ya i have checked thoroughly in S_tcode it is not over there but when checking with SUIM for SPRO i got a role which has got SPRO authorization ,... how to remove this

I have used function module SUSR_SYNC_USER_TABLES with table type = X successfully in the past to sync the USR* tables with the UST* tables which SUIM reports out of.

If you can't find SPRO in the menu or S_TCODE of the role, or in the S_TCODE object in the generated profile for the role (tx SU02) then I suggest that SUIM is not reporting the right info (not uncommon)

640 final release

when entered spro in command field and pressed enter the user gets the inital screen of SPRO "Customizing: Execute Project"

what should i do ?

Hi,

In My opinion, Lets get to the fundamentals --

A. For a TCD to execute it ought to be present in S_TCODE Object.

B. IF the role is devoid of SPRO in S_TCode object and the USer is able to execute , then two things;

1.The User has another role that permits the SPRO

2. You need to relook again -as I suspect You have not looked well for S_TCODE with SPRO written there.

Thanks

For your information

1.the user doesnt have spro assigned to any other roles.

2.in s_tcode, spro is not written there.. should i write spro? in what way?

Hi,

I hope u have checked for wild characters and ranges in S_TCODE.

Regards,

Sachin

Hi sreenivasan,

As george suggested,please look for each role which contains list of transactions from SUIM - path is USER INFORMATION SYSTEM->TRANSACTIONS->EXECUTABLE FOR ROLE.Enter each individual role here and check for transactions.If u find SPRO in a particular role,then check for ranges(S*) in S_TCODE object.

If u gave SPRO through MENU (earlier),then u have to check the NODE for SPRO in the role menu and delete it(as u may know u can't delete from S_TCODE object in this case).

If ur problem still exists,please come bach with some more details like what activities u performed to find SPRO.That helps for us also in future.

Rgds,

Gadde.

Did u checked for S* in all roles??

If yes,

then check for PROFILE tab in SU01 once for full authorizations(like SAP_ALL & SAP_NEW).

Rgds.

If should find an answer to the pblm you are facing in these posts ..else keep repeating the steps again.These posts have covered pretty much every thing !

Im sure that i have not assigned SPRO in that role but even it is existing when giving in command field and entering "Customizing: Execute Project" comes directly

what i did previously was...

The user came to me for assigning missing authorization object when i find out the missing ones i have given s_tabu_dis and s_tabu_cli.... Should i remove from the role.... is because of this objects the user able to run the transaction?

to Mr. Gadde

I did SUIM --- user --- by transaction authorizations

to find out spro executable for users..

I had found users and when i clicked the roles i came to know about the roles for that user. But when checking in that roles SPRO is not over there... i checked in S_tcode but in that also spro is not there..

kindly suggest a way to find out the object to remove....

Hi sreenivasan,

Cant find any other reasons other than this...but one suggestion is please do not given * access(even display also) in S_TABU_DIS,this is as per EWA from SAP.Provide nessary authorization in the above Object as per the requirement.

Rgds,

Gadde

>

> when entered spro in command field and pressed enter the user gets the inital screen of SPRO "Customizing: Execute Project"

Is there also an "IMG" button?

ya IMG button is there ... "SAP reference IMG"

Hi,

Is S_TABU_DIS is the only object corresponds to SPRO or is there any other than this ?

And i can see 3 activities in this object 02-change, 03-display,

BD-Maintain obj. in non-OwnerSys.

Please suggest me what BD activity means actually and can I assign that to S_TABU_DIS obj.

Hi Cheenu,

S_TABU_DIS & S_TABU_CLI both objects r related to SPRO only.Pls never ever give change accees in S_TABU_DIS object.

Again these Objects are not restricting SPRO access from the end user(same was confirmed in earlier post also which was raised by MUZAMMIL PATEL).

I believe pretty much covered in this post and

[;

Please check all the messages from this & above post and perform all activities one by one.

pls share again for any further doubts.

Rgds,

Gadde

Hi Gadde,

I can see 3 activities in this object 02-change, 03-display,

BD-Maintain obj. in non-OwnerSys.

Please suggest me what BD activity means actually and can I assign that to S_TABU_DIS obj.

Please let me know if there is any other objects apart from S_TABU_CLI and S_TABU_DIS

Hi All,

I found out the cause for SPRO transaction existing for user even if he is not assigned. The mistake I made was I had given * in s_tcode (2nd profile) so this allows the user to execute some more transaction which is not allowed to him. But after I removed the * the user cant able to execute any transaction thereafter.

But though I am restricting s_tabu_dis & s_tabu_cli authorization objects completely.

Note: In s_tcode if we are not assigning * then the user can only execute the transactions which is in s_tcode.

s_tcode meant for Check for transaction code at start.

Thanks to everybody who discussed with me for getting some ideas relevantly.

Hope will be getting the same kind of support in future.

Hi cheenu,

So at last ur problem solved...thats good....and did u find the meaning of : BD - Maintain obj. in non-OwnerSys in S_TABU_DIS object.what does it means and what will be impact of this activity on authorization group(DICBERCLS

).In fact i could't find any information in search forum also...

I wonder if some helps on this pls.

Can someone clarify this doubt for us...

Rgds,

Gadde.

Hi Gadde,

Thanks.....

Even I am not finding the purpose of BD - Maintain obj. in non-OwnerSys in S_TABU_DIS object. I am searching out for the meaning if found will put the same in this thread only..

As Gadde said somebody pls clarify us.