02-15-2008 1:27 PM
Hi Gurus,
I have to remove SPRO transaction from a role but this transaction is not assigned in that role though it is existing
please suggest me how to remove it
02-15-2008 1:36 PM
have you looked at the possibility that it may be included in a range of T-codes in the S_TCODE object?
02-15-2008 1:39 PM
ya i have checked thoroughly in S_tcode it is not over there but when checking with SUIM for SPRO i got a role which has got SPRO authorization ,... how to remove this
02-15-2008 2:24 PM
I have used function module SUSR_SYNC_USER_TABLES with table type = X successfully in the past to sync the USR* tables with the UST* tables which SUIM reports out of.
If you can't find SPRO in the menu or S_TCODE of the role, or in the S_TCODE object in the generated profile for the role (tx SU02) then I suggest that SUIM is not reporting the right info (not uncommon)
02-15-2008 2:31 PM
Which release level are you on?
Ask the user to enter 'SPRO' in the ok-code field and hit Enter. What happens?
Cheers,
Julius
02-16-2008 3:34 AM
640 final release
when entered spro in command field and pressed enter the user gets the inital screen of SPRO "Customizing: Execute Project"
what should i do ?
02-16-2008 5:16 AM
Hi,
In My opinion, Lets get to the fundamentals --
A. For a TCD to execute it ought to be present in S_TCODE Object.
B. IF the role is devoid of SPRO in S_TCode object and the USer is able to execute , then two things;
1.The User has another role that permits the SPRO
2. You need to relook again -as I suspect You have not looked well for S_TCODE with SPRO written there.
Thanks
02-16-2008 5:40 AM
For your information
1.the user doesnt have spro assigned to any other roles.
2.in s_tcode, spro is not written there.. should i write spro? in what way?
02-16-2008 5:44 AM
Hi,
I hope u have checked for wild characters and ranges in S_TCODE.
Regards,
Sachin
02-16-2008 5:50 AM
Hi sreenivasan,
As george suggested,please look for each role which contains list of transactions from SUIM - path is USER INFORMATION SYSTEM->TRANSACTIONS->EXECUTABLE FOR ROLE.Enter each individual role here and check for transactions.If u find SPRO in a particular role,then check for ranges(S*) in S_TCODE object.
If u gave SPRO through MENU (earlier),then u have to check the NODE for SPRO in the role menu and delete it(as u may know u can't delete from S_TCODE object in this case).
If ur problem still exists,please come bach with some more details like what activities u performed to find SPRO.That helps for us also in future.
Rgds,
Gadde.
02-16-2008 5:55 AM
Did u checked for S* in all roles??
If yes,
then check for PROFILE tab in SU01 once for full authorizations(like SAP_ALL & SAP_NEW).
Rgds.
02-16-2008 6:05 AM
If should find an answer to the pblm you are facing in these posts ..else keep repeating the steps again.These posts have covered pretty much every thing !
02-16-2008 6:41 AM
Im sure that i have not assigned SPRO in that role but even it is existing when giving in command field and entering "Customizing: Execute Project" comes directly
what i did previously was...
The user came to me for assigning missing authorization object when i find out the missing ones i have given s_tabu_dis and s_tabu_cli.... Should i remove from the role.... is because of this objects the user able to run the transaction?
to Mr. Gadde
I did SUIM --- user --- by transaction authorizations
to find out spro executable for users..
I had found users and when i clicked the roles i came to know about the roles for that user. But when checking in that roles SPRO is not over there... i checked in S_tcode but in that also spro is not there..
kindly suggest a way to find out the object to remove....
02-16-2008 11:00 AM
Hi sreenivasan,
Cant find any other reasons other than this...but one suggestion is please do not given * access(even display also) in S_TABU_DIS,this is as per EWA from SAP.Provide nessary authorization in the above Object as per the requirement.
Rgds,
Gadde
02-16-2008 8:47 PM
>
> when entered spro in command field and pressed enter the user gets the inital screen of SPRO "Customizing: Execute Project"
Is there also an "IMG" button?
02-18-2008 4:05 AM
02-18-2008 4:19 AM
Hi,
Is S_TABU_DIS is the only object corresponds to SPRO or is there any other than this ?
And i can see 3 activities in this object 02-change, 03-display,
BD-Maintain obj. in non-OwnerSys.
Please suggest me what BD activity means actually and can I assign that to S_TABU_DIS obj.
02-18-2008 5:26 AM
Hi Cheenu,
S_TABU_DIS & S_TABU_CLI both objects r related to SPRO only.Pls never ever give change accees in S_TABU_DIS object.
Again these Objects are not restricting SPRO access from the end user(same was confirmed in earlier post also which was raised by MUZAMMIL PATEL).
I believe pretty much covered in this post and
Please check all the messages from this & above post and perform all activities one by one.
pls share again for any further doubts.
Rgds,
Gadde
02-18-2008 6:43 AM
Hi Gadde,
I can see 3 activities in this object 02-change, 03-display,
BD-Maintain obj. in non-OwnerSys.
Please suggest me what BD activity means actually and can I assign that to S_TABU_DIS obj.
Please let me know if there is any other objects apart from S_TABU_CLI and S_TABU_DIS
02-20-2008 5:00 AM
Hi All,
I found out the cause for SPRO transaction existing for user even if he is not assigned. The mistake I made was I had given * in s_tcode (2nd profile) so this allows the user to execute some more transaction which is not allowed to him. But after I removed the * the user cant able to execute any transaction thereafter.
But though I am restricting s_tabu_dis & s_tabu_cli authorization objects completely.
Note: In s_tcode if we are not assigning * then the user can only execute the transactions which is in s_tcode.
s_tcode meant for Check for transaction code at start.
Thanks to everybody who discussed with me for getting some ideas relevantly.
Hope will be getting the same kind of support in future.
02-20-2008 5:02 AM
02-20-2008 5:20 AM
Hi cheenu,
So at last ur problem solved...thats good....and did u find the meaning of : BD - Maintain obj. in non-OwnerSys in S_TABU_DIS object.what does it means and what will be impact of this activity on authorization group(DICBERCLS
).In fact i could't find any information in search forum also...
I wonder if some helps on this pls.
Can someone clarify this doubt for us...
Rgds,
Gadde.
02-20-2008 7:14 AM
Hi Gadde,
Thanks.....
Even I am not finding the purpose of BD - Maintain obj. in non-OwnerSys in S_TABU_DIS object. I am searching out for the meaning if found will put the same in this thread only..
As Gadde said somebody pls clarify us.