https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683226#M620408 <HTML><HEAD></HEAD><BODY><P>HI sapians,</P><P></P><P>I have a scenario, where in which the roles contains 2 transactions SU01 and SU10 , i want the user to have only display access for SU01 where he will have all access except display for SU10.i dont want to replace SU01 BY SU01D Tx .i want to create this scenario.can u please explain me how to do this works as both the transactions use the same object S_USER_GRP.</P><P>regards</P><P>pavan</P></BODY></HTML> Sun, 12 Aug 2007 09:51:36 GMT Former Member 2007-08-12T09:51:36Z https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683226#M620408 <HTML><HEAD></HEAD><BODY><P>HI sapians,</P><P></P><P>I have a scenario, where in which the roles contains 2 transactions SU01 and SU10 , i want the user to have only display access for SU01 where he will have all access except display for SU10.i dont want to replace SU01 BY SU01D Tx .i want to create this scenario.can u please explain me how to do this works as both the transactions use the same object S_USER_GRP.</P><P>regards</P><P>pavan</P></BODY></HTML> Sun, 12 Aug 2007 09:51:36 GMT https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683226#M620408 Former Member 2007-08-12T09:51:36Z https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683227#M620409 <HTML><HEAD></HEAD><BODY><P>Pavan,</P><P>Regardless of how you configure your roles you must remember that instances of objects are merged into the user buffer at login. Therefore a transactions that share objects can potentially have access they weren't intended to, although this is why you can have multiple instances of the same object. However because there is no link between which transaction is checking the object and its configuration you cannot segregate them.</P><P></P><P>Therefore it is not possible to segregate this kind of scenario, and as SU10 basically allows the same change abilities as SU01 it is not (in my opinion) a valid scenario. </P><P></P><P>If you have a User Administrator they should have both, everyone else shouldn't have either with change, this is a part of SoD (Segregation of Duty).</P><P></P><P>I hope this helps.</P><P></P><P>Regards</P><P>Ashley</P></BODY></HTML> Sun, 12 Aug 2007 12:55:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683227#M620409 Former Member 2007-08-12T12:55:03Z https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683228#M620410 <HTML><HEAD></HEAD><BODY><P>HI ashley,</P><P>I know its not a valid scenario , but that my requirement. what is the way out now...?</P><P>regards</P><P>pavan</P></BODY></HTML> Mon, 13 Aug 2007 19:42:52 GMT https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683228#M620410 Former Member 2007-08-13T19:42:52Z https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683229#M620411 <HTML><HEAD></HEAD><BODY><P>Hi Pavan,</P><P>Can you implement a user´s administration based on different user groups?.</P><P></P></BODY></HTML> Mon, 13 Aug 2007 19:48:51 GMT https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683229#M620411 Former Member 2007-08-13T19:48:51Z https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683230#M620412 <HTML><HEAD></HEAD><BODY><P>Hi Pavan,</P><P>The only way i can see for you is to create a customized ABAP, with your own customized Authorization Objects.</P><P></P><P>You can then specify the transaction to do exactly what you want and control its authorizations completely separately to the SAP standard transactions.</P><P></P><P>Hope this helps you.</P><P></P><P>Regards</P><P>Ashley</P></BODY></HTML> Mon, 13 Aug 2007 20:49:55 GMT https://community.sap.com/t5/application-development-and-automation-discussions/solution-please/m-p/2683230#M620412 Former Member 2007-08-13T20:49:55Z