Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict user not to access the transaction directly

Go to solution
Former Member

‎09-15-2011 9:46 AM

0 Kudos

Is it possible to restrict a user's ability to call a transaction directly, but still allow that same user to "call" the transaction indirectly when executing another transaction?

As an example, we have users who execute SAP transaction F.50 (program SAPF181). When this transaction is executed a batch input session is created. The user then proceeds to transaction SM35 to process the batch input session. Execution of this batch session results in SAP calling transaction FB01 (unbeknownst to the user).

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎09-27-2011 6:30 AM

0 Kudos

Hi,

You can solve this problem by going to transaction SE97 and giving the transaction and executing it.

This will give you the list of called transactions, select the transaction which u don't want to be called, then turn the check to No. It will create a transport request. import it to productions and now that transaction will be called but u won't have to assign that transaction in the Role.

10 REPLIES 10

Go to solution
Former Member

‎09-15-2011 11:50 AM

0 Kudos

Hi,

 
Is it possible to restrict a user's ability to call a transaction directly,

Yes. Don't include the transaction in any role. 

 
but still allow that same user to "call" the transaction indirectly when executing another transaction?

Yes. Create a parameter or variant transaction code and call the transaction indirectly.

But, I am not sure what the problem is with the functionality F.50. Is it not behaving the way it should be?

Please post the complete question and the steps that you have taken so far.

Regards,

Raghu

Go to solution
Former Member
In response to Former Member

‎09-17-2011 10:40 AM

0 Kudos

@Raghu Boddu

Thanks for your reply Can you tell me how can I Create a parameter or variant transaction code and call the transaction indirectly.

Go to solution
Former Member
In response to Former Member

‎09-17-2011 12:24 PM

0 Kudos

Hi,

A quick search on creating parameter & variant transactions will yield more links and discussions.

You can also use key words such as SHD0, SE93 Parameter transactions.

All the best!

Regards,

Raghu

Go to solution
Former Member
In response to Former Member

‎09-20-2011 9:06 AM

0 Kudos

raghu,

variant t-code is for modifying properties of a existing t-code. paraemeter t-code is one where default entries are pulled up. i do not think, they are related or help in INDIRECT calling of t-codes

Go to solution
Former Member

‎09-15-2011 6:45 PM

0 Kudos

Hi,

Since F.50 is an adjustment tcode, it naturally involves posting entries to adjust the financial accounts. Is it not possible to run the batch session by a Batch user with more access rather than giving FB01 to these individual users ?

As far as i go, the batch session will perform a tcode check and it would still end up in error if S_TCODE is not updated for the tcode it is looking for.

Rgds,

Sri

Go to solution
arpan_paik
Active Contributor

‎09-16-2011 7:13 AM

0 Kudos 
 The user then proceeds to transaction SM35 to process the batch input session. Execution of this batch session results in SAP calling transaction FB01 (unbeknownst to the user).

When the user is processing a batch input then it is actually processing a business process which require access to a business transaction. Which is FB01 in this case I believe. Analyze with functional team on batch session and related business process then you may get a clearer picture.

Regards,

Arpan Paik

Go to solution
Former Member
In response to arpan_paik

‎09-16-2011 8:08 PM

0 Kudos

Hi

you definetly needed S_TCODE value F.50, as it is required to run BDC.

Recently we had the same issue, we tried many ways,. but ultimatly we had given direct access.

Go to solution
Former Member

‎09-17-2011 12:01 AM

0 Kudos

What is the concern?

If it is just because FB01 is on some forbidden list or SoD matrix you were given (but F.50) is not then you should recognize the joke about the requirement and the choice of transaction.

What are they processing in f.50 which is not restricted in Fb01?

Depending on what they are processing, you can consider a different (perhaps more logistically oriented) transaction)?

I can only recomment avoiding FI document type groups if you have thought of that and want to stick to the FI posting because it is optional. That means you need to protect all the rest to authorize a specific document type.

This usually results in chaos.

Cheers,

Julius

Go to solution
Former Member

‎09-17-2011 10:43 AM

0 Kudos

Thanks all for your reply

Go to solution
Former Member

‎09-27-2011 6:30 AM

0 Kudos

Hi,

You can solve this problem by going to transaction SE97 and giving the transaction and executing it.

This will give you the list of called transactions, select the transaction which u don't want to be called, then turn the check to No. It will create a transport request. import it to productions and now that transaction will be called but u won't have to assign that transaction in the Role.