topic Re: Exclude from All authorazation in Application Development and Automation Discussions

Exclude from All authorazation

Former Member — Tue, 21 Apr 2009 06:57:49 GMT

Dear Team,

I have to given authorazation that are start with Z.i,e Z* to so many users..But now I want to exculde only two transastion Authorazation i.e ZRABC & ZRXYZ.

How I can exclude these two transastion from Z*.

Thanks

Moni

Re: Exclude from All authorazation

Former Member — Tue, 21 Apr 2009 07:12:35 GMT

You canu2019t enter the T-codes like z* in Role menu you have to enter full T-Codes.

But You can enter like this in object level under S_Tcode

You can restrict like below

Add object S_tcode manually

Under that object enter

From za* to zw*

Again from zs* to zz*

In this you can restrict zr*

In this way you can avoide which is not required.

You canu2019t restrict except

Re: Exclude from All authorazation

jurjen_heeck — Tue, 21 Apr 2009 07:25:41 GMT

> How I can exclude these two transastion from Z*.

There have been quite a few discussions about this and the basic answer is:"you cannnot":. SAP security is about allowing stuff, not denying.

As Ravi pointed out, working with ranges may be an option. One additional advice from me: Test your ranges by entering them into the SE16 selection screen for table TSTC to see if the range really suits your needs.

Re: Exclude from All authorazation

Former Member — Tue, 21 Apr 2009 08:07:12 GMT

Perhaps you realize now that using ranges was a design error to begin with...

Another "trick" is to add an additional authorization object to the transactions in SE93, which checks something which only the correct users are authorized for.

Cheers,

Julius

Re: Exclude from All authorazation

Former Member — Tue, 21 Apr 2009 09:21:20 GMT

Yaa I have given in S_Tcode.

Now I will assign range for Z tcode.

Thanks for your nice reply.

Moni

Re: Exclude from All authorazation

Former Member — Fri, 08 May 2009 09:34:28 GMT

thanks for nice reply.

My problem has been solved

Moni