Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Restricting Tcode using Roles

Go to solution
former_member184624
Participant

‎2015 Feb 23 6:57 AM

0 Likes
3,501

Dear BW Experts,

I want to create a role to restrict of accessing TCODE : STMS_IMPORT and STMS in Production system. I can able to create a role by adding S_TCODE. While creating the role, inclusion is available but exclution is not available. I want to create a role by restricting tcode STMS and STMS_import. How to achieve this. Please help.

Thanks.

1 ACCEPTED SOLUTION
Read only

Go to solution
Loed
Active Contributor

‎2015 Feb 23 7:49 AM

0 Likes
1,965

Hi Jalina,

Currently, what is the role of the user you are referring? Why don't you edit his or copy his current role and remove the STMS_IMPORT and STMS in S_TCODE?

Regards,

Loed

7 REPLIES 7
Read only

Go to solution
Loed
Active Contributor

‎2015 Feb 23 7:49 AM

0 Likes
1,966

Hi Jalina,

Currently, what is the role of the user you are referring? Why don't you edit his or copy his current role and remove the STMS_IMPORT and STMS in S_TCODE?

Regards,

Loed

Read only

Go to solution
former_member184624
Participant
In response to Loed

‎2015 Feb 23 1:11 PM

0 Likes
1,965

HI,

Thanks for the reply. For the Current role, I have given access to all Tcode. I just want to restrict STMS_IMPORT. I cannot include all the TCODES in the current role. Please suggest.

Thanks.

Read only

Go to solution
Former Member
In response to Loed

‎2015 Feb 23 1:37 PM

0 Likes
1,965

Hi Jalina,

You can try below option.

Thanks,

Shakthi Raj Natarajan

Preview file
43 KB
Read only

Go to solution
Former Member

‎2015 Feb 24 4:03 AM

0 Likes
1,965

This is a Basis/Security question and should ideally be posted in that SCN space. Security folks are better placed to answer this.

Read only

Go to solution
Former Member

‎2015 Feb 24 6:34 AM

0 Likes
1,965

Hi Jalina,

    I wonder why would you even give access to all T codes in S_TCode, which is quite dangerous. Instead, try giving access to those T codes which is required by the user. And in case the user needs access to some critical transactions, then you may either suggest the user to use FF ID or may be you can give him/her access on temporary basis. I do not see a point in adding '*' in S_Tcode. Also I dont think it is SOX complaint.

Regards,

Mohamed Fazil

Read only

Go to solution
Former Member

‎2015 Feb 28 1:58 PM

0 Likes
1,965

All transaction codes in production !! You might to review the security design and give them what is needed versus give all and then restrict on few.

Read only

Go to solution
Colleen
Product and Topic Expert
Product and Topic Expert

‎2015 Mar 05 7:17 AM

0 Likes
1,965

Hi Jalina

but exclution is not available



SAP Security role authorisation concept does not cater for exclusion values or ranges


If you are not a security person, I recommend you look at the ADM940 or help.sap.com for Authorisations Concept or discuss your requirements with your Security contact.


Regards

Colleen