First of all what is mean by
open authorizations ?
What will happen if open
authorizations exist in roles?
In SAP ,we are restricting
users by giving authorizations(T-codes,fields&activities).
These authorizations we are
maintaining in roles and assigning these roles to users …
Authorizations hierarchy is
Authorization class (ex:BC_C)
Authorization object(S_DEVELOP)
Authorization fields (ACTVT,PACKAGE)
Activities(ACTVT)
Values(16)
These objects will come up in
roles by default based on SU24. If we haven't updated authorization data for any
t-code completely in SU24 ,those objects will reflect as empty means open
status.
Or if we wont maintain the
authorizations manually in roles,authorization data then also shown as yellow
color.these are called as open status authorizations.
For example we have
authorization object S_DATASET and fields are Activity,physical file name
& program name.
Here if we haven't maintained
activity by default in SU24 ,then this field will come as empty and it will show
the authorizations as yellow color and if we wont maintain the authorizations
manually in roles then also shown as yellow color. Then we have to maintain
activity in every role. We should not left as it is.
Impact if we ignore the
authorizations as it is with open status:
If we left as it is ,in
future if we amend any changes to that particular role then we may lose most of
the authorizations.
To avoid this inconsistency
its better to maintain authorizations…………
Now my point is how to find
out these type of open authorization roles…………….?
Its very simple …………………
Please check below steps to
find out roles.
1. just log in to system and
execute SE16 and hit AGR_1251
2. In AGR_1251 just give Z*
and adjust width and then click on execute…
3. you will get a list of
roles with all t-codes,auth objects and values….
4. now Sort
Authorization value in descending order.
Will get open fields at end
Or you can download the roles in excel format and then adjust….
It is easy thing only but
follow small rules…
You should remove the
inactivated objects from selection
before executing in AGR_1251.
Check below screens ………..
Now we got all open authorizations at the end....
No comments:
Post a Comment