cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SPRO Restriction

Go to solution
former_member343226
Explorer

on ‎03-25-2014 2:53 PM

0 Kudos

Hi,

I want to restrict authorization module wise on SPRO (lets say FI/CO), and I have been able to create a project through SPRO_ADMIN and created the role for the same using the customizing auth option. Its not giving me the desired output:

1. On extracting the list of t-codes for the restricted SPRO role, i get more than 100,000 tcodes in which basis t-codes are also a part of it. Which I believe is incorrent.

2. I have assigned the user this role and he is able to see the customized SPRO but he has to sleect the Project in his favourites for that. This I dont want because the SAP "reference Img " button is also there and he can access the complete SPRO.

What I want:

1. a limited role with ONLY FICO customization, and no reference img access

Please help.

Best Regards

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-25-2014 6:08 PM
0 Kudos

you can check  this

http://scn.sap.com/thread/3189791

I hope this help you

Regards

Show replies
Show replies
former_member343226
Explorer
‎03-26-2014 5:16 AM
0 Kudos

Guys,

Thank you for your response but what I've received from you is already done. Please review my question again.

Let me rephrase it.

I have already created a SPRO_ADMIN Project, genertated and FICO Node, and able to view the same in SPRO but as a favorite. The user is still able to view the "Reference IMG" button from which he can have access on all the nodes still.

"How do I control that" or "identify where I lack"

Thank you

Best Regards,

Syamkriz
Active Participant
‎03-26-2014 6:42 AM
0 Kudos

Hi JK,

Have you created a role with SPRO transaction and assigned to the user? have you tried editing the role to control SPRO access?

Have you tried what is mentioned below (it is in the thread provided by Javier)

Hi Rami,

One way to do it is by first creating Customizing Project in SPRO_ADMIN. You can specify its scope manually from Reference IMG in the scope tab. You can just click the checkbox for Controlling. Then you generate your Project IMG. Read about SPRO_ADMIN and how to create a project in SAP help if you are not really sure and you will understand.

Then in PFCG -> Menu tab - >Utilities -> Customizing Auth -> Add -> Select your Project which you created for controlling and then maintain it as you normally do for other roles.

One thing to remember in customizing role is that you cannot add your additional transactions in this role.

Thanks and Regards,

Syam

former_member343226
Explorer
‎03-26-2014 10:16 AM
0 Kudos


Well guys, ive come up with a workaround though which solves my issue in a way i have wanted.

  1. Create Project, and select custom IMG
  2. Create Project View, and select custom nodes.
  3. Generate View
  4. Goto PFCG, and create a Role
  5. Goto Menu Tab, and from the Menu Bar, select “Cust.
    Auth”
  6. Once you get the list of T-codes added in the
    menu tab
  7. Goto table, AGR_TCODES, enter the role name and
    get the list of tcodes
  8. Create a new role and add Tcodes : SM30 and
    SPRO.
  9. Select tcodes from Step 7, should be added in
    the object (S_TCODE)
  10. If further control is required block S_TABU_DIS
    and other objects as per need

Hope this helps the community.

Regards,

Syamkriz
Active Participant
‎03-26-2014 1:43 PM
0 Kudos

Good job figuring out the solution . please award points for those helped you trigger your thoughts

Answers (3)

Answers (3)

mohan_kumar49
Explorer
‎07-20-2015 1:06 PM
0 Kudos

This message was moderated.

Show replies
Show replies
Sriram2009
Active Contributor
‎03-25-2014 6:01 PM
0 Kudos

Hi

I thing SPRO you can do either display only or full access. for this you can create the Z role and assign to the user

BR

SS

Show replies
Show replies
Former Member
‎03-25-2014 4:40 PM
0 Kudos

Hi,

You really want to be raising this question in the Security and Authorisation community.

Regards,

Graham

Show replies
Show replies
Ask a Question