Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Restricting Tcode using Roles

former_member184624
Participant
0 Kudos

Dear BW Experts,

I want to create a role to restrict of accessing TCODE : STMS_IMPORT and STMS in Production system. I can able to create a role by adding S_TCODE. While creating the role, inclusion is available but exclution is not available. I want to create a role by restricting tcode STMS and STMS_import. How to achieve this. Please help.

Thanks.

1 ACCEPTED SOLUTION

Loed
Active Contributor
0 Kudos

Hi Jalina,

Currently, what is the role of the user you are referring? Why don't you edit his or copy his current role and remove the STMS_IMPORT and STMS in S_TCODE?

Regards,

Loed

7 REPLIES 7

Loed
Active Contributor
0 Kudos

Hi Jalina,

Currently, what is the role of the user you are referring? Why don't you edit his or copy his current role and remove the STMS_IMPORT and STMS in S_TCODE?

Regards,

Loed

0 Kudos

HI,

Thanks for the reply. For the Current role, I have given access to all Tcode. I just want to restrict STMS_IMPORT. I cannot include all the TCODES in the current role. Please suggest.

Thanks.

Former Member
0 Kudos

Hi Jalina,

You can try below option.

Thanks,

Shakthi Raj Natarajan

former_member185132
Active Contributor
0 Kudos

This is a Basis/Security question and should ideally be posted in that SCN space. Security folks are better placed to answer this.

Former Member
0 Kudos

Hi Jalina,

    I wonder why would you even give access to all T codes in S_TCode, which is quite dangerous. Instead, try giving access to those T codes which is required by the user. And in case the user needs access to some critical transactions, then you may either suggest the user to use FF ID or may be you can give him/her access on temporary basis. I do not see a point in adding '*' in S_Tcode. Also I dont think it is SOX complaint.

Regards,

Mohamed Fazil

Former Member
0 Kudos

All transaction codes in production !! You might to review the security design and give them what is needed versus give all and then restrict on few.

Colleen
Advisor
Advisor
0 Kudos

Hi Jalina

but exclution is not available



SAP Security role authorisation concept does not cater for exclusion values or ranges


If you are not a security person, I recommend you look at the ADM940 or help.sap.com for Authorisations Concept or discuss your requirements with your Security contact.


Regards

Colleen