Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from sheffeld on Jun 27 at 9:55 AM The primary con is that you can remove an end user's access for the role
being generated, while they are using it.
The primary pro is that end user's may not have access to the
authorizations in a role requiring generation until the role has been
regenerated.
My preference (and what has been considered a best practice) is to run
program PFCG_TIME_DEPENDENCY on a periodic basis in Production. The
timing would depending upon the frequency of transports with
role/authorization object/field/transaction modifications being promoted
to Production. Look for the period of least end user logins and then
coordinate with your Basis team to choose a time or times with the least
amount of traffic.
Regards
| | | ---------------Original Message---------------
From: Thembela_Msimango
Sent: Tuesday, June 27, 2017 2:36 AM
Subject: PFCG_UPDATE_ALL_ROLES in Production
Hi Gurus,
We've come across some roles that are not generated in Production, that is with a yellow triangle in the Auth Tab on PFCG. Is running report PFCG_UPDATE_ALL_ROLES a standard practice in SAP Security? and what are the pros/cons of doing this on Prod? |
| Reply to this email to post your response. __.____._ |   _.____.__ |
