We have added search box. Key in SAP issue keyword to search

Announcement: wanna exchange links? contact me at sapchatroom@gmail.com.

Re: [sap-security] PFCG_UPDATE_ALL_ROLES in Production

Posted by Admin at
Share this post:
Ma.gnolia DiggIt! Del.icio.us Yahoo Furl Technorati Reddit

Reply from C. Sugg on Jun 27 at 10:33 AM
We have ours scheduled for 12:07 AM after the clean up job runs to removed
expired role from users.


---------------Original Message---------------
From: sheffeld
Sent: Tuesday, June 27, 2017 9:55 AM
Subject: PFCG_UPDATE_ALL_ROLES in Production

The primary con is that you can remove an end user's access for the role
being generated, while they are using it.

The primary pro is that end user's may not have access to the
authorizations in a role requiring generation until the role has been

My preference (and what has been considered a best practice) is to run
program PFCG_TIME_DEPENDENCY on a periodic basis in Production. The
timing would depending upon the frequency of transports with
role/authorization object/field/transaction modifications being promoted
to Production. Look for the period of least end user logins and then
coordinate with your Basis team to choose a time or times with the least
amount of traffic.


Reply to this email to post your response.
Manage Settings | Unsubscribe | Create FAQ | Send Feedback
© 2017 Ziff Davis, LLC. and message author.
Ziff Davis, LLC. 28 E 28th Street New York, NY 10016
C. Sugg  

Mark as helpful
View this online
Ask a new question
In the Spotlight
Earn Recognition for Your Contributions at Toolbox for IT. Gain Points for Community Achievements



Post a Comment

T r a n s l a t e to your language