Hi Kiran,

Thanks for your promt response.

Actually when we give that we can change Time Zone, Decimal Notation, Parameters addition and it is not recommended as we are giving all employees as same. So we need restriction as only display.

HI Hima,

Then Do one thing Remove SU3 TCode from Role and Give SU2 transaction Which will Give access to only Address and Parameter tab Not Default tab Access.

I hope this will help

Regards

Kiran.S

Hi Kiran,

Much Appreciated for quich response.

Its fine but we will be giving in single role for all users and we can have 3 tabs but i need change to be restricted and display can be available for Address, defaults and Parameters.

In SU2 parameters are editable that should also not happen.

Thanks... Awaiting for your response

Hi Hima,

As far as i know its not possible.Sorry

Regards

Kiran.S

Hi Pavan,

Thank you. But here the issue we have is with SU3 where some users need to change their own data and some users should not change their own data.So we need to restrict for some users only for display with tcode SU3 and it is not egtting restricted with display.

Hi Hima

Which own information or data does user's need to change ?? and why ?

If its for Time Zone, Decimal Notation, Parameters addition

It will be done security team right ??

For changing parameters , Su2 can be used.

Do you have the specific list of users , who should have access to Su3 ?? and who should not ?

Cheers

Pavan M

Hi,

Yes i am speaking about Time Zone, decimal Notation, Parameters addition only. Actually for all the users Security team will be doing but for Self we have given access to SU3.

As of now we have given to all for Tcode SU3, but now we need to restrict with display access with SU3 for some users and we have list too.

Thanks in advance for your time.

Hi Hima Bindu

Remove the role which has SU3 tcode from all the users and assign that  role to the users who should change Time Zone, decimal Notation, Parameters additiond by them self then , as per your requirement, which I am not happy about it any way.

For all the others users, security team will look in to it

I am not considering to go to ABAP er for creating of custom tcode for Su3 ..

SU3 is basically for change and SU01d is basically for display

Howzz thaaat ??

Cheers

Pavan M

Hi Pavan,

Thank you. Obviously good. In SU01d we have not only Address, Parameters tabs but also roles and some other tabs and its not required for users...

We require SU3 for all with change but only few with SU3 display.

I tried adding many auth. objects related to that but its not getting restricted.

Hi,

There are a few options, a couple of them are

1. Find an appropriate enhancement point in SU3 to add some additional display logic that will will allow you to toggle update / display based on an authorisation value.

2. use SHD0 to create a variant that has only display, assign that to to a custom tcode and get the display-only users to use that.

Adding auth objects to roles won't control something (like SU3) that hasn't been coded with the checks in place to start with.

Hi Alex,

Thank you for the response.

As it is standard and we dnt have any permissions for opting enhancements.

Custom tcode is not recommended, so we need to check with standard only.