02-23-2015 6:57 AM
Dear BW Experts,
I want to create a role to restrict of accessing TCODE : STMS_IMPORT and STMS in Production system. I can able to create a role by adding S_TCODE. While creating the role, inclusion is available but exclution is not available. I want to create a role by restricting tcode STMS and STMS_import. How to achieve this. Please help.
Thanks.
02-23-2015 7:49 AM
Hi Jalina,
Currently, what is the role of the user you are referring? Why don't you edit his or copy his current role and remove the STMS_IMPORT and STMS in S_TCODE?
Regards,
Loed
02-23-2015 7:49 AM
Hi Jalina,
Currently, what is the role of the user you are referring? Why don't you edit his or copy his current role and remove the STMS_IMPORT and STMS in S_TCODE?
Regards,
Loed
02-23-2015 1:11 PM
HI,
Thanks for the reply. For the Current role, I have given access to all Tcode. I just want to restrict STMS_IMPORT. I cannot include all the TCODES in the current role. Please suggest.
Thanks.
02-23-2015 1:37 PM
02-24-2015 4:03 AM
This is a Basis/Security question and should ideally be posted in that SCN space. Security folks are better placed to answer this.
02-24-2015 6:34 AM
Hi Jalina,
I wonder why would you even give access to all T codes in S_TCode, which is quite dangerous. Instead, try giving access to those T codes which is required by the user. And in case the user needs access to some critical transactions, then you may either suggest the user to use FF ID or may be you can give him/her access on temporary basis. I do not see a point in adding '*' in S_Tcode. Also I dont think it is SOX complaint.
Regards,
Mohamed Fazil
02-28-2015 1:58 PM
All transaction codes in production !! You might to review the security design and give them what is needed versus give all and then restrict on few.
03-05-2015 7:17 AM
Hi Jalina
but exclution is not available
SAP Security role authorisation concept does not cater for exclusion values or ranges
If you are not a security person, I recommend you look at the ADM940 or help.sap.com for Authorisations Concept or discuss your requirements with your Security contact.
Regards
Colleen