Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Exclude from All authorazation

Go to solution
Former Member

‎04-21-2009 7:57 AM

0 Kudos

Dear Team,

I have to given authorazation that are start with Z.i,e Z* to so many users..But now I want to exculde only two transastion Authorazation i.e ZRABC & ZRXYZ.

How I can exclude these two transastion from Z*.

Thanks

Moni

1 ACCEPTED SOLUTION

Go to solution
jurjen_heeck
Active Contributor

‎04-21-2009 8:25 AM

0 Kudos

> How I can exclude these two transastion from Z*.

There have been quite a few discussions about this and the basic answer is:"you cannnot":. SAP security is about allowing stuff, not denying.

As Ravi pointed out, working with ranges may be an option. One additional advice from me: Test your ranges by entering them into the SE16 selection screen for table TSTC to see if the range really suits your needs.

5 REPLIES 5

Go to solution
Former Member

‎04-21-2009 8:12 AM

0 Kudos

You canu2019t enter the T-codes like z* in Role menu you have to enter full T-Codes.

But You can enter like this in object level under S_Tcode

You can restrict like below

Add object S_tcode manually

Under that object enter

From za* to zw*

Again from zs* to zz*

In this you can restrict zr*

In this way you can avoide which is not required.

You canu2019t restrict except

Go to solution
Former Member
In response to Former Member

‎04-21-2009 10:21 AM

0 Kudos

Yaa I have given in S_Tcode.

Now I will assign range for Z tcode.

Thanks for your nice reply.

Moni

Go to solution
jurjen_heeck
Active Contributor

‎04-21-2009 8:25 AM

0 Kudos

> How I can exclude these two transastion from Z*.

There have been quite a few discussions about this and the basic answer is:"you cannnot":. SAP security is about allowing stuff, not denying.

As Ravi pointed out, working with ranges may be an option. One additional advice from me: Test your ranges by entering them into the SE16 selection screen for table TSTC to see if the range really suits your needs.

Go to solution
Former Member
In response to jurjen_heeck

‎05-08-2009 10:34 AM

0 Kudos

thanks for nice reply.

My problem has been solved

Moni

Go to solution
Former Member

‎04-21-2009 9:07 AM

0 Kudos

Perhaps you realize now that using ranges was a design error to begin with...

Another "trick" is to add an additional authorization object to the transactions in SE93, which checks something which only the correct users are authorized for.

Cheers,

Julius