Question:
Dear Basis Gurus,
We created some of the roles restricting at organizational level thus allowing almost all the transactions except BASIS,HR,CO.
Thus all the users who are assigned to this roles are able to get into all the transactions.
Now we need to restrict some of the transactions in this role.
Whether there is any way to restrict some of the transactions in this role as existing roles shows S_TCODE = $*, /*, 0-9*, @*, A-O*, P0-P9*, PB-PFCF*, PFCH-R*, T-Z*
Transactions that need to be restricted are in random in order to restrict at S_TCODE.
Wondering whether we can restrict at any authorization object as we assigned at object S_TCODE.
Or else we need go for separate roles by including only those transactions that users need.
Regards
SRI123
Answer:
Or else we need go for separate roles by including only those transactions that users need.
That's the best way to do it.
Answer:
Providing From-to ranges is a way to limit the starting of tcodes directly and is the easiest way, however it is not sufficient from controlling access to the business processes you want to contol. You will also need to remove the Authorization Object associated with the functionality you want to control. Reason is the user may be able to get to the functionality you want to control with a tcode you gave them. They do not need the tcode.
_________________
John A. Jarboe