Question:
Is it possible to limit the authorization to access any configuration path from IMG?
What I mean is not just blocking SPRO as the users can still go to those customizing transaction directly or access via SM31 customising. In addition, we cannot block table maintenance as we will like to let the users to maintain entries for customized table.
Furthermore, we cannot use the option to set client setting to block the whole client from customizing changes as we need the users to create MRU/ portions.
Thanks a lot for your help in advance.
Answer:
Furthermore, we cannot use the option to set client setting to block the whole client from customizing changes as we need the users to create MRU/ portions.
Are you trying to tell us that your production client is not blocked for customizing ? I don't know what MRU / portions are but have you checked if these are "current settings" or can be configured to be? These settings are allowed to change even if customizing is blocked in this client. It is, however, necessary that the client role be set to "P" in table T000 in order for this to work.
You may, of course, also try to achieve your goal via authorizations, but in my eyes this is not really feasible, at least it will not be reliably secure.
Hope that helps,
Marc
Answer:
THe IMG is a fancy menu tree that calls transactions. you can limit access to "menu paths" in th eIMG by controlling access tot eh tcodes and tot he tables. THe table control is based on S_TABU_DIS and the auth group on the table. once you control the suth group you have full access to the table controlled regardless of how they get to it.