IDocs in SAP

IDOCS in SAP

IDOC (intermediate document) number, which is a format SAP uses for electronic document exchange between systems.When a CUA system is involved, you should get in the habit of checking the CUA log often to ensure the user master record changes are getting processed. SCUL is a transaction that should be checked often when you are working within a CUA. In CUA, when you save a user master record in SU01, three status records are created. One to update the user master information related to the logon, the address, and the default tabs. A second status record is created for role changes, and a third record is created for changes on the Profile.

Question

Simhachalam Naidu :Hi All,
Hope your are doing good!
How to restrict the profile is there any way to restrict standard profiles could you please help me on this?

Return code values in SAP CRM system are 0,4,12,16 and 24...!! Is this same for R/3 System ...?

Yes in r/3 also we get 0,4,12. I never came across other 2 practically but theoretically they do exists in r/3.

In error related to security point of view...0,4,08,12...that if we check all the option i the trace than may be in program level/rfc level....we would get that i guess...but for security not needed.

There some times applicable for 08 also,we get this due to some invalid user buffer.

Based on object related to some program , dataset or rfc you get rc 12 but for other functional objects u get 08.

I had once got an RC 8 when there was a test role created in QA having the same profile name as that of the role being transported (just the profile name and not the role name) in such a case where there is a deadlock due to the profile names being the same leads to a RC 8.

Can anyone please help me understand what is Shell role?

An SAP std role without profile. You are required to generate its profile if u wish to use it. Shell role is used for EP. EP stands for employee portal. Shell role is generally a role without authorization object and without any t-codes. Generally shell roles are portal roles through which the links in portal are maintained. At ABAP side , Shell roles are standard roles provided by SAP

By default 10 rows are displayed in role tab of SU01, can we change any settings to display more rows at a time, its a pain to copy roles manually from an existing user if there are many of them.

Go to se15 use table agr_users , put user name and

execute. U'll get all roles of a user. In case of cua use table usla04.

Goto su01--> and in roles tab -->click on empty row selection pop up will appear

and in that we have multiple selection button is there select that and go on that Total roles in the system will appear (if have access ) then select the roles that u need .In that we can choose all at once also.

Above are some answers but yes there is no way by which we can assign more that 10-12 roles at one time.

In AC 10 , what is the purpose of "assign group field mapping" which present in "maintain mapping for actions and connector" . Can we create f4 help entries for custom field with this?

This activity is used to map Access Control fields to connected system fields, for

example, mapping a user personnel number as the email in Access Control. Like AC Field Name

(example: E_MAIL)●

System Field Name (example: PERNR)●

Table Name (example: 0006)●

Subtype (example: 5)● ... We can't create custom field there using F4 help .. You have to use SE11 to

create Custom field where you would first define domain and them data type... Till now I have not used

this functionality in any one my client....

What is diff b/w S_TCODE and S_USER_TCD??

Object S_USER_TCD controls the access of t-codes that user can include while creating role. 

S_tcode : while executing any t-code in sap system first it checks this ao. s_user_tcd: this ao is useful for adding a t-code at menu level with out this a.o we can't add t-code at menu level.

About S_TCODE : Whenever a transaction is started, a check is made against this authorization object by the screen with the transaction code as the value. This check always takes place & cannot be deactivated by the developer. Some exceptions are Tcode SU01, SU02, SU03 (so that the missing authorizations for object S_TCODE can be post-maintained if there are problems), Tcode SU50, SU51, SU52 (setting user defaults, user address and parameters) and transactions SU53 and SU56 (for analyzing possible errors).

About S_USER_TCD: Authorization objects control the Tcodes that sys admin can assign to an activity group, as well as the Tcodes for which they can assign Tcodes authorization (object S_TCODE).