc
           value_01_005            = 'T-ML330881'
            h_fval_low_01_006       = wa_role-auth
            profn_007               = lv_profile
            ptext_008               = lv_text1
    * IMPORTING
    *   SUBRC                   =
         TABLES
           messtab                 = temp_message .
       COMMIT WORK AND WAIT.
    ""*Generation of Profile created
      LOOP AT it_role INTO wa_role.
        CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
         EXPORTING
           activity_group                      = wa_role-role_name
    *     PROFILE_NAME                        =
    *     PROFILE_TEXT                        =
          no_dialog                           = ' '
          rebuild_auth_data                   = ''
          org_levels_with_star                = ' '
          fill_empty_fields_with_star         = 'X'
          template                            = ' '
          check_profgen_tables                = 'X'
          generate_profile                    = 'X'
          authority_check_pfcg                = 'X'
       EXCEPTIONS
         activity_group_does_not_exist       = 1
         activity_group_enqueued             = 2
         profile_name_exists                 = 3
         profile_not_in_namespace            = 4
         no_auth_for_prof_creation           = 5
         no_auth_for_role_change             = 6
         no_auth_for_auth_maint              = 7
         no_auth_for_gen                     = 8
         no_auths                            = 9
         open_auths                          = 10
         too_many_auths                      = 11
         profgen_tables_not_updated          = 12
         error_when_generating_profile       = 13
         OTHERS                              = 14
        IF sy-subrc <> 0.
          MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
                  WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
        ENDIF.
      ENDLOOP.
    For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
    i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
    Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
    Regards,
    Chetan

  • Client Create and copying default profiles

    Hi,
    This is Sanjeev.. I have created a new client(678) in IDES ECC6 and now i went inside the new client(678) with sap* user and tried to copy default profile sap_all from 001 client using local client copy. It results in error saying rfc source destination for 001 is to be given.. ?? i also have the doubt whether the 000 client should be copied instead of 001.what is the proper procedure in creating and copying defaults...?? Kindly state it in steps...
    Thanks a lot in advance....
    Regards,
    Sanjeev Kumar C

    Hi,
    You can find all the information you need at the below link,
    http://help.sap.com/saphelp_erp2004/helpdata/fr/69/c24c0f4ba111d189750000e8322d00/frameset.htm
    Regards,
    Vishnu

  • I have an old user name tht is no longer accessible. I access fierfox through a new user name. I have copied the profile from the old user name. Can I have 2 profiles from which to choose when using firefox in the under the new username?

    I have a user name on my computer that was tied in with the domain name of the server at my workplace. I would access Firefox under this user name. I have now changed jobs, and for good and obvious reasons can no longer utilize my previous company associated username.
    I have set up a new username on the same computer. When I access Firefox, all of my old bookmarks are gone, because Firefox does not recognize me under the new username as the same person. In the meantime, I have established new bookmarks under the new username.
    I have copied my profile from Firefox under my old username. Can I have two profiles under my new username and pick which one I want to use at that time when accessing Firefox?
    I am running Windows 7 Professional, with 4 gig ram, Intel i3 CPU, 2.13 GHz, 64 bit operating system, Firefox 7.0.1
    Thank you

    You can not merge accounts.
    Apps are tied to the Apple ID used to download them, you can not transfer them.

  • How to delete Client of SAP_ALL  profile

    I have make one client 800 in sap with SAP_ALL profile . now I want to delete this client because my harddisk space is going to Full. How I will delete Client 800 . So that my Harddisk should be free space.Please tell me step by step
    Thanks & Regards
    Jagdish Kumar

    Proper way to delete a SAP client
    Here goes: 
    1. log into the client to delete 
    2. go into SCC5 and delete client 
    3. log into another client and delete entry with SCC4 
    4. reorg database to recover database space. 
    Actually, if you check "on" the little "Delete Entry from T000" checkbox, you can skip step 3.
    One other way of deleting a client which could give significant performance gain and save time is at OS level using - R3trans 
    To delete a client 200, you have to create a command file "del200" with following entries 
    Clientremove 
    Client = 200 
    Select * 
    Place the command file in /usr/sap/trans/bin 
    $ cd /usr/sap/trans/bin 
    $ R3trans –w <log file name> -u 1 <command file name > 
    e.g $ R3trans -w del200.log -u 1 del200 
    To check the progress... 
    $ tail -f del200 
    Reorg the database post client delete

  • To find whether current user has SAP_ALL profile or not.

    Hi all,
    Can anyone tell me that whether is there any method by which I can pass the user id and can know whether that user has the SAP_ALL profile or not.
    The above is done by using the transaction SU01,but I need the ABAP code that is being used in this transaction.
    Regards,
    Varun.
    Message was edited by:
            Varun Bhandari

    Hi,
    Check table USR02 for the same.
    Regards,
    Ram

  • Error in generating Profile for Child Role

    Hi Experts,
    My requirement is to chnage profile for child roles created. I'm using FM 'PRGN_AUTO_GENERATE_PROFILE_NEW' to generate the Profile for child role. However it gives an error saying "Open authorizations or org. levels in role & => no profile generated"
    when I execute it.  Infact the same error occurs when i run it for parent role also.
    But prior to attaching the child role to parent role, profile gets generated with no issues.
    Kindly help.
    Regards,
    Anjali

    Hello All/Experts,
    I am also getting same error. how to resolve this?
    regards
    A

  • Mass generation of profiles of customize role in sap

    Dear All,
    I am unable to generate mass profile for customize roles in SUPC.After pressing Generate button its showing "Choose at least One role".

    A brave route is to delete the profiles on mass and then mass regenerate. You can even do this in PROD to improve transport performance, but you must be sure that SU24 is perfect.
    But as mentioned before, you have to be very sure about what is going to happen and who is changing roles, otherwise all hell breaks loose.
    Opening roles in "Edit old status" and then transporting them as a habit in role maintenance is not a good symptom to use this approach - as an example.
    If you have used SU24 and do keep the role proposals intact, then it works very nicely and you can upgrade all your roles in about 1 day - max 1 week.
    If you want to do a lot of checks against historic Excel lists and manual regression testing (with manual / changed authorizations which are divorced from the menus) then you are looking at between 1 month and forever to upgrade the roles...
    For me, the concept of "forever maintenance" means start over from scratch in the design.
    Cheers,
    Julius
    Edited by: Julius Bussche on Apr 29, 2011 12:06 AM

  • How to Install (copy) ICC Profiles

    I have two computers running fully updated versions of Mountain Lion. One has all the desired ICC profiles installed in Library>Printers>Epson>InkjetPrinter and in Photoshop the profiles show up just fine and I can make my selections.
    On my other computer, the profiles had been there but disappeared in one upgrade or another. I tried having them installed automatically by deleting and reinstalling the printer drivers via the Print & Scan System Preferences. The driver gets re-installed but no profiles. I tried copying the profiles from the one computer to the exact location on the second computer and still no luck. Profiles of two of my other printers are all present, but not the one I'm trying to get added.
    I have restarted many times along the way and even tried replacing the whole Epson folder with no change.
    Does anyone have an idea of how I can copy those profiles to where they'll work?
    FWIW, these profiles are for an older Epson 2200 which is still supported according to Apple's list. It works fine and does print perfect color through the computer that shows the profiles. Profiles for my Epson 7880 and Canon MX870 show on both computers.

    Here is the location where the Epson v2.12 Printer Drivers for OS X (Oct. 4) will install the Stylus Pro 2200 .icc profiles. Everything from Printers inward is owned by root and group admin. The individual .icc files are read/write for root, and read only for everyone else.
    I used CharlesSoft dot com Pacifist to discover this information. Downloaded the above Epson Driver dmg from Apple/support/downloads. Then opened it with Pacifist. Looked in Contents of EPSONPrinterDrivers.pkg. It is possible to drag the SP2200_A.profile and SP2200_W.profile bundles from Pacifist into the /Library directory hierarchy. You may have to create /InkjetPrinter2/ICCProfiles folders manually and permit them root:admin first.
    Not for the faint of heart. If I was invested in Epson printers as you are, I would simply install the whole v2.12 installation package above. That should build the directory hierarchy for you. (fingers crossed).
    /Library/Printers/Epson/InkjetPrinter2/ICCProfiles/SP2200_A.profiles
         Contents
              Resources
    /Library/Printers/Epson/InkjetPrinter2/ICCProfiles/SP2200_W.profiles
         Contents
              Resources

Maybe you are looking for

  • I am trying to change the text style in the body of my emails.

    I click on preferences and set everything up the way I want.  All the other type styles I want for the other areas are as set.  However, the only one not changing is the body of the text.  I want Arial bold, and while that says it in the preferences

  • SSID Broadcasting even when disabled

                       I have two 5508 wireless controllers with two WLANS.  One is public and SSID broadcasting is enabled.  The other is our secured network and was configured with broadcasting disable.  When looking at the controlling both through pri

  • Older ".mov" clips won't play

    I'm trying to play some older (maybe 2004) clips from some education software. The player starts and runs the clip (the slider thingy moves across) but there's no picture or sound. Clips play fine on my PC (Windows XP), but I need to run them on my l

  • T-Code WRFMATBODY before saving

    Hi All, For the T-Code WRFMATBODY , before saving I have a requirement to check the creation status field and allow only particular users to do the changes for the article. For that I am trying to implement the check the condition in u201CIF_EX_WRF_M

  • About cube

    currently, i am doing a project using xmii, and i use olap query to visit data in bw, but i am a little confused about that query . so could someone tell me what is a cube ,what is the structure of a cube