05-11-2011 8:03 AM
Hi Experts,
We have both ESS and R3 users(who are also ESS) in our project. We want to restrict an important transaction P*** which is accessible by all.
I have seen in suim --> roles --> by transactional assignments. There are few roles which contains those transactions but those are not assigned to all users only a few users.
Then I have created a dummy user and assigned only the ESS roles to it. which was made by copying from the standard ess roles. and I have seen that This user can access that transaction.
It means the transaction is somewhere in the ess roles but I cant find where it is.
Kindly tell how to remove it.
05-11-2011 8:10 AM
Hi
Pls try using SUIM -> By Authorization Value -> S_TCODE..
(your P**** tcode may be part of su24 of other tcode which is in role menu)
--Kamal
05-11-2011 8:46 AM
05-11-2011 8:46 AM
It means the transaction is somewhere in the ess roles but I cant find where it is.
If you are following a certain naming convention for these ESS roles then you can easily find the roles that contain a particular tcode in SUIM.
In SUIM select Roles-->Roles by complex selection criteria, and in the next screen that pops up you can mention the role(if you are following a certain naming convention for ESS roles, for ex. all ESS roles starts with E then you can put as E*) and in the Object field put S_TCODE(press enter) and Transaction code field put the Tcode which you are looking for.
Hope this might help you.
Regards,
Ritesh
05-24-2011 7:44 AM
Hi,
Transaction codes are present in role at two different places.
1. You can check the role menu where you can find the T-code and remove it.
2. You can go inside the role and check the Object S_TCODE which may contain the required T-code in terms of interval also like A-Z due to which user will have access to that T-code.
3. There might be a case a T-code may be internally calling another T-code (you can check that from SE93) in that case S_TCODE for the Transaction code which is checked when T-code is ran is not checked and user might still have access to that T-code. So it might be that the T-code that you want to restrict that is P*** might be called after executing any other T-code as well.
Hope this helps.
Thanks
05-24-2011 7:52 AM
HI,
I Agree with Deepak ,
Transaction can be checked in a role in Menu Tab, or in S_Tcode or user having access to a transaction S**** may be calling the transaction P****.
Thanks,
Sandeep
05-24-2011 11:06 PM
Hi
Maybe looking at this from a table entry view may help as we haven't had a response back on the recent replies I'm assuming they aren't helping?
For the test user try outputting table AGR_USERS and then running table AGR_1251 populated with the list of roles already discovered from AGR_USERS. Do you see the transaction in field TCD? Try pivot table from exel...
Apart from this clunky method the previous replies cover it all perfectly anyway - just wondered if there was any progress on the post?
Cheers
David
05-25-2011 9:29 PM
One of the best way is to check the table AGR_TCODES:
goto SE16 put table name AGR_TCODES EXECUTE IT.
put the name of tcode in field extended program P***** and in Agr name put * then execute it.
it will give you list of all role having tcode P*****.
Cheers
Goldy Verma
05-25-2011 10:16 PM
Hi Goldy
Please refer to the previous posts in this thread as AGR_TCODES is limited to transactions present on the menu.
Hi
Pls try using SUIM -> By Authorization Value -> S_TCODE..
(your P**** tcode may be part of su24 of other tcode which is in role menu)
--Kamal
@ OP: it would be helpful to be given the actual transaction so that we can dig further using a real example rather than a hypothetical...
Cheers
David
Edited by: David Berry on May 25, 2011 10:18 PM