We are on SAP 4.6C and use menu based security. Works well, but there's one problem we haven't solved... Which is providing production view-only access to config for our functional power users. The problem is that we can't just put "SPRO" in the menu but instead need to add the hundreds of tcodes under the SPRO menu. I haven't found any template roles from SAP to address this requirement. Does SAP provide any tools to develop this role?
Though I am a huge fan of the EnjoySAP concept, I don't think it applies very well for Config folks. Personally, I would give them access to O* (S_TCODE), whatever the silly range is for config (S_AHR...*), and restrict them to actvt '03' with the appropriate auth groups in S_TABU_DIS. They should be able to get to any display configuration transaction through SPRO. If they can't... then they shouldn't be configuring the system.
Dig Deeper on SAP HCM
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.