04-06-2011 12:53 AM
Is it possible to control access at the transaction code level? Ex: Controlling access to VK11. The system already has several roles with access privileges to VK11. As a new requirement if I have to control access to a very limited set of users/roles then what is the best approach? Do I have to clean up all the existing roles or this can be handled in a simpler way?
04-06-2011 1:09 AM
Hi,
authorization object S_TCODE allows you to control access to transaction. So if there is any role which should not have access to same aprticular transaction then you have to update that role. In other words if there is a mess then you need to clean it up.
Cheers
04-06-2011 9:04 PM
04-19-2011 8:18 AM
Hi Lakshmi,
Regarding your question, you need to check which roles has assined as V* under S_TCODE , you need to remove VK11 from that and you need to give the range accordingly.
Hope this information helps.
thanks!
Regards,
Pavithra.B
04-19-2011 8:29 AM
...just a thought: copy VK11 to (for instance) ZVK11 in se93. Lock vk11 in sm01. Create a role only with s_tcode=zvk11. Assign that role to that limited number of users. b.rgds, Bernhard