Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is it possible to deny access to a specific user for a specific transaction

Go to solution
Former Member

‎09-25-2008 2:06 PM

0 Kudos

By "DENY" I mean a command that would override all other authorizations for the user and prevent authorization for a transaction even though they are authorized by a role or roles in their accout?

Thanks.

1 ACCEPTED SOLUTION

Go to solution
jurjen_heeck
Active Contributor

‎09-25-2008 2:50 PM

0 Kudos

No.

The SAP security concept is about allowing things, not denying. You cold lock the transaction, but that would impact all users.

2 REPLIES 2

Go to solution
jurjen_heeck
Active Contributor

‎09-25-2008 2:50 PM

0 Kudos

No.

The SAP security concept is about allowing things, not denying. You cold lock the transaction, but that would impact all users.

Go to solution
Former Member

‎09-25-2008 4:19 PM

0 Kudos

> 

> By "DENY" I mean a command that would override all other authorizations for the user and prevent authorization for a transaction even though they are authorized by a role or roles in their accout?
> 
> Thanks.

Everything is possible but will it be a feasible design.

You will need to create a new role for that person without the transaction you are trying to restrict. Remove current role assignment and assign new one. Just one ugly design.

If the tcode is HR or OM, you might be able to use a PD.

Good Luck!