Difference between Change Mode and Expert Mode in PFCG?
Answer / itsgaurav151
Change mode : If a new t-code is added to a role it will pull the auth obj corresponding to that t-code but not any of those which was deleted by us earlier, provided that obj is not related to newly added t-code. Or we can say that change mode will compare the auth in the role for newly added t-code with su24 and and will add all the necessary objects.
Expert mode : it have three options .
1. Delete all auh and create new profile- it will delete all auth data except org level and we have to create new authorizations in role corresponding to all t-codes in role.
2.Edit old status - it will give u chance to edit last saved authorizations only, no matter if u added any t-code to role. it will not pull the auth obj for new t-code from su24.
3. Edit old status and merge with he new - this will compare the auth of all t-codes in role with the records in su24 and will pull the objects corresponding to newly added t-code as well the missing object for any other t-code present in role and was deleted earlier.The newly pulled auth objects are marked as new and old ones are marked old.The auth objects in which auth values are added/changed gets the staus updated.
Is This Answer Correct ? | 52 Yes | 4 No |
Could any one tell me "What is critical authorizations in sap security"?
How will remove all expired role assignments to number of users ?
What are pfcg t-codes used for?
What authorization is required to create and maintain user master records?
Which request is this Which we create for transportation?
what are the issues you faced with UME?
What are the steps involved in SAP Security upgradation projects and also in SAP security impletation projects
what is the profile
A user has roles that only give display access but he can still change something in the system. how?
what is difference between master role and derived role
What are the most used tables in sap?
how we Restrict the auth groups for table maintain, creating Auth group using SE54 to built new Auth groups to restrict tables via auth object S_TABU_DIS