Transaction removed from menu still apprears in S_...

Former Member · ‎09-09-2011

We are doing a role clean up and removed transactions from a general all user role that were causing SoD violations and access was restricted. It's audit time and guess what the transactions are still appearing in S_Tcode even though they are not in the menu. I ran a test this morning, using the general role, if you know to type the transaction code you can access it.

S_Tcode of course is un-editable and P_Tcode, I_Tcode, QM_tcode are not present so how do I get this transaction out of S_tcode so that my role security matches my intent?

jurjen_heeck · ‎09-09-2011

This transaction is probabely a proposed S_TCODE value brought along by one of the transactions in the menu. Have a look in SU24 for all proposals that apply to the transactions in the menu for this role.

Jurjen

Former Member · ‎09-09-2011

thank you for information. I can't turn off the proposals but this lead me to the auth object that I can restrict to make the transaction display only.

Former Member · ‎09-11-2011

search through SUIM for the ROLE for the object S/P/I/Q/L_TCODE and the tcode which is executed.

Former Member · ‎09-11-2011

Hi

Silly question...

Why would the all user role contain transactions/auth objects which create SoD's

Anyhoo

Glad you fixed it.

Regards

David

Former Member · ‎09-11-2011

Nice observation

However for RFC usersit is generally a very bad idea to add the "common functions" role to them - but this is mostly because of the role itself...

Cheers,

Julius

Transaction removed from menu still apprears in S_Tcode