Role or Profile with Full Authorization in DISPLAY MODE

Hi all,
Can anyone help me or tell me if there is any standard role or profile which has full authorization in display mode.
I wanted to assign this to all our support team for the PRD server who shud only have the display auths so that the pre-production client can be safe.
I have checked many places for this kind of activity, but found no threads on the same and also realted links.
Can anyone tell me how to get this task done....
I have also tried few possible ways which never helped me and all my efforts failed.
Waiting to hear from SDNs, for which i can assure REWARD POINTS.
Thanks to all in advance
Regards
Hari Haran

Hi,
By enabling the permission level as 'read', the authorized user/group/role can:
1. View the object in the Portal Catalog using the browse and search capabilities.
2. Open the object in its respective primary and secondary editors in read-only mode; the object cannot be modified.
3. Create instances (delta links and copies) from the object.
4. Gain access to and choose templates in the object creation wizards.
This permission level can be used to prevent portal administrators from editing a particular object, while still allowing them create an instance of the source and use the new instance in any way
Regards
Srinivasan T

Similar Messages

  • Performance Issues with Debugging even in Display Mode

    Hi not certain if this would sit in Security, ABAP or Basis, but lets start here as it is security related.
    S_DEVELOP with any activity on DEBUG on a production system is a concern, but what are the performance related issues when a super user has to go into debug in display only on a production system because of a really complex issue?
    I've heard in the past of a scenario where system performance was impacted, and we have notes around the allocation of S_DEVELOP display DEBUG access to this point. (I've summarised these below)
    The risk with debug is associated with the length of time that the actual debugging process is being performed.
    u2022     Work processes are dedicated solely to the users for the duration of the debug. If these are being performed for a long time, these can cause issues with not enough work processes being available.
    u2022     It can cause DB2 locks. If the debug session last awhile, DB2 locks are not released. This impacts the availability of tablespaces, thus, affecting various transactions running across the system.
    Even with these concerns, security will often get asked for debug display access.
    As security is about risk identification, assessment and then controlled access what do other organisations do?
    Options (not exhaustive) are "No Debug ever" or "Debug display only via a fire fight or super user on a time limited basis".
    We are currently in the "debug display only via fire fight" camp, but would like to canvas opinion on this.
    As one of the concepts of security is Availability of data (and to an extent ensuring the systems are up and running) do the performance risks push the security function to the "No Debug Ever" stance.

    If you need to debug in production, then 9 times out of 10 you need to do root-cause analysis: The developer is the problem.
    Writing sloppy code and not testing properly should not be an excuse for debugging in production.
    But of course, there are exceptions even when you do try to keep them to a minimum.
    To add to Jurjen's comments, also note that the debugger only has a limited capability of doing a rollback. So you can quite easily and unintentionally create inconsistencies in the system - also in display mode - which is an integrity problem, and typically more critical than availability problems or even potential confidentiality concerns.
    Cheers,
    Julius
    Edited by: Julius Bussche on May 15, 2009 10:50 AM

  • AUTHORIZATION FOR DISPLAY ONLY

    Hi Friends,
    As per your advices I have copied the SAP_ALL_DISPLAY and changed the ACTVT field to 03 for having the Display mode for all the transactions used..
    But still there are sone transaction where the user can change like FB 02 ,schedule background jobs etc..
    When I have checked the SU24 for the Auth objects...
    Some contain the ACTVT fileds as display but some objects does not have the ACTVT fields they have some other things containing the field values as * with full authorization..
    My question is can we change this to 3 - for display or any other procedure to track the transactions which are not in display mode and change it accordingly..
    Regds,
    Satyanarayana N.

    Hi Satyanarayana,
    Unfortunately your best shot will be checking the whole role manually using PFCG and ensure that the role doesn't contain any additional authorizations. Do this by reviewing all the authorization objects.
    Regards
    Juan

  • What are the roles or profiles for auditor ?

    hi,
    are there any roles or profiles with display only for auditor to access to basis tcodes ?
    comment and advice will be appreciated
    regards,
    kent

    manually - how sad.
    there are templates for that:
    SAP_AUDITOR_A
    SAP_AUDITOR_ADMIN
    SAP_AUDITOR_ADMIN_A
    SAP_AUDITOR_BA_A
    SAP_AUDITOR_BA_CFM
    SAP_AUDITOR_BA_CFM_A
    SAP_AUDITOR_BA_CO
    SAP_AUDITOR_BA_CO_A
    SAP_AUDITOR_BA_EC_CS
    SAP_AUDITOR_BA_EC_CS_A
    SAP_AUDITOR_BA_EC_PCA
    SAP_AUDITOR_BA_EC_PCA_A
    SAP_AUDITOR_BA_EXPORT_DATA
    SAP_AUDITOR_BA_FI_AA
    SAP_AUDITOR_BA_FI_AA_A
    SAP_AUDITOR_BA_FI_AP
    SAP_AUDITOR_BA_FI_APMD
    SAP_AUDITOR_BA_FI_APMD_A
    SAP_AUDITOR_BA_FI_AR
    SAP_AUDITOR_BA_FI_ARMD
    SAP_AUDITOR_BA_FI_ARMD_A
    SAP_AUDITOR_BA_FI_CJ
    SAP_AUDITOR_BA_FI_CJ_A
    SAP_AUDITOR_BA_FI_GL
    SAP_AUDITOR_BA_FI_SL
    SAP_AUDITOR_BA_FI_SL_A
    SAP_AUDITOR_BA_HR
    SAP_AUDITOR_BA_HR_A
    SAP_AUDITOR_BA_MM
    SAP_AUDITOR_BA_MM_IM
    SAP_AUDITOR_BA_MM_IM_A
    SAP_AUDITOR_BA_MM_IV
    SAP_AUDITOR_BA_MM_IV_A
    SAP_AUDITOR_BA_MM_PUR
    SAP_AUDITOR_BA_MM_PUR_A
    SAP_AUDITOR_BA_ORGA
    SAP_AUDITOR_BA_RE
    SAP_AUDITOR_BA_RE_A
    SAP_AUDITOR_BA_SD
    SAP_AUDITOR_BA_SD_A
    SAP_AUDITOR_DS
    SAP_AUDITOR_DS_A
    SAP_AUDITOR_SA
    SAP_AUDITOR_SA_BC
    SAP_AUDITOR_SA_BC_CCM_USR
    SAP_AUDITOR_SA_BC_CUS_TOL
    SAP_AUDITOR_SA_CCM_USR
    SAP_AUDITOR_SA_CUS_TOL
    SAP_AUDITOR_TAX_A
    SAP_AUDITOR_TAX_AA
    SAP_AUDITOR_TAX_AA_A
    SAP_AUDITOR_TAX_COPS
    SAP_AUDITOR_TAX_COPS_A
    SAP_AUDITOR_TAX_FI
    SAP_AUDITOR_TAX_FI_A
    SAP_AUDITOR_TAX_HR
    SAP_AUDITOR_TAX_MM
    SAP_AUDITOR_TAX_MM_A
    SAP_AUDITOR_TAX_SD
    SAP_AUDITOR_TAX_SD_A
    SAP_AUDITOR_TAX_TR
    SAP_AUDITOR_TAX_TR_A
    SAP_CA_AUDITOR_APPL_AG_EXT
    SAP_CA_AUDITOR_SYSTEM
    SAP_CA_AUDITOR_SYSTEM_DISPLAY
    SAP_FS_CMS_COL_AUDITOR

  • After BI 7.0 Upgrade, Authorization Roles and profiles are not visible

    Hi Gurus,
    We have an issue with authorization roles and profiles are not visible for all end users with new Bex Analyzer (BI 7.0) tool. But still they can see these roles with old Bex Analyzer ( Bex 3.5) tool.
    As a developer I have SAP_ALL acces and I can see all authorization roles in new BEx Analyzer (BI 7.0).
    I verified in SU01 for user access and every are assigned there roles and they are green.
    Do we need to add any new authorization object to fix this issue, please let me know
    Thanks and appreciate your help.
    Thanks
    Ganesh Reddy.
    Edited by: Ganesh Reddy on Oct 26, 2009 4:41 PM

    Hi Ganesh,
    check the behaviour, if you assign
    S_USER_AGR                          
       ACT_GROUP = "..name of the assigned role.."
       ACTVT = 03 (for "display")    
    b.rgds,
    Bernhard

  • Generate authorization profile with RSSM

    Hi,
    I have a problem with the central User Management.
    We have the Central User Management in a CRM-System.
    1) In BW we generate an authorization profile with the transaction RSSM. Automatically the system assign the profile to an user.
    2)When we additionally assign a BW-role from Central User Management (CRM-System) to the same user, the authorization profile which is generated in BW (Transaction RSSM) is deleted.
    Unfortunately we can not forego to the functionalty in rssm.
    Thanks for any ideas in advance

    THX for your answers,
    I have twist and turn this problem and I see no way around it. It seems like it going to be a lot of configuration in ACS but it is only for one time. It better to do that job with the installation rather than troubleshoot every time the PC administrators type the wrong vlan name.
    As Bastien wrote in his answer:
    "so basically create an internal group, add user to this group, and create an access-policy that match this group and apply an authorization profile with the vlan you want"
    Thx again for your input.
    ///A.hed

  • Hello' I am having an issue with my iPhone 5 display. 2 days before i've noticed some horizontal and vertical lines on the display. Minor but noticeable. Specially in dark wallpapers and on full brightness. Is it normal?? Please Help!!!

    Hello' I am having an issue with my iPhone 5 display. 2 days before i've noticed some horizontal and vertical lines on the display. Minor but noticeable. Specially in dark wallpapers and on full brightness. Is it normal?? Is this a software bug or Hardware problem?? Please Help!!!

    Hello,
    No, it is not normal. Follow this article:
    http://support.apple.com/kb/ht1414
    If this doesnt solve the issue your iPhone will need service.
    Burcu

  • Reg: Mass generation of roles with open authorization

    Hi,
             Is there an option to mass generate roles with open authorizations ?
             It would be helpful if it there exists some transactions or reports that would help in doing so unlike CATT scripts or batch sessions.
    Regards,

    Hi Arravind,
    Why cant you correct the roles by filling up those open fields?? I guess you can create a CATT script to acheive your objective but I suggest better to check why there are open fields in the role then generating them blindly.
    Do let us know if you need any more information from our side. If you want to know how to create a CATt script then search for it in SDN/Google you will surely get your answer.

  • "No authorization to display partner in role".

    Hi
    We are in SRM4.0 SP12 and we have buyer completion workflow -after which the SC goes for cost center owner approval.
    In case of goods SC the cost center owner carries out the approval process as desired. However, in case of service shopping cart when the approver tries to approve the SC he gets an error "No authorization to display partner in role".
    Please note that this error is coming for Brazilian approvers only. We recently did Brazil specific configuration in our system.
    For all other countries the approval is working fine for goods as well as service SCs.
    Please proviide inputs to resolve the issue.
    Regards
    Ashish

    Hi Sanjeev
    Org. structure is correct ,attribute user_role is assigned and all other pointers you suggested are inline. Still the problem persists.
    The surprising part is the approval is happening for limit shopping cart as well as goods shopping carts.Only for service sc we have an issue.
    I managed to find the massage no. (R1-277) and there is a mention of function module BBP_BUPA_EVENT_AUTH1 in the where used tab. The code is commented in German. May be you have some pointers on this.
    Awaiting reply.
    Regards
    Ashish

  • Authorization : roles and profiles

    Hi,
    I have two questions that I need answers
    - How do I check roles that are assigned to reports and
    - roles and profiles needed to execute reports
    thanks in advance

    Hi,
    Roles or profiles are assigned to user not specific reports or queries, if u need u can check what roles are assigned to u in SU01, provide the user name and go to display mode there u will find profiles tab, u can check .
    Hope this helps u a lot.........
    Assigning points is the way of saying Thanks in SDN
    Regards
    Ramakrishna Kamurthy

  • Design view wont display any items referenced with full url

    Hi
    i have referenced serveral items (css and images) with full urls rather than relative.
    so in design view now i can only see things if i clikc on the live mode.
    now i know that there is a way to view items that have full url references WITHOUT clicking on live mode. I have done it before.....but for the life of me i cant figure it out right now.
    what am i missing to make this viewable in design view without using live mode?
    thanks
    sam

    View > Display External Files.
    In my experience, this doesn't always work. AFAIK, Dreamweaver makes the retrieval of external files a low priority, so it might not seek the external file if other activity takes precedence.

  • User Profiles with roles & responsibilities.

    How do create the User Profiles with roles & responsibilities in sd

    Hi,
    This is done with T. Code PFCG. Here we select the userid and give the required roles with which tell what the users can or cannot do.
    <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/9d/39d0401117dd50e10000000a1550b0/content.htm">PFCG info 1</a>
    <a href="http://help.sap.com/saphelp_sm40/helpdata/en/57/3fc0413f1b6524e10000000a1550b0/content.htm">PFCG info 2</a>
    Hope this helps. Please reward if useful.
    Thanks & Regards
    Sadhu Kishore

  • Tcode authorization without any role or profile

    Hi Experts ,
    Can you please suggest on authorization issue , if observed that one Tcode not given in to any roles or profile but some user still using this authorization.
    When I checked role and profile for such user using the SUIM still it shows no data.
    So is there any other way to assign direct Tcode without using any role or profile.
    Thanks in advance .

    not sure how you are using SUIM to check, just to be sure, use the complex selection method or the authorization values method. the by transaction method only check for transactions that were added via the menu.
    look for object= S_TCODE, value=(the transaction code)
    SUIM will then calculate if the transaction code was added manually and as part of a wild card or a range.
    i.e. if the transaction was MM02 it will be accessible if the S_TCODE had
    wild card value M*, MM*, MM0* or
    range value A*-Z*
    Otherwise, it is possible that it was called indirectly and the BADI does not perform a S_TCODE check.

  • Update several authorization profile with only one transaction

    Hi gurus,
    This question occur after a request done to me by a group of users.
    I have to apply just only one transaction in all 200 profile/functions, through tcode PFCG (this functions it is contained in all that user profiles) and so I ask you guys if there is some way to put that transaction by only one action, through some easy form, like a mass action... I don´t believe that I have to put that transaction one by one in each profile/authorization!! If this is the only way to do this I won't get to end so early... and if this is the only way then I think this is very stupid way to do this!
    Help me please, I have to finish this as soon as possible!
    I don´t know what to do!
    Best regards,
    João Dimas - Portugal

    Hi Petra,
    I think you didn´t understand what I asked or maybe it was me I didn´t explain well what I wanna do!
    The question is only this, it´s possible to edit / add one, two or three, (etc) transaction codes in object S_TCODE in a big group of authorization profiles/functions (in tcode PFCG or through other transaction) that allows me to change with only one action all of that group of authorization profiles with that new transactions?
    We have a many differents profiles and so I don´t wanna believe that I have to change each authorization profile one by one... it´s stupid if it this is the only way to doing this... it will need a long time wasted!!
    Like we have the possible to do a mass generate or a mass transport between systems for authorization profiles we should also have that option!
    Help me please!
    Best regards,
    João Dimas - Portugal

  • 'Full Screen Logo Display' interferes with Windows 8 bootscreen

    Is this behaviour normal?
    The MSI screen shows up after powering on, then it flickers once, and only the moving circle is shown on top of the MSI screen. See attachment.
    Windows does boot correctly, no other issues than this graphical glitch.
    I know I can disable 'Full Screen Logo Display', but I find it strange how it works.
    I'm using a B85M-G43 w/ latest bios.
    Anyone else having this?

    Quote from: xmad on 21-August-13, 23:45:37
    Enable win 8 mode and fast boot and you won't see that screen at all
    Am I wrong, or to enable windows8 mode, need gop bios installed on the graphics card !?

Maybe you are looking for

  • Allowed Pop Up Windows are Blank

    i've only recently encountered this problem in the past month. the sites i know are affected are fanfiction.net and scribophile.com. fanfiction.net is using a javascript;; for editing a link in one's profile. scribophile.com is using a php to send a

  • Wifi with Login pop up or page won't work most of the time

    Free wifi with login areas don't work anymore on my machine after a couple of uses. I haved used them in these locations before and know the signal is strong and they are working and other people are able to connect. What happens is the login window

  • Syncing iPhone (how to not loose data?)

    I have just reinitialized my disk I was using to sync to my iphone, and completely reinstalled a fresh system. Now I'm trying to get my iphone data off my phone (like contacts) and onto my computer, how do I do this without loosing them? Can I sync m

  • Benefit of loopback interface

    why do we use a loopback, is it just for when we are using routing protocols, and if say a router has 2 interfaces, the loopback can be reached from both ?

  • Cropping/scrapbooking/photoshop 10 question

    I do a lot of scrapbooking using photoshop and I recently upgraded from photoshop 6 to photoshop elements 10. With my old program, I could drop a photo onto the page and using the move tool I could change the size of the photo by dragging the top dow