Hi ,
Thanks for your reply. But still users can generate the report groups. I want to restrict few users to not to generate the report groups.
Thanks, 
Kumar.

Kumar are you sure the user don't have any other roles with the same object included?

You can use transaction SU56 to check the user buffer. Or via SUIM and search roles by complex celection criteria.

Edited by: Juul Beckers on Mar 6, 2009 8:19 AM

Juul ,

I am sure that not any other roles were added to my test account. when I try to generaate report group

auth objects are not checking whether user has access to generate or not . I know that we can restrict access for particular report groups from S_Program.

Thanks,

Kumar.

Edited by: kumar9349 on Mar 6, 2009 6:34 PM

Hi,
Please check object S_CTS_ADMI. authorization CTS_ADMFCT=TABL gives this authorization.
Regards,
Gowrinadh

Maybe it depends on the version of SAP.

We run SAP ECC 6.0 with SAP_BASIS release: 700

Kumar what's your version?

Edited by: Juul Beckers on Mar 10, 2009 7:50 AM

Hi,

I have performed trace in my development system which is also ECC 6.0 version 7.0. The trace shows this object in addition. And hence pointed out the same.

Regards,

Gowrinadh

Juul Beckers,

Thanks a lot for your reply. I am able to restrict user by S_Program and group: GRWT .I tested it wrongly before(my apologies). I appreciate your help. But this does not work for me because we have a common access role which has access to all auth groups from S_develop object. If I want to restrict program RGRGEN00 then I need to change from authorization group GRWT to other customized auth group.

I opened SAP note and waiting for reply as to me program should check for object G_803J_GJB and activity 01 and allow user to generate report groups which is not happening as expected. Please correct me if I am wrong.

Gowrinadh ,

Thanks for your time. End users will not access to auth object S_CTS_ADMI

But this does not work for me because we have a common access role which has access to all auth groups from S_develop object. If I want to restrict program RGRGEN00 then I need to change from authorization group GRWT to other customized auth group.

May be you would like to revisit your common access role. Whats the tcode that is calling S_DEVELOP in your common role. Does it really need all Authorization groups...maybe it does if you are not using your own authrization group..but you really want to be sure.

Also what is the value for Object type and activity....hope you have taken care of it ...even activtiy 03 with object type DEBUG can give u debugging access.

Edited by: Nishant Sourabh on Mar 10, 2009 6:49 PM