Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization issue (restrict a user to access scc4 tcode)

Former Member

‎04-05-2011 2:10 PM

0 Kudos

I dont want to give access to scc4 tcode to a particular user( but rest all tcode authorization should be there). I have given him sap_all roles. Now how to restrict him to access scc4 tcode.

Ragards,

Rohit.

3 REPLIES 3

markus_doehr2
Active Contributor

‎04-05-2011 2:42 PM

0 Kudos

Remove SAP_ALL, login with the user, excute SCC4, after the error mssage execute transaction SU53 and create a role containing the missing object.

Markus

Former Member
In response to markus_doehr2

‎04-05-2011 3:26 PM

0 Kudos

hi,

Authorizations in SAP means permitting not excluding. Only in HR there is a possibility to exclude actions on infotypes. That is the way SAP authorizations works. So if you want all transaction except, you have to restrict the transactions in the from to in object s_tcode and adjust the concerning objects. It should be possible to generate a Sap_all role, do so and adjust. Or you can do this with profiles like the way sap_all has been made. Remember authorizations is not the same like programming.

have fun

bye

Jan van Roest

martin_juen2
Contributor
In response to markus_doehr2

‎04-05-2011 3:37 PM

0 Kudos

Hi,

you can create a new single role. when maintaining a role you can choose a template for the authorizations of the role. there you can select sap_all. that means that you create a role with SAP_ALL authorizations. Delete the SCC4 Transaction from S_TCODE object.

remove sap_all and assign the new role.

regards, Martin