08-27-2009 10:15 AM
Dear Gurus,
Users in our production system have access to t-code se38,se11.
Now we want to remove these authorizations,but these authorizations are provided to the users via diffrent roles and its difficult to track these authorizations.
I want to know that is it possible to create a restriction authorization where we can define the t-code value as 'not equal' and restrict the desired authorization
Please update
Thanks and regards
Tushar
08-27-2009 10:29 AM
if the transaction authorization given by custome role you have to find that role and change accordingly, there is no short cut.
08-27-2009 10:29 AM
if the transaction authorization given by custome role you have to find that role and change accordingly, there is no short cut.
08-27-2009 10:45 AM
I agree with Netweaver Expert.
If you are finding it difficult to identify those roles then I suggest that someone on your security team gets training ASAP as it it a very, very basic task to ID roles with those authorisations. You can do it in SUIM or via table AGR_1251 in less than 10 minutes.
08-27-2009 11:50 AM
08-27-2009 2:18 PM
08-27-2009 2:20 PM