https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935029#M1891843 <HTML><HEAD></HEAD><BODY><P>Hi Jalina,</P><P></P><P>You can try below option. </P><P></P><P><IMG class="migrated-image" src="https://community.sap.com/legacyfs/online/storage/attachments/storage/7/jiveimages/651210" width="450" /></P><P></P><P>Thanks,</P><P>Shakthi Raj Natarajan</P></BODY></HTML> Mon, 23 Feb 2015 13:37:43 GMT Former Member 2015-02-23T13:37:43Z https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935026#M1891840 <HTML><HEAD></HEAD><BODY><P>Dear BW Experts,</P><P></P><P>I want to create a role to restrict of accessing TCODE : STMS_IMPORT and STMS in Production system. I can able to create a role by adding S_TCODE. While creating the role, inclusion is available but exclution is not available. I want to create a role by restricting tcode STMS and STMS_import. How to achieve this. Please help.</P><P></P><P>Thanks.</P></BODY></HTML> Mon, 23 Feb 2015 06:57:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935026#M1891840 former_member184624 2015-02-23T06:57:16Z https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935027#M1891841 <HTML><HEAD></HEAD><BODY><P>Hi Jalina,</P><P></P><P>Currently, what is the role of the user you are referring? Why don't you edit his or copy his current role and remove the STMS_IMPORT and STMS in S_TCODE?</P><P></P><P>Regards,</P><P>Loed</P></BODY></HTML> Mon, 23 Feb 2015 07:49:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935027#M1891841 Loed 2015-02-23T07:49:32Z https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935028#M1891842 <HTML><HEAD></HEAD><BODY><P>HI,</P><P></P><P>Thanks for the reply. For the Current role, I have given access to all Tcode. I just want to restrict STMS_IMPORT. I cannot include all the TCODES in the current role. Please suggest.</P><P></P><P>Thanks.</P></BODY></HTML> Mon, 23 Feb 2015 13:11:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935028#M1891842 former_member184624 2015-02-23T13:11:01Z https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935029#M1891843 <HTML><HEAD></HEAD><BODY><P>Hi Jalina,</P><P></P><P>You can try below option. </P><P></P><P><IMG class="migrated-image" src="https://community.sap.com/legacyfs/online/storage/attachments/storage/7/jiveimages/651210" width="450" /></P><P></P><P>Thanks,</P><P>Shakthi Raj Natarajan</P></BODY></HTML> Mon, 23 Feb 2015 13:37:43 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935029#M1891843 Former Member 2015-02-23T13:37:43Z https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935030#M1891844 <HTML><HEAD></HEAD><BODY><P>This is a Basis/Security question and should ideally be posted in that SCN space. Security folks are better placed to answer this. </P></BODY></HTML> Tue, 24 Feb 2015 04:03:17 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935030#M1891844 Former Member 2015-02-24T04:03:17Z https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935031#M1891845 <HTML><HEAD></HEAD><BODY><P>Hi Jalina,</P><P>&nbsp;&nbsp;&nbsp; I wonder why would you even give access to all T codes in S_TCode, which is quite dangerous. Instead, try giving access to those T codes which is required by the user. And in case the user needs access to some critical transactions, then you may either suggest the user to use FF ID or may be you can give him/her access on temporary basis. I do not see a point in adding '*' in S_Tcode. Also I dont think it is SOX complaint.</P><P></P><P>Regards,</P><P>Mohamed Fazil </P></BODY></HTML> Tue, 24 Feb 2015 06:34:18 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935031#M1891845 Former Member 2015-02-24T06:34:18Z https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935032#M1891846 <HTML><HEAD></HEAD><BODY><DIV><P>All transaction codes in production !! You might to review the security design and give them what is needed versus give all and then restrict on few. </P></DIV></BODY></HTML> Sat, 28 Feb 2015 13:58:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935032#M1891846 Former Member 2015-02-28T13:58:24Z https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935033#M1891847 <HTML><HEAD></HEAD><BODY><P>Hi Jalina</P><P></P><PRE><CODE><SPAN style="color: #333333; font-size: 12px;">but exclution is not available</SPAN></CODE></PRE><P><SPAN style="color: #333333; font-size: 12px;"><BR /></SPAN></P><P><SPAN style="color: #333333; font-size: 12px;"><BR /></SPAN></P><P><SPAN style="color: #333333; font-size: 12px;">SAP Security role authorisation concept does not cater for exclusion values or ranges</SPAN></P><P><SPAN style="color: #333333; font-size: 12px;"><BR /></SPAN></P><P><SPAN style="color: #333333; font-size: 12px;">If you are not a security person, I recommend you look at the ADM940 or help.sap.com for Authorisations Concept or discuss your requirements with your Security contact.</SPAN></P><P><SPAN style="color: #333333; font-size: 12px;"><BR /></SPAN></P><P><SPAN style="color: #333333; font-size: 12px;">Regards</SPAN></P><P><SPAN style="color: #333333; font-size: 12px;">Colleen<BR /></SPAN></P></BODY></HTML> Thu, 05 Mar 2015 07:17:04 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restricting-tcode-using-roles/m-p/10935033#M1891847 Colleen 2015-03-05T07:17:04Z