08-07-2007 7:55 PM
Hello
I want to remove access to particular Tcode from user. The Tcode is in a role and that role has others user assigned to it. If I delete the Tcode from the role, other users will also be affected. I dont want that to happen. I just want to remove access of 1 user from accessing that Tcode.
Please suggest
08-07-2007 7:59 PM
Jack,
You will have to create a new role without the transaction and assign it to the user. Then remove the current role with the tcode you want removed.
SAP security is based at the role level not user level for most aspects of R/3.
Cheers,
Ben
08-07-2007 8:04 PM
Jack, Remove the role from the user and create a new one for him with the restriction that you need.
cheers, lean
08-07-2007 8:29 PM
Quickest way is to copy the role - remove the tcode you don't want and replace the first role with the new one on the user id.
08-09-2007 8:09 PM
Jack,
Remember you should always create Roles following your organizations Authorization Concept, once you start to create ad-hoc Roles in your system for different purposes not only do you lose track of all these Roles but it becomes more difficult to maintain.
Regards
Ashley
08-11-2007 8:33 PM
Hi jack,
firstly check if there are any roles which are avaliable without the required transaction using SUIM.and then check the other roles which have the other remaining transactions.Select which roles suits the user the best with all the transactions except the one u want.Remove the present role and assign the roles which u have selected.
regards
pavan
08-13-2007 9:27 AM
Hello ,
Roles in SAP are just the containers for the authorisation.If you want to remove just one transaction from an enduser,then you must follow the below strategy:
1) Work on the transaction grouping strategy.Find the nature of the new transaction in terms of business function(MM/SD/FICO) that the user needs .
2) Find the role present in the users profile which would best fit the new transation.
3) If the above 2 points dont work out , then it would be wise option to just create a new role with one transaction in it and the standard authorizations.
Thanks
Vishal Padiyar
SAP BASIS Consultatnt,
Infosys Technologies Ltd