cancel
Showing results for 
Search instead for 
Did you mean: 

Revoking User access to ME21N

Former Member
0 Kudos

HI Experts,

We have a client requirement that all user should not be able to work with ME21N transaction on temporary basis.

Is there any way to remove access to ME21N to all purchaseing users on temporary basis.

We also want to revert to the original where user can access and use ME21N.

So please suggest a way by which this can b achived on temporary basis and can be reverted easily if required.

Thanks in Advance

Regards

SG

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Thanks Tony

Yes please if you can provide the steps in T-code PFCG that would be really helful

I do not have much knowledge of Roles and profile so please provide the steps

Thanks

SG

Private_Member_12188
Active Participant
0 Kudos

In hindsight what S Sriram suggested would be easier, to lock the tcode in SM01, assuming it's ok to lock it for everyone.

Go to SM01, type in ME21N in the box at the bottom and hit enter.

Check the Locked box, then hit the green back arrow.

When you try to go to ME21N next you'll see that it's lock.  To reverse this, just go back into SM01 and uncheck the locked box.

If locking it for everyone won't work I can walk you through removing access from the role in PFCG (SM01 is by far easier and faster).

Private_Member_12188
Active Participant
0 Kudos

What you need to do it identify the roles that grant the authorization to that transaction.  You can do so in SUIM.

In SUIM select the below menu option

Then put in S_TCODE for object 1 and hit enter, then put in ME21N for the value

Once you have the list of roles, you will need to identify which roles your user base is using.

After you have picked the role(s) you need to edit\copy go into PFCG. 

Now here is where you have some decisions to make.  You can either edit the role then change it back or copy the role, remove the old role and add the new one to your user base.  This is up to you , either one will work.

Type in the role name.

Go to the Role Menu -> Copy

Enter in your new name and click copy all

Click the edit button (looks like a pencil)

Here is where things can get murky, if you see the transaction listed like in the screenshot below you can remove it from here, save it and regenerate the role and you're done.  Otherwise you will have to continue on down and edit the authorization object manually.

If the transaction code was not listed above go to the Authorizations tab and click on the Edit (Pencil button) for Change Authorization Data.

If you see this screen just click the red x button.  I'm doing this on a sandbox system so I'm not certain if this will pop up for you or not.

Go to Edit-> Find, type in S_TCODE in the Authorization Object field and click Find Object

You should see a screen that looks a little like this.  Click on the pencil next to the Transaction Code line.

Delete ME21N from the list and click save.  One thing to note, it is possible the the ME21N transaction is contained in a range value.  You will have to edit the range to not include ME21N.

Here is what it would look like after if ME21N were the only thing in there.

Save the role and click Generate (the red and white button)

You can now remove the old role and add the new one (or if you edited the existing role you're all set now as well).

Answers (3)

Answers (3)

Former Member
0 Kudos

Thanks Tony for such an awesome explanation and help..

When in search roles in SUIM with the way you suggested I see around 20 roles which i need to make a copy and then have to remove specific roles from user and assign the corresponding role copy.

This would be a hectic job for around 200 user base. Also it will take time to revert as well.

But if i lock this transaction no user can use it and is easily revertible. But no user can use it.

Is there a way that only three or four user can use this transaction and others cannot.

Thanks!!!!

SG

Private_Member_12188
Active Participant
0 Kudos

I don't know of a way outside of modifying the roles to accomplish what you want.  If you'd rather not make all those copies and have to reassign them, you can always just modify the existing roles.  That's probably how I would proceed were I in your situation. 

You can make a backup of the role by downloading it first to your pc.  In PFCG type in the role name, then go to the Role menu -> Download.  Save it to your PC.  To restore the role back just take the upload option.

Sriram2009
Active Contributor
0 Kudos

Hi SG

We have a client requirement that all user should not be able to work with ME21N transaction on temporary basis.

                In this case you can lock the transaction my using the T-code SM01 - select the Transaction code ME21N

Is there any way to remove access to ME21N to all purchaseing users on temporary basis.

In this case you can follow the steps told by Tony

Thanks

Sriram

Private_Member_12188
Active Participant
0 Kudos

I would do the following.

  1. Copy the role that gives them access to ME21N
  2. Remove access to ME21N in that copied role
  3. Assign the users to the new role
  4. Remove users from the original role

To switch back, just simple take the users assigned to the new role and add them back to the original.

Do you need steps on how to accomplish the above steps in PFCG?