Limiting Activities by Time
Even if you are not using HR-Org. you can still take advantage of the option to assign roles to users for a limited period of time. This is useful, for example for your end of year procedure, where inventory activities should only be permitted for a limited time.
Choose Tools -> Administration -> User maintenance -> Roles.
Under the tab User, you can set the assignment validity period.
To put a time–delimited assignment of an activity group to a user master record into effect, you must first execute a comparison.
The authorization profile is only entered or deleted in the user master record automatically if you have scheduled the background report to run periodically.
Job scheduling is also important for ensuring role consistency after an import.
SAP recommends that you schedule background program PFCG_TIME_DEPENDENCY for these cases.
User assignment
Never insert generated profiles directly into the user master record (Transaction SU01). Assign the role to the user in the Roles tab in transaction SU01 or choose the User tab in role maintenance (PFCG) and enter the user to whom you want to assign the role or profile.
If you then compare the user master records, the system inserts the generated profile in the user master record.
Do not assign any authorizations for modules you have not yet installed
If you intend to gradually add modules to your system, it is important you do not assign any authorizations for those modules you have not yet installed. This ensures that you cannot accidentally change data in your production system you may need at a later stage.
Leave the corresponding authorizations or organizational levels open. Do not set the
Check Indicator in Transaction SU24 to No check.You want to create a user in the test system who can do "almost anything": typically, such users cannot create a user master record or change authorization profiles.
The fastest way to set up this user is as follows:
- Create a role.
- In Authorizations, choose Change authorization data and then Edit ->
This contains the authorization objects generally regarded as critical.
No comments:
Post a Comment