Hi Zaheer,

You perhaps misunderstood me. What I wanted to say was that the Authorization object S_TCODE will not have any value.

But he may or may not have other authorization objects in the role assigned to him.

Will the user still be able to start any transaction?

Regards,

Chinmaya

User will not be able to run any transaction codes if he doesn't have S_TCODE in his buffer.

EXCEPTION : However, in case you have maintained certain tcodes within the parameter "auth/tcodes_not_checked", then user will be able to run only these transaction codes only.

Cheers !!

Zaheer

Hi Zaheer,

My next question would be how in that case would a user be able to change his password, because i think the change password screen is a variant transaction for SU01.

I have a role with only a * value for S_USER_GRP and no other value. ( That is no calue in S_TCODE) and even no other authorization object. but the user will still be able to start su01d. Are there any other set of transactions which this user could start?

Regards,

Chinmaya

Chinmaya,

The screen / program for password reset is different from the initial screen doesn't check for SU01 or SU01D. The program for SU01 (SAPLSUU5) is different from the one you get when you connect to system (SAPMSYST), it is not a transactional variant screen of SU01.

And for the second part of your question, if user has S_USR_GRP with * and no other authorization object ( no value in S_TCODE for SU01D) then user WILL NOT BE ABLE to run SU01D, unless that is maintained in RZ10 parameter to exclude SU01D from authorization check.

Cheers !!

Zaheer

Zaheer,

I think profile parameter auth/tcodes_not_checked is used for "Disables Tcode checking for SU53 & SU56 auth analysis" not for disabling check for S_TCODE.

Thanks,

Pravansu