Question:
Hey There,
Is there a way to exclude a value in an auth obj when setting the values?
Example: I'm trying to restrict S_TABU_DIS to allow certain people to see all the auth groups except SS. If someone creates an auth group in the system, we still want the people with this role to see the added group without us going back into the role and adding the value via pfcg.
Something like '*', but just don't allow access to auth group SS. Is there a way?
Help please
Thanks
Answer:
If someone creates an auth group in the system, we still want the people with this role to see the added group without us going back into the role and adding the value via pfcg.
Search the site for "design error".
You need to control the groups and access to the groups as a positive list, not negative list them by ranging to be lazy. It will bit you in the bum.
Help please
Thanks
Help yourself via the search function for more information if you want a cure.
Answer:
Try the values to be included - 00 to SR and ST to ZZ
This way you exclude SS.
_________________
SAPFAN
Answer:
As posted you do not exclude values you range arround.
For non-basis access you need ( note this give access to &NC& which you should branch arround also) [Basis = SS an SC)
$ to SB*
SD to SR*
ST to Z*
If you have HR you need to branch arround PA and PC.
To test the sort SAP uses enter the special characters in the authorization and see how the sort when you save the entry, then create a "from-to" to skip the values.