Abdullah Azzouni wrote:
As Jurgen said, you need to remove authorization to create customers from every role. Removing authorization from transactions XD01, etc. is not enough. You need to remove authorization to objects such as F_KNA1_BED, F_KNA1_GRP, etc.
No, that wouldn't work, because MDG checks the object authorizations as well (at least by default - you can bypass the backend authorization checks), and only allows the user to modify the fields he is entitled to, e.g. you can only create/edit the company code views you have access to by your authorizations.
If on the other hand you give full object authorizations (F_KNA1* objects etc.), but remove the transaction rights, then the user can create / edit any Customer, but only via the MDG-C "transaction" (FPM application).
You would reserve roles for XD01 etc. transactions to IT support personal or the migration team.
Best regards
Jürgen