User should not be able to import a request.

Former Member · ‎02-18-2009

Dear Forum,

We have a role created with all the transaction (*) given to a user.

We want to revoke/restrict the authorization to import a request. User be able to create/edit/release the request but should not be able to import. This should happen without changing to existing (*) but at the same time user should not able to import.

<removed_by_moderator>

Regards,

DD

Edited by: Julius Bussche on Feb 18, 2009 10:48 AM

Former Member · ‎02-18-2009

HI,

If you give him additional authorization for the object

S_TRANSPRT with activity set to 43 (Release Only). It should be allright.

Regards,

Chinmaya

Former Member · ‎02-18-2009

Hi,

you derive a new role from the existing version whoch has * values.

And in the new role you can restrict the user.

Regards

Sreedhar Reddy

jurjen_heeck · ‎02-18-2009

> And in the new role you can restrict the user.

I suspect the how was the original question. S_TRANSPRT is the (already given) answer. Deriving will do nothing for that object as not one of its fields is organizational. Besides that, restricting some more objects to make sure the user cannot create and/or use any workarounds is essential to make this work properly.

The additional request This should happen without changing to existing (*) scares me a bit. Why do these users need over 70000 transactions?

Former Member · ‎02-18-2009

Is there any authority for S_CTS_ADMI in the role still?

Also check S_BTCH_NAM, as the user could schedule an import under foreign user names?

Are you sure that there is no automatic import scheduled anyway?

Cheers,

Julius