on 03-25-2014 2:53 PM
Hi,
I want to restrict authorization module wise on SPRO (lets say FI/CO), and I have been able to create a project through SPRO_ADMIN and created the role for the same using the customizing auth option. Its not giving me the desired output:
1. On extracting the list of t-codes for the restricted SPRO role, i get more than 100,000 tcodes in which basis t-codes are also a part of it. Which I believe is incorrent.
2. I have assigned the user this role and he is able to see the customized SPRO but he has to sleect the Project in his favourites for that. This I dont want because the SAP "reference Img " button is also there and he can access the complete SPRO.
What I want:
1. a limited role with ONLY FICO customization, and no reference img access
Please help.
Best Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Guys,
Thank you for your response but what I've received from you is already done. Please review my question again.
Let me rephrase it.
I have already created a SPRO_ADMIN Project, genertated and FICO Node, and able to view the same in SPRO but as a favorite. The user is still able to view the "Reference IMG" button from which he can have access on all the nodes still.
"How do I control that" or "identify where I lack"
Thank you
Best Regards,
Hi JK,
Have you created a role with SPRO transaction and assigned to the user? have you tried editing the role to control SPRO access?
Have you tried what is mentioned below (it is in the thread provided by Javier)
Hi Rami,
One way to do it is by first creating Customizing Project in SPRO_ADMIN. You can specify its scope manually from Reference IMG in the scope tab. You can just click the checkbox for Controlling. Then you generate your Project IMG. Read about SPRO_ADMIN and how to create a project in SAP help if you are not really sure and you will understand.
Then in PFCG -> Menu tab - >Utilities -> Customizing Auth -> Add -> Select your Project which you created for controlling and then maintain it as you normally do for other roles.
One thing to remember in customizing role is that you cannot add your additional transactions in this role.
Thanks and Regards,
Syam
Well guys, ive come up with a workaround though which solves my issue in a way i have wanted.
Hope this helps the community.
Regards,
This message was moderated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
I thing SPRO you can do either display only or full access. for this you can create the Z role and assign to the user
BR
SS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
You really want to be raising this question in the Security and Authorisation community.
Regards,
Graham
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.