Professional Documents
Culture Documents
change users (assign profiles) S_TCODE with TCODE 'SU01' - central user administration,
S_USER_GRP with activity '02' - local user administrators
S_USER_PRO with activity '22' (restricted to user groups)
- system administrators
authorisation administration
create profiles S_TCODE with TCODE 'SU02' - authorisation administrators
S_USER_PRO with activity '01' and '07'
create activity groups S_TCODE with TCODE 'PFCG' - authorisation administrators
S_USER_AGR with activity '01'
S_USER_PRO with activity '01' and '07'
create/delete authorisations S_TCODE with TCODE 'SU03' - authorisation administrators
S_USER_AUT with activity '01' or '06'
change profiles S_TCODE with TCODE 'SU02' - authorisation administrators
S_USER_PRO with activity '02' and '07'
change activity groups S_TCODE with TCODE 'PFCG' - authorisation administrators
S_USER_AGR with activity '02'
S_USER_PRO with activity '02' and '07'
change authorisations S_TCODE with TCODE 'SU03' - authorisation administrators
S_USER_AUT with activity '02'
1
Change Management
execute imports TA Tool: ZS03 - system administrators
TMS: - emergency user
S_TCODE with TCODE 'STMS'
S_CTS_ADMI
change changeability of clients S_TCODE with TCODE ‘SCC4‘ - system administrators
S_TABU_DIS with activity ‘02‘ and Table - emergency user
class 'SS'
S_TABU_CLI with 'X'
change system changeability S_TCODE with TCODE ‘SE06‘ or 'SE03' - system administrators
S_CTS_ADMI with function ‘INIT‘ and ‘SYSC‘ - emergency user
S_TRANSPRT with activity '03' and
TTYPE='*'
Debugging with Replace S_DEVELOP with activity ‘02‘ and object type - emergency user
‘DEBUG‘
update basic tables via standard S_TCODE with TCODE 'SM30' or 'SM31' - system administrators
transactions S_TABU_DIS with activity '02' and table class - emergency user
'SS'
Basic Functions
update profile parameters S_TCODE with TCODE ‘RZ10‘ - system administrators
S_RZL_ADM with activity '01'
stop application servers S_TCODE with TCODE ‘RZ03‘ - system administrators
S_RZL_ADM with activity '01'
stop working processes S_TCODE with TCODE 'SM04' or 'SM50' - system administrators
S_ADMI_FCD with function 'PADM' - emergency user
reading spool orders from other S_TCODE with TCODE = 'SP01' - system administrators
users S_SPO_ACT with spool action 'DISP' - application responsibles
S_ADMI_FCD with function 'SP01' or 'SP0R' - emergency user
reading spool orders from other S_TCODE with TCODE 'SP11‘ or ‘SP12‘ - system administrators
users out of TemSe S_TMS_ACT with STMSACT=‘REA‘, - application responsibles and
STMSOWNER=‘GRP‘ or ‘OCL‘, end users, restricted to special
STMSOBJECT=‘SPOOL*‘ groups (if possible)
2
delete change documents S_TCODE with TCODE 'SE38' or 'SA38' and - nobody
S_SCD0 with activity '06' or '12'
Interfaces
update RFC connections S_TCODE with TCODE 'SM59' - system administrators
S_ADMI_FCD with function 'NADM' - ALE/EDI responsibles
- emergency user
update ALE distribution model S_TCODE with TCODE ‘SALE‘ - system administrators
B_ALE_MODL with activity '01 or '02' - ALE/EDI responsibles
- emergency user
create logical system commands S_TCODE with TCODE ‘SM69‘ - system administrators
S_RZL_ADM with activity ‘01‘ or '02'
S_LOG_COM
execute logical system S_TCODE with TCODE ‘SM49‘ - system administrators
commands S_LOG_COM - application responsibles
- emergency user
3
Definition of Roles in the
granting process:
system administrators responsibles for the SAP system(s)
(partly with special Admin-ID)
central user administration responsibles for creating user IDs and assigning user authorisations
decentral user administration responsibles for assigning user authorisations within their department
help desk responsible for resetting passwords and revoking user IDs