04-05-2011 2:10 PM
I dont want to give access to scc4 tcode to a particular user( but rest all tcode authorization should be there). I have given him sap_all roles. Now how to restrict him to access scc4 tcode.
Ragards,
Rohit.
04-05-2011 2:42 PM
Remove SAP_ALL, login with the user, excute SCC4, after the error mssage execute transaction SU53 and create a role containing the missing object.
Markus
04-05-2011 3:26 PM
hi,
Authorizations in SAP means permitting not excluding. Only in HR there is a possibility to exclude actions on infotypes. That is the way SAP authorizations works. So if you want all transaction except, you have to restrict the transactions in the from to in object s_tcode and adjust the concerning objects. It should be possible to generate a Sap_all role, do so and adjust. Or you can do this with profiles like the way sap_all has been made. Remember authorizations is not the same like programming.
have fun
bye
Jan van Roest
04-05-2011 3:37 PM
Hi,
you can create a new single role. when maintaining a role you can choose a template for the authorizations of the role. there you can select sap_all. that means that you create a role with SAP_ALL authorizations. Delete the SCC4 Transaction from S_TCODE object.
remove sap_all and assign the new role.
regards, Martin