09-25-2008 2:06 PM
By "DENY" I mean a command that would override all other authorizations for the user and prevent authorization for a transaction even though they are authorized by a role or roles in their accout?
Thanks.
09-25-2008 2:50 PM
No.
The SAP security concept is about allowing things, not denying. You cold lock the transaction, but that would impact all users.
09-25-2008 2:50 PM
No.
The SAP security concept is about allowing things, not denying. You cold lock the transaction, but that would impact all users.
09-25-2008 4:19 PM
>
> By "DENY" I mean a command that would override all other authorizations for the user and prevent authorization for a transaction even though they are authorized by a role or roles in their accout?
>
> Thanks.
Everything is possible but will it be a feasible design.
You will need to create a new role for that person without the transaction you are trying to restrict. Remove current role assignment and assign new one. Just one ugly design.
If the tcode is HR or OM, you might be able to use a PD.
Good Luck!