Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Blocking T-codes:MMPV, MMRV, OB52, CK40N, S_ALR_87003642, SPRO, SCC4.

Former Member

‎07-30-2008 9:49 AM

0 Kudos

Hi,

Client requirement is Blocking the t-codes (MMPV, MMRV, OB52, CK40N, S_ALR_87003642, SPRO, SCC4.)for all users except 3 main users. Please suggest how can we perform this activity.

Thanks

shrinivas.

4 REPLIES 4

jurjen_heeck
Active Contributor

‎07-30-2008 9:57 AM

0 Kudos

Just make sure they're in no role at all (and take care of underlying rights as well). Once that's secured you can create a special role for your three users....

Blocking T-codes is systemwide and mostly provides fake security. Blocking a T-code doesn't prevent the actual program from being started.

Former Member
In response to jurjen_heeck

‎07-30-2008 11:21 AM

0 Kudos

> Blocking T-codes is systemwide and mostly provides fake security. Blocking a T-code doesn't prevent the actual program from being started.

True... unless there is a call to function module AUTHORITY_CHECK_TCODE upfront in the program, in which case: potentially false.

See SAP Note 358122.

Cheers,

Julius

Former Member
In response to jurjen_heeck

‎07-31-2008 6:29 AM

0 Kudos

Hi,

By using SUIM, roles by complex selection creteria I found roles which gives access to each t-code. I found 2 or more roles for each t-code. For some roles in users tab there are no users assigned. Then I went each role in pfcg and deactivated the authrization object which are maintained in SU24 for each t-code. but I couldn't find the t-code in Menu tab to delete manually instead of deactivating auth.obj. In the Menu tab I choose find button and searched for each t-code. for some t-code it is saying not found and for some t-code it is showing pop-up menu FIND IN ROLE MENU TREE.

node MMRV close period

preceeding node other

preceeding node material master

I couldn't understand this.

And I tried using users by complex selection creteria, I found for each t-code 6-7 common users are having access.

but some of these users are not found in the roles( users tab) which I extraced using SUIM: roles by complex selection creteria. for each t-code.

Thanks,

shrinivas.

.

Former Member
In response to jurjen_heeck

‎07-31-2008 7:09 AM

0 Kudos

if the roles do not have any users assigned in the users tab , it mean that no users are getting access to these roles so you don't have to worry about these roles.

by de-activating only the auth objects you may have disabled the functionality of some other txcodes that share these common objects. This is only going to cause more problems instead of resolving your existing one.

one of the reasons you are unable to find the txcode in the menu tab is because the person who worked on that role earlier might have manually added this txcodes in S_Tcode ( could also be part of txcode range )

when you run a search and you find a pop-up, it is telling you exactly under which folder(node) the txcode exists if it is assigned via the menu.

again a user may have txcodes manually added in S_TCODE with a range.

Hope this helps in your role adventure..