Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Lock a tcode for particular user

Former Member
0 Kudos

Hi Experts

i need to lock few transaction for particular users only. we have n number of roles and the transactions have been assigned to some tcodes to be reasticted for a list of users. is there any method or program to built to restrict the users for few tcodes.is there any more query pl trigger me

regards

bala

11 REPLIES 11

Former Member
0 Kudos

Just assign roles that don't grant access to the tcodes...?

.. or am I missing something here?

Former Member
0 Kudos

Hi experts

i cant do by restricting the users by their roles. i will explaint details. consider if i want to restrict a tcode say se38 to few users who are in the list when i fetch roles which contains this tcode is many and moreover in some personal assigning roles are also available where the authorization was given like A* - P* and more one user assigned with atleast 15 roles where and there are mote then 25 users are assigned - by understanding these type of tediousness i preferred a program or any solution to restrict the users for pariticular tcodes

regards

bala

0 Kudos

Hi Bala ,

In my view the best way to approach the problem is to copy the role by using PFCG Transaction and remove the Tcode that is not required to be assigned to the particular user from the newly copied role and then assign the user that role .

Hope this will help or am i missing something ,

Regards ,

Sagar Barman

0 Kudos

I understand what you are saying and I come across situations like this all the time. It seems that your company didn't develop a proper role design and management strategy - you wouldn't have transaction ranges otherwise!

You are looking for a method would be a shortcut to avoid having to go through the 'pain' of a strong role design. If your roles are designed top-down and are derived for the business units/regions, then the role numbers/design should be very easily manageable. It's an initial investment of time that pays off very quickly. I would consider revisiting your role strategy so that it suits your business and compliance needs.

0 Kudos

Hi bala,

as per ur second post, rather going for programming i prefer to go with authorizations A* - P*

Cheers,

Siva

Former Member
0 Kudos

hi

sagar:

as you said if i start creating roles to restrict some users then there atleast 25 tcodes are there to restrict and 120 roles are to be analyzed and the job becomes hefty by creating roles and there will too many number of roles and it becomes confusion in future forecast. there fore i nedd any suggestion like that the userscan be restricted when they are trying to access that particular code or lock the screen or inform them to not access these tcodes thro some message or writing a program to restrict the users while the user exits. i have an idea but i dont know how it will work - ( I am not a ABAPER) there should be tcode or program which should list tcodes authorized for particular users and where they can be locked like SM01 ( but it will lock for all) but locking for particular users

Am i more advanced??

regards

bala

Former Member
0 Kudos

Hi Bala,

A few days back, I had to do similar task.

I had copied the roles through PFCG and removed the transactions, which were not to be given to a set of users.

If you get the solution, please let me know.

-Nandu More

Former Member
0 Kudos

Hi Bala,

You can actually create a new role by copying the existing role and then Inactivate the authorization objects those you dont need.

Hope it helps.

please reward points if it is useful.

Thanks & Regards,

Santosh

Former Member
0 Kudos

Hi Bala,

You can actually create a new role by copying the existing role and then Inactivate the authorization objects those you dont need.

Hope it helps.

please reward points if it is useful.

Thanks & Regards,

Santosh

Former Member
0 Kudos

HI Bala,

What you can do is assign the users to a seperate user group.

Once the users are in a seperate user group, you can go to the individual security roles and restrict the access to particular transactions by maintaining the auth object S_USER_GRP.

Again, this might not be the most feasible method if your transactions are across many roles which would need that you need to maintain each one of the individual roles.

Let me know if this helps, or I can suggest alternative methods.

Cheers,

Satish

Former Member
0 Kudos

Hi,

Let me frankly tell you that the tcodes are role specific. You cannot restrict a particular transaction for a user without creating the role/profile or without dealing with the Auth. Obj.

So the only solution is to create the roles in prior and assign them as per your buisness need.

What you want if i have understood properly cannot be done.

Hope this helps you to finally decide that since now you always take a decision before hand as a whole and plan for future as well while planning for the present.

In case you get to know something different great to know..do share.

Reward with points.!!!!!!