Define the extended assignment between SNC-names and R/3-users.
There exist some scenarios where the simple assingement is not sufficent. Every R/3-user can only belong to one SNC-name. In case of shared userids like the SAP standard users SAP*, SAPCPIC, DDIC and EARLYWATCH you need multiple assignments.
You can enter a "*" for the user or the SNC-name to allow everybody to work but in this case the access control list is degenerated:
Userid SNC-name Conclusion
defined * Everybody can work with this R/3-user.
* defined This master user can work with all R/3-user.
* * No access control at all
The extended SNC-information for the user is entered using transaction SM30 with table USRACLEXT.
Recommendation
Don't use *-entries. They can lead to a security leak.
Activities
1. Choose the entry you wish to modify or choose New Entries.
2. On the following screen, enter the data:
- SNC-name
3. The canonical SNC-name will be calculated if SNC is active.
No comments:
Post a Comment