Question:
Hi all:
I was told to limit the usage of VA32 for all users except for those from market dept. I found all activity groups assigned with VA32 and removed VA32 with PG and then re-generated the authorization profile of each activity group.
When i search for activity groups with VA32 no one has been found, however, there are still a lot of users that have the VA32 usage, why?
Answer:
Although you removed VA32 from the users they still have acces to VA32.The reason for this is that it still exists under TCODE. Check and remove from TCODE then your problem will be resolved.
Answer:
Although you removed VA32 from the users they still have acces to VA32.The reason for this is that it still exists under TCODE. Check and remove from TCODE then your problem will be resolved.
where should i remove VA32 from? Can you give me the detailed steps?
Answer:
Although you removed VA32 from the users they still have acces to VA32.The reason for this is that it still exists under TCODE. Check and remove from TCODE then your problem will be resolved.
where should i remove VA32 from? Can you give me the detailed steps?
Answer:
First of all I hope you have a list of all the roles that contained VA32.
Then you go to all the roles that had VA32 and open up the authorisations.
Under Cross-Applications Authorisation Objects(AAAB) you will find Authorisation Check For Transacion Start(S_TCODE).Open this and you will get a list of transactions.Look for VA32 and remove.
Good Luck.
Answer:
Surely that shouldn't be done unless the status of the S_TCODE authorisation has the status "maintained" or "Manual".
Removing it from the menu should also remove it from the S_TCODE unless it has been changed manually. You should never manually modify the S_TCODE. If you need to add other transactions directly through the object, a new authorisation should be added manually
Answer:
Trust me. Removing the transaction from the menu does not necessary mean that it's removed from the S_TCODE as well. I learnt the hard way.Anyway the S_TCODE belongs to you cos you created the roles with transactions and you can do whatever you want with it. It's not going to harm anyone.
BTW you are missing the point. Whether the S_TCODE status is 'maintained' or 'manually' does not mean anything. The moment you add a transaction via the menu it updates S_TCODE which brings me back to my first sentence above.Just follow my advice to make your job a lot easier.
Answer:
A transaction can be in S_TCODE by three ways
1. A manual S_TCODE exists and the tcode was added manually
2. THe tcode is in the menu
3. Someone configured another tcode in SU24 to ADD the unwanted tcode in S_TCODE when the other tcode is added to the menu.
THe user can RUN the tcode if
1. the user has access to S_TCODE recardless of where it comes from, any role containing the tcode, a profile, reference user or its equivalence
2. The sytem parameter excludes the tcode ( generally reserved for SU53 and SU56)
3. THe tcode is accessed via CALL TRANSACTION from another tcode and SE97 has the S_TOCDE turned off.
Any number of the above can be causing the porblem...
you can find the answer using SU24, PFCG's overview icon in th erole, or the onld OPF0 Information ->overview->profile or if you have just synced your USTxx table and all your roles are freshly generated SUIM
Answer:
Guest, Don't think I'm missing the point here... I have done this for some time and have usually managed to find a solution to my problems of this sort. What I described is what I have experienced. But SAP works in mysterious ways sometimes. Just offering my experience of the best/easiest way of doing things. Best meaning what I have found works best...
Answer:
Did not mean to jump onto you like that.[missing the point].
BTW did you see my posting 'MASS DELETE OF ROLES'. I seriously need help on that one.[/quote]
Answer:
Since i have removed VA32 from all user roles containing this tcode, i can not get the original user roles list found before, so what can i do next?
Answer:
Hi all
Thanks a lot!
I have removed VA32 from S_TCODE with each activity groups and then re-generated the profiles and the problem has been resolved.
During this period, the report tree of "AUTH" help me a lot with the information of activity groups,profiles and transactions and users.