Skip to Content
avatar image
Former Member

Revoking User access to ME21N

HI Experts,

We have a client requirement that all user should not be able to work with ME21N transaction on temporary basis.

Is there any way to remove access to ME21N to all purchaseing users on temporary basis.

We also want to revert to the original where user can access and use ME21N.

So please suggest a way by which this can b achived on temporary basis and can be reverted easily if required.

Thanks in Advance

Regards

SG

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Jun 21, 2013 at 01:27 PM

    Thanks Tony

    Yes please if you can provide the steps in T-code PFCG that would be really helful

    I do not have much knowledge of Roles and profile so please provide the steps

    Thanks

    SG

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      What you need to do it identify the roles that grant the authorization to that transaction.  You can do so in SUIM.

      In SUIM select the below menu option

      Then put in S_TCODE for object 1 and hit enter, then put in ME21N for the value

      Once you have the list of roles, you will need to identify which roles your user base is using.

      After you have picked the role(s) you need to edit\copy go into PFCG. 

      Now here is where you have some decisions to make.  You can either edit the role then change it back or copy the role, remove the old role and add the new one to your user base.  This is up to you , either one will work.

      Type in the role name.

      Go to the Role Menu -> Copy

      Enter in your new name and click copy all

      Click the edit button (looks like a pencil)

      Here is where things can get murky, if you see the transaction listed like in the screenshot below you can remove it from here, save it and regenerate the role and you're done.  Otherwise you will have to continue on down and edit the authorization object manually.

      If the transaction code was not listed above go to the Authorizations tab and click on the Edit (Pencil button) for Change Authorization Data.

      If you see this screen just click the red x button.  I'm doing this on a sandbox system so I'm not certain if this will pop up for you or not.

      Go to Edit-> Find, type in S_TCODE in the Authorization Object field and click Find Object

      You should see a screen that looks a little like this.  Click on the pencil next to the Transaction Code line.

      Delete ME21N from the list and click save.  One thing to note, it is possible the the ME21N transaction is contained in a range value.  You will have to edit the range to not include ME21N.

      Here is what it would look like after if ME21N were the only thing in there.

      Save the role and click Generate (the red and white button)

      You can now remove the old role and add the new one (or if you edited the existing role you're all set now as well).

      Capture.PNG (11.4 kB)
      Capture1.PNG (20.4 kB)
      Capture2.PNG (9.6 kB)
      Capture4.PNG (17.1 kB)
      Capture5.PNG (9.9 kB)
      Capture6.PNG (14.8 kB)
      Capture7.PNG (30.7 kB)
      Capture8.PNG (28.0 kB)
      Capture10.PNG (9.2 kB)
      Capture11.PNG (15.6 kB)
      Capture12.PNG (1.4 kB)
      Capture13.PNG (4.1 kB)
      Capture99.PNG (18.9 kB)
      find.PNG (13.5 kB)
  • avatar image
    Former Member
    Jun 21, 2013 at 11:49 AM

    I would do the following.

    1. Copy the role that gives them access to ME21N
    2. Remove access to ME21N in that copied role
    3. Assign the users to the new role
    4. Remove users from the original role

    To switch back, just simple take the users assigned to the new role and add them back to the original.

    Do you need steps on how to accomplish the above steps in PFCG?

    Add comment
    10|10000 characters needed characters exceeded

  • Jun 21, 2013 at 12:08 PM

    Hi SG

    We have a client requirement that all user should not be able to work with ME21N transaction on temporary basis.

                    In this case you can lock the transaction my using the T-code SM01 - select the Transaction code ME21N

    Is there any way to remove access to ME21N to all purchaseing users on temporary basis.

    In this case you can follow the steps told by Tony

    Thanks

    Sriram

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 24, 2013 at 10:58 AM

    Thanks Tony for such an awesome explanation and help..

    When in search roles in SUIM with the way you suggested I see around 20 roles which i need to make a copy and then have to remove specific roles from user and assign the corresponding role copy.

    This would be a hectic job for around 200 user base. Also it will take time to revert as well.

    But if i lock this transaction no user can use it and is easily revertible. But no user can use it.

    Is there a way that only three or four user can use this transaction and others cannot.

    Thanks!!!!

    SG

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      I don't know of a way outside of modifying the roles to accomplish what you want.  If you'd rather not make all those copies and have to reassign them, you can always just modify the existing roles.  That's probably how I would proceed were I in your situation. 

      You can make a backup of the role by downloading it first to your pc.  In PFCG type in the role name, then go to the Role menu -> Download.  Save it to your PC.  To restore the role back just take the upload option.