Rashed's Way2SAPBASIS.com

Hi All,
I have created a role with four Tcodes-Su01,Su10,Sick,pfcg.I wanted to give full authorization to all Tcodes except display to Su10 for which i did the following

1.Created role with the above Tcodes.

2.In change authorizations --> Under the object S_USER_GRP i have restricted the field acess as Display or 03 and saved the Role.

3.When i assigned the role to a user,the user has only diplay to all the Tcodes given uder S_Tcodes,but not only to Su10.

Do i need to restrict in any other Object pls suggest if any other solution for this.

Thanks & Regards,
Sangeeth Kumar.

hi sangeeth,

check which transaction is using what objects and what should be the changes made to the particular objects and see if any other transactions are also using the same objects .

great going dude

regards
pavan

Hi Sir,
The Tcodes Su01,Su10,Sick all these transactions are from single object i.e S_Tcode.So the access denied to one transaction impacts on the entire object,so need assistance to deny access only to one particular Transaction code irrespective of the no.of objects it falls in.

Any solution or assitance to go further anticepated .

Thanks & Regards,
Sangeeth Kumar.

hi sangeet,

S_TCODE is the first line of defence in SAP security,

the field value in S_TCODE is a transaction.so if u give the transaction there,
then it will work else not

so once u have the access to the transaction u get all the related objects for the transaction.

i would suggest u to download users and roles document and go through it

regards
pavan