Needed roles or Profiles

Similar Messages

• Compliance Calibrator Design - Roles and Profiles

  Hi guys,as you know SAP's authorization concept involves generation of Roles into Profile before it can be assigned to a User. In CC, i wonder why is there a need to segregate Roles and Profiles into 2 seperate functions. Isnt it already sufficient to analyse roles instead of profiles? Profile are names which is too technical which i feel should be omitted unless really necessary.
  Well, unless it is to cater for indirect assignment where profiles are granted to position/org unit etc... I will also be trying out whether there is a difference when you only batch analyse a Role and intentionally excluding the 'profile' whenever a new role is created. Will the system work fine when i do a role analysis?
  Cheers!

  I agree that profiles are old fashioned and should be phased out.  The system has to stop people from being able to maintain profiles directly and assign them directly before they do this though.  SAP_ALL etc can be converted and assigned as a role.  It would make the whole authorisation concept just that little bit easier.  We are talking about a German company though!
  Also, you don't need profiles for indirect assignment.  You can relate roles to the position using PFCG!  Click on the organisational management button on the user-tab, next to the user comparison button.
  Using profiles (ie, maintaining directly and assignment) is highly recommended against.

• Active a role and profile

  Hi Experts,
  Could you guide me on how to activate a role and profile? Kindly suggest to me the proper procedure of doing this.
  One more thing experts do you have any idea on what tcode used to change a password for multiple user's? Could you give to me as well the proper procedure of doing this.
  Regards,

  To activate a profile, choose Profile Activate on the Profile List screen. If an active version of the profile exists, you will see the active and maintenance versions of the profile so that you can verify the changes.
  New or modified profiles must be activated before they can be assigned to users or become effective in the system.Activation copies the maintenance version of a profile to the active version. If the activated profile already exists in a user master record, the changes to it become effective as each affected user logs onto the system. Changes are not effective for users who are already logged on when the profile is activated.
  For it to take effect, you must hand over your role to the User Management Engine. You do so by activating the user role.
  To activate a user role, choose Activate User Role ( ). To undo, choose Deactivate User Role.
  If u want to change password number of user at a time .For my kind of information its not possible need to change password indivisualy.
  Reg.
  Deepak

• After BI 7.0 Upgrade, Authorization Roles and profiles are not visible

  Hi Gurus,
  We have an issue with authorization roles and profiles are not visible for all end users with new Bex Analyzer (BI 7.0) tool. But still they can see these roles with old Bex Analyzer ( Bex 3.5) tool.
  As a developer I have SAP_ALL acces and I can see all authorization roles in new BEx Analyzer (BI 7.0).
  I verified in SU01 for user access and every are assigned there roles and they are green.
  Do we need to add any new authorization object to fix this issue, please let me know
  Thanks and appreciate your help.
  Thanks
  Ganesh Reddy.
  Edited by: Ganesh Reddy on Oct 26, 2009 4:41 PM

  Hi Ganesh,
  check the behaviour, if you assign
  S_USER_AGR                          
     ACT_GROUP = "..name of the assigned role.."
     ACTVT = 03 (for "display")    
  b.rgds,
  Bernhard

• After BI 7.0 Upgrade, Roles and profiles are not visible

  Hi Gurus,
                                We have issue with the roles and profiles, all our users doesnt see any roles or profiles in Bex Analyzer, under there user access after BI 7.0 Upgrade. 
                                 When I go and check there profile in SU01 and I can see all roles are assigned but not able to see in the Bex Analyzer reporting tool.
                                 Do we need to do any configuration settings after BI 7.0 upgrade to visible roles. This problem with every user.
                                 Your help will be really appreciated.
  Thanks
  Ganesh Reddy.
  Edited by: Ganesh Reddy on Oct 22, 2009 5:19 PM

  Hi Mohan/Vijay,
                          Sorry for little bit late. I have all authorization roles access, and users dont have that access. Difference between our roles is I have SAP_ALL and SAP_NEW.
                          But when they login with old bex analyzer they can see all roles, but not with new bex analyzer.
                          Please some suggest me still I need to run SU25.
  Thanks
  Dayaker Reddy.
  Edited by: Ganesh Reddy on Oct 26, 2009 10:19 AM

• Authorization : roles and profiles

  Hi,
  I have two questions that I need answers
  - How do I check roles that are assigned to reports and
  - roles and profiles needed to execute reports
  thanks in advance

  Hi,
  Roles or profiles are assigned to user not specific reports or queries, if u need u can check what roles are assigned to u in SU01, provide the user name and go to display mode there u will find profiles tab, u can check .
  Hope this helps u a lot.........
  Assigning points is the way of saying Thanks in SDN
  Regards
  Ramakrishna Kamurthy

• VIRSA tables for users, roles and profiles sync?

  Hello,
  I am in a customer, implementing CC 5.2. At the first time, we tried CC 5.2 in DEV environment, and when everything was OK, we redirect RFC connectors to QA environment.
  After doing user, roles and profiles sync in DEV and in QA environment too, I have 4.500 user (1.100 from DEV + 3.400 from QA) when I recover all users "*" with "user level - risk analysis" from the "Informer" tab.
  It seems that "users, roles, profiles, sync" works like and "APPEND", but I did a COMPLETE syncronization not an INCREMENTAL.
  If I start an analysis for QA environment, CC works properly and only analyse QA users (3.400). But I would like to clean CC tables (users, roles and profiles) in order to have a clean copy of QA in CC.
  Which VIRSA tables (users, roles and profiles) I need to clean?
  It is necessary to do the same with authorization and text objects? Which would be these tables?
  Thanks in advance,
  Victor

  Hi all,
  SAP GRC Support provides a script which allows you to remove a connector since it does delete all data link to it. Anyway, I would recommend a deep analysis of it and find out if it does what you really want to do.
  Víctor, if what you want to do it is just to remove all user, role and profile master data (stored in tables VIRSA_CC_SYSUSR and VIRSA_CC_GENOBJ) you could upload a text file using data extractor functionality with the delete field set to X. Doing so user, role and profile master data will be removed from CC database.
  In order to use data extraction functionlaity you connector must be of type "File Local".
  Be careful about removing data directly from DB since, as Prem states, you might loose the DB consistency.
  Hope it helps. Best regards,
     Imanol

• Webservices roles and profiles r/3

  Hi gurus i have a little problem i guess
  i develop a web service and i want that an extern client use this webservice.
  the basis consultan has created an user and he has assigned the sapall and sap new profile and the role.
  the client executes the webservice without problem, but i dont want that the user has this profiles, i need to restric the prmissions of the user created by the basis consultant
  and when the basis consultant take out the sap all and sap new profile and assing other profile an role the webservice cant be executed, the error is that the user has not permission to execute the function group zsd001.
  Does any one knows which roles and profiles does the basis consultant has to assign to the user?
  thanks.

  thanks gurus

• Su01 recreate old user - lost roles and profiles

  Situation: a person's sap account was deleted, but now that person needs it again with the same sap access as before
  when you recreate an old sap user account in su01,
  sap gives a message "found old user information, do you want to reacreate this".
  Press yess, then all is copied except roles and profiles (empty)....
  You can find them back via the menu : information<change dcuments for users.
  Is there a way to make sure that roles (and/or profiles) are instantly copied from the old records of the sap account (like
  the name, email user group, user parameters, etcetera)?
  Regards,
  ABC

  No. There is no such feature.
  The solution is not to delete the user but rather lock the ID and move it to a "retired" user group where it is protected. From there you can restore it again easily.
  Cheers,
  Julius

• Difference between Roles and Profiles

  Hi,
  What is difference between Roles and Profiles?
  Thanx in advance..
  jitender

  Hi,
  It is a simple hierarchy level difference for grouping levels of authorization and the need avoid maintenance on a large number of individual authorizations on a user level.
  In SAP, authorizations are grouped together into profiles. These profiles usually represent some sort of functional access (i.e. Create customer master records). The profiles can then be allocated roles which group the individual functional access into a more abstract level of a role (i.e. accounts clerk). Roles are then assigned to users based on their specific responsibilities.
  More information is available on the help portal: http://help.sap.com
  Cheers,
  Mike.

• Difference between role and profile

  Hi All,
  I need to know the difference between role and profile. Kindly let me also know
  relevant T codes. Can Profiles exist without roles? If yes please let me know how to create them.
  Thanks in Advance,
  Kalyan

  Kalyan,
  A role is basically a container of authorizations and other related items.
  A profile contains the actual authorizations once a role is generated.  In addition a profile can be created from scratch using the classical method--transaction SU02.  Roles are created via transaction PFCG.
  Also take a look at the following threads:
  Difference between Role & Profile
  Re: difference between profile and role
  Cheers,
  Ben

• IDOC for roles and profiles

  Hi Guru.
  I need this: I wish to export the new and the modified roles and profiles to an external non-SAP system. This non-SAP system is able to receive iDoc message.
  Is it possible? Can I find n the SAP system the change point and the iDoc to do this?
  Regards
  Manuel Chiarelli

  not for roles. no. you can:
  transport them
  up-/download them
  RFC-copy them
  but not idoc them.

• Need correct color profile settings in windows....????

  Help!  Just replaced the motherboard and now all the color profiles in photoshop are wrong....  Does anyone know the correct settings to choose in windows or to choose for the graphics card... it's an AMD Phenom II.  I open Adobe Bridge and immediately the previews lose their color which tells me this is not the correct profile the computer is telling photoshop...  can anyone help, please????

  operating system is windows 7 and the monitor is profiled correctly.... and these are raw images, so no, cannot view in another program....  and they look the same in ps as in bridge.  however, i called adobe and they told me it sounds like a graphics card issue, so i'm going to amd's website to update and reinstall drivers.... not sure what else to do.... 
  From: rogleale <[email protected]>
  To: Kelly Ferreira <[email protected]>
  Sent: Friday, June 10, 2011 11:21 AM
  Subject: Need correct color profile settings in windows....????
  Not enugh information.  Which OS?  Is your monitor profiled?  Can you see your images in any other program, eg Windows Picture Viewer?
  What happens if you open your images in PS instead of Bridge?
  Roger

• Security roles and profiles

  Hello,
  Could you please provide information on "security roles and profiles "
  I would appreciate.
  Regards,
  Alex

  Roles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
  In specific Role -> Authorization -> click on Display Authorization Data.
  Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
  User Section: defines who has access to this role.
  Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
  Hope that helps.
  thanks.
  Wond

• Role or Profile with Full Authorization in DISPLAY MODE

  Hi all,
  Can anyone help me or tell me if there is any standard role or profile which has full authorization in display mode.
  I wanted to assign this to all our support team for the PRD server who shud only have the display auths so that the pre-production client can be safe.
  I have checked many places for this kind of activity, but found no threads on the same and also realted links.
  Can anyone tell me how to get this task done....
  I have also tried few possible ways which never helped me and all my efforts failed.
  Waiting to hear from SDNs, for which i can assure REWARD POINTS.
  Thanks to all in advance
  Regards
  Hari Haran

  Hi,
  By enabling the permission level as 'read', the authorized user/group/role can:
  1. View the object in the Portal Catalog using the browse and search capabilities.
  2. Open the object in its respective primary and secondary editors in read-only mode; the object cannot be modified.
  3. Create instances (delta links and copies) from the object.
  4. Gain access to and choose templates in the object creation wizards.
  This permission level can be used to prevent portal administrators from editing a particular object, while still allowing them create an instance of the source and use the new instance in any way
  Regards
  Srinivasan T