06-19-2008 9:15 PM
Permission granted in the ranges ffrom "S000" to "SCAT" ?
Can you suggest what TCDs are included in this range ? is SCC4 / SE06 included ?
06-19-2008 9:20 PM
HI George,
FYI from and to will work according to the assending order. In your casr to is upto SCAT. So SCC4 and SE06 follows after this range. So it won't work.
Regards,
Vasanth
06-19-2008 9:20 PM
HI George,
FYI from and to will work according to the assending order. In your casr to is upto SCAT. So SCC4 and SE06 follows after this range. So it won't work.
Regards,
Vasanth
06-19-2008 9:33 PM
Ok..good..
Now the following ranges are presnet in the role I am to edit :
FROM /A* TO R*
FROM S-32 TO SLS
FROM SNRO TO S_Y9C_34000014
FROM T* TO Z*
This is the TCD permission role which I have pulled out to restrict - I am going against SCC4 and SE06....
How Do I know if its embedded in this ?
Because with this set the user is able to execute the TCD SCC4 & SE06.
Thanks
06-19-2008 10:06 PM
HI George,
FROM /A* TO R* Consist of SCC4 & SE06. SO if you want to restrict only these two T-codes. Change the interval like this. /A* to SCC3, SCC5 to SE05,SE07 to R*.
This will restrict the mentioned above T-Codes.
Regards
Vasanth
06-19-2008 10:25 PM
What does :
FROM S-32 TO SLS
contain ..can you expalin how this is counted?
06-19-2008 11:13 PM
FROM S-32 TO SLS
Contains starting from S-32,S-33.....SLR,SLS. This renge will have those SCC4 and SE*
06-20-2008 8:24 AM
Hi George,
your question:
.......
What does :
FROM S-32 TO SLS
contain ..can you expalin how this is counted?.......
ASCI-char '-' comes before digits and characters. So that is why S-xx - SLS
includes S1,S2,SA*,.....
b.rgds, Bernhard
06-20-2008 3:01 PM
Thanks.
Juluis-- I am limiting the objects !! taking away all admin rights-
FYI- This role was created in 2000
06-22-2008 10:23 AM
>
> What does :
>
> FROM S-32 TO SLS
> contain ..can you expalin how this is counted?
Check in transaction SM01 and see what entries are between S-32 and SLS.
Otherwise you can check table TSTCT with a SE16 query with the above parameters you will only have the list of what is included in the range.
Regards fredrik
06-19-2008 11:07 PM
> george G wrote:
> Permission granted in the ranges ffrom "S000" to "SCAT" ?
>
> Can you suggest what TCDs are included in this range ? is SCC4 / SE06 included ?
I am not logged on, but I am pretty sure there is a tcode in the SB~something range which will let you start reports. From there it is very easy to access SCC4 and SE06; more so if controls are relying solely on S_TCODE.
Of course if something is dear to you (such as client maintenance and system status changes can expected to be dear) then it seems reasonable to me not to care how the user gets into using the transaction, but only that they cannot complete the function or the transaction, regardless where they are coming from (the syst fields).
Almost equaly so, if there are harder S_TCODE checks, then it appears at first to be easier to analyze and audit the access. But those easier requirements are in my opinion often smoke-screens. Why are there n-thousand auth objects in SAP??
Cheers,
Julius