Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

restricting values in S_tcode

Former Member
0 Kudos

Hi Gurus,

We have a requirement to remove certain t-codes from the end user roles. However, in some of the role the value in s_tcode is "". As far as i know there is no way we can have a "" and still restrict access to certain t-codes. Can anybody confirm this or correct me if i am wrong?

Thanks,

Abhijit

2 REPLIES 2

0 Kudos

Hi Abhijit,

You are correct that if "" is there in S_Tcode it will give access to all tcodes, however this also depends on the authoriziation object and the field values. If the related authorization objects are not available for the respective todes, then "" will not provide the correct access.

The best practice is always not to use "*" in S_tcode .

Regards,

Nilanjan

jurjen_heeck
Active Contributor
0 Kudos

If the TCD field in your S_TCODE object is set to *, then what are the underlying authorizations? Removing one or more transactions bij defining ranges and thus excluding them may look like a solution but there is a great change the other authorizations in the same roles will allow the user to just bypass the transaction and use the functionality you're trying to deny anyway.

Building roles by taking transactions out of a too big role is like building a hous by digging cavities in a big pile of building material.

Best ask the person who made the requirement to specify what the users should have instead of what they shouldn't.....