SECURITY

Q.1 Please explain the personalization tab within a role?
Q.2 Is there a table for authorizations where I can quickly see the values entered in a group of fields?
Q.3 How can I do a mass delete of the roles without deleting the new roles ?
Q.4 How to insert missing authorization?
Q.5 What is the difference between role and a profile?
Q.6 What profile versions?
Q.7 What is the difference between USOBX_C and USOBT_C?
Q.8 What authorization are required to create and maintain user master records?
Q.9 Authorization object needed for PFCG access
Q.10 What is the difference between the table buffer and the user buffer?


Q.1 Please explain the personalization tab within a role?
Personalization is a way to save information that could be common to users, I meant to a user role… E.g. you can create SAP queries and manage authorizations by user groups. Now this information can be stored in the personalization tab of the role. (I supposed that it is a way for SAP to address his ambiguity of its concept of user group and roles: is “usergroup” a grouping of people sharing the same access or is it the role who is the grouping of people sharing the same access).

Q.2 Is there a table for authorizations where I can quickly see the values entered in a group of fields?
In particular I am looking to find the field values for P_ORGIN across a number of authorization profiles, without having to drill down on each profile and authorization. AGR_1251 will give you some reasonable info.

Q.3 How can I do a mass delete of the roles without deleting the new roles ?

There is a SAP delivered report that you can copy, remove the system type check and run. To do a landscape with delete, enter the roles to be deleted in a transport, run the delete program or manually delete and then release the transport and import them into all clients and systems.
It is called: AGR_DELETE_ALL_ACTIVITY_GROUPS. To used it, you need to tweak/debug & replace the code as it has a check that ensure it is deleting SAP delivered roles only. Once you get past that little bit, it works well.

Q.4 How to insert missing authorization?
su53 is the best transaction with which we can find the missing authorizations.and we can insert those missing authorization through pfcg.

Q.5 What is the difference between role and a profile?

Role and profile go hand in hand. Profile is bought in by a role. Role is used as a template, where you can add T-codes, reports..Profile is one which gives the user authorization. When you create a role, a profile is automatically created.

Q.6 What profile versions?
Profile versions are nothing but when u modifies a profile parameter through a RZ10 and generates a new profile is created with a different version and it is stored in the database.

Q.7 What is the difference between USOBX_C and USOBT_C?
The table USOBX_C defines which authorization checks are to be performed within a transaction and which not (despite authority-check command programmed ). This table also determines which authorization checks are maintained in the Profile Generator.
The table USOBT_C defines for each transaction and for each authorization object which default values an authorization created from the authorization object should have in the Profile Generator.

Q.8 What authorization are required to create and maintain user master records?
The following authorization objects are required to create and maintain user master records:
•S_USER_GRP: User Master Maintenance: Assign user groups
•S_USER_PRO: User Master Maintenance: Assign authorization profile
•S_USER_AUT: User Master Maintenance: Create and maintain authorizations

Q.9 Authorization object needed for PFCG access
S_USER_AGR
ACT_GROUP= * (You can restrict by role, if proper naming convention is used)
ACTVT=01, 02, 03, 64 other fields below
01 Create or Generate
02 Change
03 Display
06 Delete
08 Display change documents
21 Transport
22 Enter, Include, Assign
36 Extended maintenance
59 Distribute
64 Generate
68 Model
78 Assign
79 Assign Role to Composite Role
DL Download
UL Upload

S_USER_GRP
CLASS=
ACTVT=22; 03
Other activity
01 Create or Generate
02 Change
03 Display
05 Lock
06 Delete
08 Display change documents
22 Enter, Include, Assign
24 Archive
68 Model
78 Assign
S_USER_TCD
TCD= * (Transaction in role)
S_USER_PRO
PROFILE= *
ACTVT=01, 06
Other activity
01 Create or Generate
02 Change
03 Display
06 Delete
07 Activate, generate
08 Display change documents
22 Enter, Include, Assign
24 Archive
S_TCODE
TCD=PFCG;

Q.10 What is the difference between the table buffer and the user buffer?
The table buffers are in the shared memory. Buffering the tables increases performance when accessing the data records contained in the table. Table buffers and table entries are ignored during startup. A user buffer is a buffer from which the data of a user master record is loaded when the user logs on. The user buffer has different setting options with regard to the ‘auth/new_buffering’ parameter.

Comments are closed.