Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to remove access of Tcode within a role

Former Member

‎08-07-2007 7:55 PM

0 Kudos

Hello

I want to remove access to particular Tcode from user. The Tcode is in a role and that role has others user assigned to it. If I delete the Tcode from the role, other users will also be affected. I dont want that to happen. I just want to remove access of 1 user from accessing that Tcode.

Please suggest

6 REPLIES 6

Former Member

‎08-07-2007 7:59 PM

0 Kudos

Jack,

You will have to create a new role without the transaction and assign it to the user. Then remove the current role with the tcode you want removed.

SAP security is based at the role level not user level for most aspects of R/3.

Cheers,

Ben

Former Member

‎08-07-2007 8:04 PM

0 Kudos

Jack, Remove the role from the user and create a new one for him with the restriction that you need.

cheers, lean

Former Member

‎08-07-2007 8:29 PM

0 Kudos

Quickest way is to copy the role - remove the tcode you don't want and replace the first role with the new one on the user id.

Former Member

‎08-09-2007 8:09 PM

0 Kudos

Jack,

Remember you should always create Roles following your organizations Authorization Concept, once you start to create ad-hoc Roles in your system for different purposes not only do you lose track of all these Roles but it becomes more difficult to maintain.

Regards

Ashley

Former Member

‎08-11-2007 8:33 PM

0 Kudos

Hi jack,

firstly check if there are any roles which are avaliable without the required transaction using SUIM.and then check the other roles which have the other remaining transactions.Select which roles suits the user the best with all the transactions except the one u want.Remove the present role and assign the roles which u have selected.

regards

pavan

Former Member

‎08-13-2007 9:27 AM

0 Kudos

Hello ,

Roles in SAP are just the containers for the authorisation.If you want to remove just one transaction from an enduser,then you must follow the below strategy:

1) Work on the transaction grouping strategy.Find the nature of the new transaction in terms of business function(MM/SD/FICO) that the user needs .

2) Find the role present in the users profile which would best fit the new transation.

3) If the above 2 points dont work out , then it would be wise option to just create a new role with one transaction in it and the standard authorizations.

Thanks

Vishal Padiyar

SAP BASIS Consultatnt,

Infosys Technologies Ltd