How to Regenerate SAP_ALL profile

 


SAP_ALL profile is a composite profile which gives almost full access and should only be assigned to administrators for emergency access. As a best practice, it is always advised to create roles for administrators with S_* objects which give the necessary access for administration and prevents them from accessing any critical data like HR related information.


You can generate SAP_ALL profile in the following scenarios:

  • A new customer-specific authorization object is created. The system regenerates SAP_ALL and updates SAP_ALL profile with the newly created authorization object (condition to – In PRGN_CUST table, attribute value for switch ‘SAP_ALL_GENERATION’ is not set to ‘OFF'; otherwise you will have to manual regenerate SAP_ALL profile).
  • After system is upgraded to new release.
  • After every support pack import, provided that the support pack contains new authorization objects


SAP_ALL profile can be manually regenerated using report
RSUSR406 or via tcode SU21. This regenerates SAP_ALL profile only in the client where this report is executed.




 


SAP_ALL profile can also be generated using report AGR_REGENERATE_SAP_ALL in client 000. It regenerates SAP_ALL in all the clients.

 

Comments are closed.

Leave a Comment


*