Restrict access to FI/CO via SE16/SE38
we want to implement the following scenario:
a user gets a role with the necessary authorizations for his work. For support issues, user needs access to SE16 and SE38.
Now we want to restrict access for tables and reports, so user can't access tables/reports from FI and CO area.
For SE16 I found following solution: I checked tables through table V_DDAT_54 and TBRG and found out, that authorizationsgroups the FI and CO tables often begin with FB, FC, KC, KE and so on. So I can restrict access, that user can't access these tables included in these authorization groups.
But for reports I can't find these tables or groups.
Is there a possibility to restrict access to FI/CO reports like restricting access for SE16? Is there a system like "all authorization groups for FI reports begin with F*"?