Search This Blog

Tuesday, March 15, 2011

Transporting Authorization Components

 

There are two different processes for transporting authorization components, roles and user master records, depending on the type of transport:

  • Transports between clients (within an SAP System)
  • Transports between R/3 Systems
The procedures for both kinds of transport are detailed below.
 

Transport Between Clients

User master records and authorization components are client-dependent. You need to maintain separate user master records and authorization components for each client in your R/3 System.

In the target client, choose Tools ®

Administration ® System administration, Administration ® Client admin. ® Client copy ® Local copy (Transaction SCCL). Here you can transport user master records and authorization profiles from other clients. To do this, enter the profile SAP_USER or choose from the possible entries.

Schedule the transport for background processing during the night. This ensures that data remains consistent.

 

Transport Between SAP Systems

You can copy authorization components, roles and user master records from one SAP System to another. The method of transport depends on the component that you want to transport.
 

Transport Roles

You use Transaction PFCG to transport an role. Enter the role and choose Transport. The system displays a dialog box that queries whether the user assignment and the personalization data should also be transported. Next, enter a transport request. The role is entered in a Customizing request. Use Transaction SE10 to display this.

The authorization profiles are transported along with the roles. Unlike in previous releases, the profiles no longer have to be regenerated in the target system using Transaction SUPC. However, you must compare the user master records for all roles that are imported into the target system.

If the user assignments are also transported, they will replace the entire user assignment of roles in the target system. If you want to lock a system against importing user assignments of roles, you can specify this in the Customizing table PRGN_CUST. You maintain this using Transaction SM30. Add the line USER_REL_IMPORT and the value NO.

You should only transport user assignments to roles if you are not using central user administration.

After the import into the target system, you must compare the user master records for all roles involved. You can do this in two ways:

  • Start report PFCG_TIME_DEPENDENCY
  • In Transaction PFCG, choose Goto ® Mass compare. Enter the role in the Role field. Choose Complete compare and start the report.
You can also prevent authorization profiles from being transported with the roles using a Customizing entry. In the transport source system, make an entry in table PRGN_CUST called PROFILE_TRANSPORT with the value NO. In this case, you must regenerate the profiles in the target system using Transaction SUPC.
 

Transport Manually-Created Profile

To transport selected profiles, proceed as follows:

  1. Choose Tools
® Administration ® User maintenance ® Manual maintenance ® Edit profiles manually. Create a profile list and then choose Profile ® Transport.
  • Select the profiles you want to transport in the list displayed. You can also select all profiles.
  • Enter the transport request number for each profile or profile group in the dialog box.
  • The system asks whether you want to transport just the profile, or the authorizations it contains as well. You can either transport the profile by itself, or include all of its components in the transport request.

    The system also transports the documentation for the profiles and authorizations.

  • When you have finished your selection, you can execute your transport request using the Workbench Organizer.
  • Transport Manually-Created Authorizations

    The procedure for transporting authorizations is the same. First start the authorization maintenance function. Do this by choosing User maintenance
    ® Authorization. Choose an object class and then Authorization ® Transport.
     

    Transporting Authorization Objects and Authorization Object Classes

    Whenever you create or change authorization object classes, the system displays a dialog box in which you can enter a change request. Release this request for the desired target system.
     

    Transporting User Master Records

    You copy user master records using either the tools described above or via central user administration.
     

    Transporting Check Indicators and Field Values

    You can use Transaction SU25 (Step 3) to transport all check indicators and field values.

    Note that the transport overwrites all existing check indicators and field values in the target system.

    You can use Transaction SU24 to maintain individual check indicators. You can use the Workbench Organizer to record your changes. By executing the corresponding transport request, you distribute your check indicators to other systems.
     

    Transporting Templates

    All SAP templates are automatically identical in all systems following an upgrade. You cannot change SAP templates.

    The Workbench Organizer records changes to your own templates. Transport the request. The objects in the transport request have the following syntax:

    R3TR SUSV <Template Name>

    The system transports the template name (in all languages) as well as the maintained data.
     

    No comments:

    Post a Comment